Maintaining High Standards for Safety and UIUX – The Mission of the ‍Anti – Financial Crime Department

The “Professionals” series showcases talented experts who support PayPay Group’s operations.For this issue, we interviewed the heads of four teams within Anti-Financial Crime Department. We asked them about the roles of their respective teams and the fulfilling aspects of working at PayPay.

Continuing to Be a Safe, Secure, and Clean Service

What is the mission of the Anti-Financial Crime Department?

Hamagashira:
The mission of the Anti-Financial Crime Department is to ensure the safe and secure use of PayPay’s services. To achieve this goal, there are two key roles:

One is to establish a system in accordance with laws and guidelines related to AML/CFT to prevent the misuse of PayPay’s services by criminals and others. Various teams collaborate, with the AML/CFT internal management team at the forefront, to ensure compliance with laws such as the Anti-Money Laundering Act and the Financial Services Agency’s Money Laundering Guidelines.

The other role involves checking for any vulnerabilities in the service that could be exploited by criminals, such as account takeovers through phishing scams or the use of forged licenses for impersonation. The department proposes preventative measures and builds a framework for early detection and response to risks.

（See also）PayPay’s Safety Initiatives https://paypay.ne.jp/safe/

（See also）Anti-Money Laundering, Financing of Terrorism, and Proliferation Financing at Financial Institutions https://www.fsa.go.jp/policy/amlcftcpt/index.html

Your responsibilities are quite hefty considering the impact on users, society, and the economy

Hamagashira:
Yes. Naturally, there should be no harm to users, but once a major fraud incident occurs and the public becomes wary of our services, this will lead to user churn and losing the current momentum in Japan of going cashless.

In addition, the fight against money laundering and terrorist financing is intensifying internationally, so the Japanese authorities are requesting financial institutions to strengthen their systems through the AML/CFT Guidelines and other measures. Ensuring that our systems are in compliance with laws, regulations, and guidelines is an important part of expanding our business, and this includes the launch of new services and collaboration with banks and partners.

The Role of Each Team

What are the day-to-day tasks of each team?

Guideline Management Team

Hamagashira:
Our team plays three primary roles. One is to manage and promote company-wide AML/CFT measures Our efforts range from the development of annual AML programs to training and even collaboration with group companies.

The second is to conduct risk assessments for various services. As PayPay rolls out a variety of services on a daily basis and the number of our partners and merchants grows, we must quickly and accurately assess risks and implement measures to mitigate them.

Our third role is to comply with laws and regulations regarding AML/CFT. We cooperate with relevant departments like the Customer Management Department and ‍Merchant Management Department to establish a framework in accordance with the AML/CFT Guidelines, which should be completed by the end of March 2024. In FY22, we promoted the company-wide AML ‍framework enhancement project in cooperation with folks inside and outside the department, and were able to improve the framework to a level that mostly satisfies the AML/CFT Guidelines.

Customer Risk Management ‍Team

Suzuki:
We are working to develop a customer management system that includes identity verification, filtering, and ongoing customer due diligence in compliance with AML/CFT laws and regulations to ensure the safe and secure use of PayPay and to prevent misuse by criminals and terrorists. We also provide support to the Client Management Department in the first line of defense and interact with the authorities concerning our customer due diligence system.

We have worked with the Product Team, the ‍System Division (who are in charge of internal systems), the Customer Management Department, and other relevant teams to achieve such things as introducing a new identity verification method using IC chips in My Number Cards or in driver’s licenses, which was in fact a first in the cashless industry. We believe that these efforts have improved security, contributed to an improved UIUX, and enabled users to complete eKYC more easily and quickly.

（See also）First in the Cashless Industry! Using the Driver’s License IC Chip for Identity VerificationPayPay Introduces Japanese Public Key Infrastructure for Identity Verification Using My Number Cards

Transaction Risk Management Team

Sato:
In order to ensure the safety and security of cashless payments, PayPay collaborates with its partner financial institutions, uses fraud detection systems, and monitors accounts 24 hours a day, 365 days a year with dedicated staff. The main function of the Transaction Risk Management Team is to monitor these transactions and develop a framework for detecting and preventing suspicious transactions.

In cooperation with departments in charge of monitoring operations, we examine methods to lower risks of suspicious transactions that we detect, and analyze suspicious transaction reports and inquiries from investigative agencies in order to apply them to future risk mitigation measures.

Risk Research & Planning Team

Sugiyama:
We are responsible for authentication risk assessment and improvement proposals for PayPay app login paths and other authentication risks, reporting fraud results to the FSA, and working on risk assessment systems and data governance. One example of our work is the rollout of a new authentication feature that uses QR codes to securely transfer PayPay accounts, which we accomplished through cooperation with Product and other departments. Taking into account what other companies are doing and market trends, we keep abreast of the challenges posed by new threats and work on countermeasures to address them.

We are always mindful of the balance between security and convenience. While it is important to enhance security, pursuing only that may compromise user convenience. We at PayPay are required to maintain a high level of security and UIUX, so we would like to further achieve both by introducing new technologies to improve authentication security while making life easier for users.

（See also）Launch of New Authentication Feature Using QR Codes to Securely Transfer PayPay Accounts

How often does fraud occur in “PayPay,” since we do have an immense number of users and transactions?

Sugiyama:
As a result of the implementation of various fraud prevention measures and continued efforts to ensure safety and security, we were able to reduce the fraud rate of “PayPay” to 0.001%(*1) for the entire year of 2022*1. For reference, this rate is lower than that of credit cards, which was 0.053%(*2) over the same period.

*1. PayPay’s fraud incidence rate is the percentage of the amount of payments made using “PayPay” between January 1 and December 31, 2022 that were claimed to be fraudulent.
*2. The credit card fraud rate is calculated from Japan Credit Card Association’s credit related statistics, “List of Credit Card Development Survey Results (Amount of Credit Extended and Number of Contracts)” and “Status of Unauthorized Credit Card Use Damage,” both in “3. (Single Company) Statistics Based on Japan Credit Card Association’s Research” (amount of unauthorized credit card use damage divided by amount of credit extended).
Annotation *25 and *26 from “Major Initiatives Implemented by PayPay and Transition of KPIs (Second Half of FY 2022)“

Top-Notch Safety Is Not the Only Prerequisite

Please tell us what makes working at PayPay worthwhile!

Hamagashira:
As PayPay releases new services one after another, I find it rewarding to be involved from the planning stages and to be able to think about risk management measures that I see fit. In the AML/CFT field, the “risk-based approach” is the default course of action. While the basic precepts necessary for AML/CFT are provided in laws, regulations, and guidelines, specific challenges and their solutions need to be considered by each company depending on its services and risks it encounters. There are many difficult situations where there are no clear answers as to what needs to be done and to what extent, but that also means there is much room for creativity.

The need to identify, assess, and mitigate risks while at the same time taking a balanced approach regarding service quality and workload is a difficult but also a very exciting aspect of AML/CFT.

Suzuki：
AML/CFT is expected to become even more important to society in the future, and I am confident that PayPay has the foundation to lead other FinTech companies, especially with our high AML/CFT standards. Having said that, there are no clear answers in this field, as Hamagashira-san mentioned, so I think the excitement working here comes from exploring how to respond to various risks.

Pursuing safety and user convenience in the absence of clear-cut answers or precedents is what makes working at PayPay rewarding

Sato：
Right. Coming up with risk reduction measures is similar to considering whether the lock on the front door of a house is sufficient from a security perspective. Too many locks is inconvenient, but too few increases security risks. I get satisfaction from making improvements through trial and error via cross-departmental collaboration, where we try to maintain an appropriate balance between convenience for PayPay users and risk mitigation.

Sugiyam：
I believe that PayPay’s data-driven culture is helpful in achieving both user convenience and strong security. With 58 million users across multiple generations, our humongous database is what makes working at PayPay gratifying and one of the company’s major strengths. I feel it is my mission to work across departments, and using such an environment, to protect users’ accounts from fraud attempts by malefactors.

Are there any aspects of PayPay’s corporate culture, as represented in the 5 Senses, that you value?

Hamagashira:
“Be sincere to be professional.”
As professionals, we must continue to improve the quality of our output while striking the perfect balance between risk reduction, convenience of our products, and our workload. To achieve this, it is important not only to be knowledgeable about AML/CFT, but also to deepen our understanding of the business aspects of various services, such as their objectives, game plan, and money flow, and to keep up with what is happening in PayPay. We do say the word “professional” a lot in our division, to remind ourselves to make appropriate decisions as experts in the field.

Sato:
“Ego is not welcome, communication is necessary.”
No job is done solo and PayPay is a fast-paced environment, so communication is crucial. Since we are the department that strengthens PayPay’s defensive mechanism, it is important for us to constructively discuss issues—despite disagreements in how to proceed with the job—while understanding the challenges each person is facing and the background to those challenges.

Sugiyama:
“Believes in ourPRODUCT & TEAM”
Even if you have an idea, you need the help of other departments like Product to actually bring it to fruition. I hold dear to this mantra as I see the immense importance of creating things with the help of many people.

Suzuki:
“Work for LIFE, or Work for Rice”
We devote a considerable amount of time to work in our lives, and you only live once! So I always tell myself that work is part of my life, so I can willingly take on challenges while enjoying my job at the same time.

What does your team hope to accomplish going forward?

Sato:
We will contribute to the company as a defender to ensure that PayPay users can use our services safely and comfortably, while at the same time analyzing monitoring results and continuously reviewing risk mitigation measures. We will also make risk management methods more effective by enabling a more strategic and organizational approach, while performing grassroots level responses that focus on the issues at hand.

Hamagashira:
We aim to further strengthen our posture in accordance with the MoneyLoan Guidelines, and promote the continuous sophistication of matters that already meet the requirements of the Guidelines as both our services and group expand.

Suzuki:
We will realize a customer management system that can flexibly respond to new services that are constantly being created. So far, we have been ‍directly tackling issues as they occur, but in the future, we would like to establish a more systematic approach that allows us to study in hindsight our analyses of issues, the content of our reviews, and our actual responses.

Sugiyama:
With the PayPay 5 Senses mindset, we will develop a system that allows would-be fraudsters to think “There’s no point in targeting PayPay,” while also providing convenience to our users!

*Recruitment status and employee affiliations are correct at the time of the interview.