Úna Dillon of the Merchant Risk Council to build a global anti-fraud network

In this episode of the Payments Powerhouses series, we talk to Úna Dillon of the Merchant Risk Council about how she advocates for merchants and builds a global community of businesses.

Úna Dillon is the Vice President of Global Development and Advocacy at the Merchant Risk Council, with extensive experience in payment regulation, fraud prevention, and financial services strategy. The Merchant Risk Council is a global non-profit organization based in Dublin, Ireland, that provides a platform for the exchange of fraud prevention and payment information for the e-commerce industry. Úna joined the Merchant Risk Council (MRC) in 2016 and also serves as a special advisor to the European Commission's Payment Systems Market Expert Group.

Úna, welcome to the Payments Powerhouses. As a professional who travels a lot, do you have multilingual skills? Do you have a favorite word or phrase?

Úna: Actually, I speak five languages! In Ireland, we speak English and Irish on a daily basis, and I also learned French. Irish is easy to learn because it has many similarities to Latin, and I also speak Italian and Spanish. I think the most important phrase in any language is “thank you” and we should say it more often. In fact, I’ve studied it and now know how to say it in 55 languages. It took me a long time to learn how to say “thank you” in Turkish (Teşekkür ederim) because it’s longer than in most languages. I also love Thai (khaawp khun ka). Learning to say “thank you” in different languages is always helpful when traveling.

In addition to being fluent in multiple languages, you have 27 years of experience in the payments industry. Can you share your career journey and how you came to join the Merchant Risk Committee?

I studied Mathematics, Physics and Economics at university and was fortunate to join Bank of Ireland after graduation. I was directly involved in the chargeback department, which exposed me to the two core aspects of the business: issuing and acquiring. That was 27 years ago, and before computers were common, we had Visa and Mastercard brochures on our desks, and we had to memorize them. This experience laid a solid foundation for me to enter the payment industry and gave me a deep understanding of the complex relationship between issuers, acquirers, merchants and consumers.

Later, part of the Bank of Ireland business was acquired by a US bank, and some of our employees were transferred to the acquiring business. After a few years in the acquiring business, I took over as General Manager of a national debit card organization, which was the only national debit card organization in Ireland at the time. I then started my own consulting company, dedicated to building a bridge between emerging payment companies and venture capital institutions, especially venture capital institutions interested in new payment products and Irish companies.

Before joining the Merchant Risk Council, I was deeply attracted by the industry network it had built. As a 22-year-old organization, the Merchant Risk Council is trying to replicate its successful model in the United States in Europe. About seven years ago, the current CEO of the Merchant Risk Council and a founding member of the Merchant Risk Council asked me to take on the role of Managing Director, and I jumped at the challenge.

Our members had been calling out, “We need the Merchant Risk Council in Asia Pacific.” So we launched in July 2021 with a goal of onboarding 50 new members within a year. To our surprise, in just three months, we had 430 new members, which is a meteoric rise!

The beauty of the Merchant Risk Council is that it is a not-for-profit organization that is fully committed to the payments and fraud protection space, and we are proud to call ourselves “the experts in the payments world”! The core purpose of our organization is to build a platform for all participants in the payments ecosystem to exchange ideas and work together on payment operations, fraud protection, risk management, and network building.

What exactly does your job description include as Vice President of Global Development and Advocacy?

My responsibilities extend far beyond the boundaries of my job title. As the most senior employee in the organization, I am deeply involved in many aspects of business operations, not only leading the board management work, but also actively participating in key functions such as event planning, brand marketing and customer service.

In the journey of driving global business growth, I focus on exploring and implementing strategies, identifying and building communication bridges with key partners to ensure steady expansion in target markets. 85% of the world's leading e-commerce brands have become members of the Merchant Risk Committee, including industry giants such as Netflix, Google, Microsoft, Amazon, Adidas, etc. Our strategic deployment in Singapore is undoubtedly a wise move given the deep roots of many members and potential customers in the Asia-Pacific region. But we do not intend to simply copy the successful model in the United States. We want to listen to and meet the actual needs of the local market. In order to better integrate into the Asia-Pacific region, we have specially hired two co-consultants from member companies. They will spare a few hours a week to provide us with valuable advice on regional hot issues. In addition, we have also formed an Asia-Pacific Advisory Committee composed of eight merchants and eight major solution providers, which meets regularly every month to discuss regional development strategies together.

In addition to deepening our presence in Southeast Asia, we are planning to enter Latin America, with plans to set up a presence in Miami first, with a focus on the Brazilian market in the first year. After Latin America, our strategic vision will turn to India and Africa. The general impression of me is that I am a leader who is actively expanding my global influence. With our passion for the payment industry and fraud prevention, we are committed to extending the influence of the Merchant Risk Committee to every corner of the world and building our community into a global community with a physical presence.

In terms of advocacy, our mission is to collect the collective demands of merchant members and convey them to policymakers, standard setting bodies and regulators. We have been strengthening this work in the past two years. By becoming a member of the Payment System Market Expert Group (PSMEG), we have a voice in regulatory decision-making and can provide professional advice to the European Commission on regulatory policies related to the payment industry and payment fraud prevention. We have also established a merchant-issuer executive committee, which convenes issuers and merchants to hold meetings every month to discuss in depth major issues such as regulatory compliance and card organization rules. For example, we have been working closely with Visa and Mastercard to address friendly fraud, now known as first-party abuse. Visa recently announced that it will implement a change to its chargeback dispute mechanism in April next year, giving merchants the right to directly dispute chargeback transactions.

Faced with many challenges in the industry, we hope to help e-commerce merchants understand the current situation and clarify the actions they should take to jointly optimize the payment ecosystem, thereby creating a more mutually beneficial payment environment for consumers and merchants.

What industry gaps and urgent needs does the Merchant Risk Council aim to fill?

Recently, when I was communicating with a local merchant member, they compared the Merchant Risk Council to a warm family. This metaphor touched me deeply! We are surprised to find that new members can quickly use the industry common language to communicate deeply when they first participate in our activities.

This means that when you join the Merchant Risk Council, you will find yourself in a community that deeply understands payments and fraud prevention. Even many people from leading global brands have expressed that they have benefited greatly from the Merchant Risk Council community and gained comprehensive industry insights.

We take education very seriously. To this end, we have built a series of educational modules covering fraud prevention, payment operations, chargeback processing, and emerging payment methods such as "buy now, pay later" (BNPL) and cryptocurrencies. Many new employees can quickly grasp the essence of the business through participating in the MRC RAPID Edu training program. In addition, we have pioneered the industry's first standardized payment and fraud prevention qualification program, which aims to help merchants improve their business competitiveness and operational efficiency. There are few professional courses in school education specifically for payment operations, risk management and fraud prevention. Most people join this industry by chance. This program is aimed at those who are in the payment and fraud prevention industry or those who are interested in getting involved in this field, providing them with a professional growth and development platform.

Our global community brings together countless dynamic information and cooperation opportunities, which is vital to the payment industry. We are open 24 hours a day and serve as a hub for payment and fraud information and educational resources. We have set up online community forums and Slack communication platforms to connect representatives from regulators, issuers, merchants, solution providers and card organizations, so that our members can participate in discussions on various topics that are closely related to them at any time.

We also host a number of events, including five major annual conferences. Our flagship conference, held in Las Vegas in March, features a global agenda, as well as more regionally focused sessions.

Next up, in late October, is the highly anticipated Merchant Risk Council Singapore Conference, a two-and-a-half-day event that showcases our unique organization and the core values of the Merchant Risk Council. Unlike other industry conferences, our conferences are strictly prohibited from any form of sales pitch. Although many well-known brands will be present at the conference, their purpose is to educate and inspire the audience, not to promote or sell products (those who violate this rule will be "blacklisted"). We have set up a dedicated sales space in the exhibition area, providing an ideal platform for attendees who want to learn more about suppliers or share their experience with other merchants using solution providers.

In addition, this year we co-authored a detailed research report on payment and fraud challenges in Asia Pacific with Antom subsidiary 2C2P. We plan to officially launch this heavyweight report at the upcoming conference and believe that it will bring new insights to the industry.

What types of merchants in APAC are the Merchant Risk Council looking to attract?

We welcome all types of merchants, regardless of industry or payment methods. Given the widespread use of local payment methods by consumers in APAC, more and more businesses are actively exploring and adopting alternative payment solutions, especially given the high cost of card payments. We focus on the e-commerce sector, and although the focus is generally on businesses with annual turnover of at least US$50 million, even smaller brick-and-mortar stores can access a wealth of useful information and guidance through our Member Resource Center.

What are the common issues or pain points facing merchants today?

This is a very interesting question. For merchants, especially those in the e-commerce space, the first challenge is how to effectively verify the identity of consumers. Merchants need to ensure that the person initiating the transaction is indeed the cardholder, and they also need to identify whether these cardholders are reputable consumers. The current online environment is full of fraud, with frequent phishing attacks, SMS scams, and account takeovers, which are used by criminals to steal user data, purchase goods and services online, and then cash out through illegal means. Our 58 law enforcement members, including the FBI, Interpol, and Europol, have shown us that funds from payment fraud are often used to fund more serious organized crime.

Currently, many merchants are gradually adopting advanced authentication technologies, and new regulations are also accelerating this process. The implementation of new regulations and payment system rules is accompanied by increased costs and business adjustments, which poses a considerable challenge to merchants.

In a rapidly expanding market environment, especially in the Asia-Pacific region with diversified payment methods, merchants must be able to accommodate all payment options preferred by consumers to remain competitive.

When dealing with data privacy, how can companies find a balance between data utilization and data protection?

In recent years, consumers have become much more sensitive to merchants' collection of personal information and how merchants use it. Proper use of data can help merchants conduct targeted marketing, such as recommending products based on user preferences, which has a positive impact. On the other hand, merchants may also share data with other organizations or third parties and use the data in ways that consumers do not explicitly consent to.

With the introduction of laws and regulations such as the General Data Protection Regulation (GDPR), strict standards for data protection are set, which clearly tend to protect consumer rights. According to the regulations, merchants must transparently disclose the purpose of data collection, usage and transmission path, and give consumers the right to delete data, which undoubtedly brings new challenges to merchants. In today's era of Internet penetration, consumers are more inclined to choose merchants that they both like and trust. This means that merchants must strictly follow the GDPR regulations or clearly disclose data collection and its use to customers. Merchants who violate the regulations may not only face high fines, but in serious cases, even threaten the survival of the company.

In your opinion, as the industry continues to develop and innovate, will new risks emerge?

Over the past decade, with the rise of many emerging alternative payment methods, the industry has undergone tremendous changes. In the payment industry, every new trend is accompanied by new risks and challenges. From individual criminals to organized crime groups, they are constantly looking for and exploiting loopholes in these emerging trends. Traditional bank card payment methods have been around for many years, and their related risks and anti-fraud strategies are relatively complete. However, for new payment methods such as cryptocurrencies, open banking, and BNPL, there is currently a lack of equally mature security protection systems, although these systems are expected to gradually mature in the next five to ten years. At this stage, criminals are actively exploiting all existing loopholes and gaps to carry out illegal activities. It is foreseeable that the trend of financial crime will inevitably intensify, especially against the backdrop of slowing global economic growth, the upward trend of fraud cases seems inevitable.

Unfortunately, criminals' methods are endless, and new fraud methods may appear every day. Traditional phishing emails are still rampant, and as the electronic communication methods between merchants and consumers develop, criminals also take the opportunity to use these electronic channels to steal consumer data and use them to commit fraud. Especially in the key link of identity verification, the challenges in the future will only become more complex.

How should merchants deal with these risks?

Joining the Merchant Risk Committee is obviously a wise choice! The first step to preventing fraud is to fully understand the potential risks. Just like knowing that your house may be robbed, you will naturally choose to install door locks or alarm systems and set different protection levels according to security needs. The same is true in the payment field. Merchants also need

Ensure your business is running securely by deploying different levels of security. Whether it is payment security or fraud prevention, there are many solution providers to choose from.

Twenty years ago, when we first tried to bring together issuers, merchants and law enforcement, we were met with a general reticence, with most institutions reluctant to publicly admit or report fraud losses. Today, open communication is more important than ever. You should actively engage in dialogue with your industry peers, especially those with similar business models, because the criminals targeting you may also be targeting them.

At the same time, it is important to be familiar with the various defensive tools available. Criminals are often good at identifying and attacking the most vulnerable targets. Therefore, it is important to integrate effective solutions, adopt helpful suggestions and promote best practices. In the Merchant Risk Council community, you can gain insight into the challenges and risks you face and learn how to deal with them appropriately.

What are some impressive milestones or achievements in the Merchant Risk Council's advocacy work?

We have achieved many proud achievements in the past few years. First, we have successfully established a trusted authority in the industry and actively communicated with regulators, standard setting bodies and policy makers as a spokesperson for merchants. At the same time, we have strengthened our engagement with regulators around the world, including close collaboration with the Federal Reserve System in the United States and being a member of the EMVCo Advisory Board in Europe, where we have direct dialogue with the European Commission and the European Banking Authority.

We are committed to building good cooperation with regulators everywhere and providing them with valuable information. For example, in the promotion of Strong Customer Authentication (SCA), we collect and provide feedback on real-time data on EMV and SCA readiness around the world to help regulators understand the actual situation and the impact of these authentication methods on consumers. We will publish detailed reports on the Asia-Pacific region in the coming months, so stay tuned.

In addition, we have reached a cooperation with the Reserve Bank of India (RBI) on electronic authorization for regular transactions. By establishing a good communication channel with regulators, we have successfully promoted a series of electronic authorization improvements that benefit merchants. But we do not work alone, we always work hand in hand with other organizations, such as working with the Merchant Payments Alliance of India (MPAI) in India, and we are not competitors, but we work as a joint force to talk to regulators.

Visa’s changes to the CE 3.0 rule are significant to us, as the Merchant Risk Council has redefined friendly fraud and this change has been adopted by the world’s largest payment system. When this announcement was made, we were very excited internally! We co-hosted a webinar with Visa to go into more detail about this rule change, and other payment systems have since started to reach out to us.

Looking ahead, how do you see payment regulation evolving?

As payment technology continues to advance, payment regulation will inevitably continue to evolve. For example, emerging payment methods such as BNPL and cryptocurrencies are not fully included in the regulatory framework at present, but we also need to develop industry standards to provide clear guidance to practitioners. Regulators in different regions have different approaches to these emerging payment methods, and the Merchant Risk Council is a hub organization that is in dialogue with global regulators to discuss payment definitions and actively guide the formulation of reasonable rules. This is undoubtedly a positive development.

We look forward to continuing to deepen our cooperation with regulators, especially those in Asia Pacific. Today, regulators are more willing to work with us and engage in dialogue because they recognize that the Merchant Risk Council is not only a source of high-quality information and education, but also a bridge to communicate with merchants. While compliance with regulations can be a significant cost to an organization, regulation itself is not something to be feared. Fundamentally, the purpose of regulators is to create a safe and secure environment for the payments industry, especially in the e-commerce sector.

What will the inaugural Merchant Risk Council Singapore Conference bring to you at the end of October? What makes this conference unique compared to other events?

We are very excited about this event! The conference will kick off on October 30 at the Shangri-La Hotel, Singapore with a grand Sunday Welcome Event. During this three-day event, attendees will have the opportunity to engage in a wide range of topics in payment operations and fraud prevention, with carefully curated panel discussions, industry experts hosting the event, well-known speakers, and many well-known e-commerce brands and key decision makers.

The event provides ample opportunities for participants to interact and network, and almost all of the Merchant Risk Council's Asia Pacific board members will be in attendance, ensuring that everyone can make valuable connections within the industry. This event is not only a great way to expand your industry network, but it will also facilitate in-depth conversations about payment operations and fraud issues, answer any questions you may have, and further integrate into the Merchant Risk Council community and become an integral part of it.

Finally, what advice do you have for job seekers who are interested in joining the ever-changing payments industry?

This is a fascinating industry, and I have witnessed many earth-shaking changes in the 27 years I have been in it. You will never feel bored in this industry, and there are always new things waiting for you to discover.

For those who are interested in looking for development opportunities in the field of payments and fraud prevention, the market is in a golden period of strong demand for talent, and all kinds of companies are eager to find the right people. The industry covers a wide range of positions and functional areas, and you can find a wide range of career development opportunities here. This is an exciting industry.

At the Merchant Risk Council, we are extremely passionate about payments and fraud prevention, so I strongly recommend that every job seeker learn about this industry and explore all kinds of companies that may attract you.

“Payments Powerhouses” is a monthly feature series focusing on interviews with leading figures in the payments and fintech sectors in Southeast Asia and around the world.