Document information and change log

Document Information

Change log

Gender And Entity Neutrality

The masculine form is used solely for the sake of better readability. It always refers to persons of any gender identity (m/f/diverse). This document uses the abbreviation “Give” for all legal entities and subsidiaries.

Table of Contents

Roles and Responsibilities        5

Chief Risk Officer (CRO)        5

Chief Compliance Officer (CCO)        5

Compliance Manager        5

Risk Manager        5

Risk Analyst        5

Introduction        6

Risk Triggers        6

1. Risk Levels        6

Addressing Risk Triggers        7

Risk Analyst        7

Risk Manager        7

Compliance/Audit Team        7

Risk Monitoring Periodic Review        8

2. Escalations        9

2.1 Turn On a Trigger        9

2.2 Turn Off a Trigger        9

2.3 Activity of Concern        9

3. Risk Monitoring        9

3.2 Alerts        10

3.3 Ongoing Training        10

3.4 Assessment        10

3.5 Machine Learning        10

4.1 Triggers for Alert Notifications        10

4.3 Risk Level Escalation        13

4.4 Account Changes        14

5.0 Risk Response Process        14

5.1 Risk Review and Analysis        14

5.1.1 Website Verification        14

5.2 Investigation        15

5.2.1 Chargeback        16

5.2.2 Unanticipated Activity        16

5.2.3 Investigation Results Indicates the Risk is Increasing        16

5.2.4 Investigation Results are Unsatisfactory        17

5.3 Request For Information (“RFI”)        17

5.4 Escalate        17

5.5 Approvals        17

5.6 Timeline        18

5.7 Suspension        18

5.8 Terminating a Merchant Account        18

5.9 Onboarding Exception Follow up        19

6. Risk Reporting        19

6.1 Risk Reporting        19

Merchant Risk Report        20

7. Mitigation and Response        20

7.1 Red Flags        20

Colluding Merchants        20

New Merchant Bust-Out Schemes        21

Sales Draft Laundering or Factoring        21

Merchant Cash Advances        21

Merchant Credits        21

Telemarketing Scams        21

8. Documentation and Record Keeping        22

9. Custodial Account and Reserves        22

Attachment A. Suspicious Activity Report (SAR)/ Suspect Violation Report (SVR) Template        23

Roles and Responsibilities

Chief Risk Officer (CRO)

The Chief Risk Officer (“CRO”) is responsible for the overall risk of the entire company and communicating, reporting, and strategizing risk and compliance to CEO, Risk Board, Stakeholders, and the public. The CRO agrees with the risk triggers being implemented.

Chief Compliance Officer (CCO)

The Chief Compliance Officer (“CCO”) is responsible for the overall compliance of the entire company and communicating, reporting and strategizing to the Chief Risk Officer, CEO, Risk Board, Stakeholders, and the public.

Compliance Manager

The Compliance Manager is responsible for managing compliance internally and communicating with external teams. The Compliance Manager also schedules, reports, and communicates with internal and external teams.

Risk Manager

The Risk Manager is responsible for managing the risk team and enforcing Merchant and Transaction Risk policy and procedures, risk monitoring and reporting. The Risk Manager makes final determination in the suspension and termination of a merchant, reporting of Trailing Twelve Months “TTM” Credit and Fraud Loss, reviews and determines how to handle escalated merchant risk profiles per the Merchant Risk Response Playbook guidelines. The Risk Manager reviews quarantined and suspicious transaction activity and determines if the activity should be escalated to report, manually block, void or refund, or set an automated blocked transaction as a false positive.

Risk Analyst

The Risk Analyst’s role is to review merchant risk alerts and set to ok or escalate the merchants risk per the Merchant Risk Response Playbook guidelines. In reviewing risk alerts, the Risk Analyst determines if the activity should be investigated, the reasons for the risk alerts and documents the reasons and collects evidence in support for or against reducing or elevating the risk level. The Risk Analyst reviews quarantined and blocked transactions and makes suggestions, provides evidence for false positives, refunds or reports  suspicions of fraud to the Compliance Manager.

Introduction

Risk Triggers

A risk trigger is an indicator that a risk event is very likely to take place or is about to happen. Risk triggers identify potential risks.

1. Risk Levels

Give’s risk monitoring uses the following risk levels “Low, Medium, High and Critical.” Points are awarded based on the trigger activated. Triggers related to higher risks are awarded higher points. A “Low” risk level has 1 (one) point or less. A “Medium” risk starts above 1 (one) point and goes to 3 (three) points. “High” risk starts above 3 (three) and goes to 6 (six) points. A “Critical” risk level is above 6 (six) points. Please see the diagram below.

Diagram 1

Low risk merchants will not be reviewed daily by the Risk Analyst but monitored for unusual activity and anomalies. (Please see Risk Monitoring Periodic Review for frequency). The Risk Analyst/Manager will receive notifications for Medium, High and Critical risk merchants to be reviewed. For High and Critical risk merchants, the Risk Analyst/Manager will continue to receive notifications to address the trigger reason(s) until the trigger(s) is closed. Unaddressed triggers for higher risk merchants will cause the merchant’s account to have transaction limits. The Risk Analyst/Manager must prioritize the active triggers for Higher risk merchants to avoid the merchant’s account being disabled due to inaction.

The Risk Manager will conduct a second level review into the Risk Analyst’s work on the triggers for Higher risk merchants. The Risk Manager will also ensure that Medium risk merchants triggers are timely addressed.

Addressing Risk Triggers

Risk Analyst

• Investigation

The Risk Analyst will consider the trigger reason(s) and review the merchant’s transactions that correspond to the trigger(s). If necessary, further review will be conducted on the source of funds to determine a reasonable explanation for the triggered alert. Other factors will be considered to clear the alert. The Risk Analyst will conduct public source searches, research seasonality of the industry, etc.

• Request for Further Information (“RFI”) 

In instances where the Risk Analyst is unable to determine a valid reason to clear the triggered alert, the Risk Analyst will send a RFI to the merchant to explain the activity.

• Merchant Response

The Risk Analyst will review the merchant’s response and determine if the explanation is adequate to clear the trigger.

• Decisioning Documentation  

The Risk Analyst will document the reasons given to address the trigger in the comments section.

Risk Manager

• Trigger Review

The Risk Manager will take a sampling to conduct a second level review on the trigger reason(s) and the Risk Analyst’s investigation and subsequent addressing of the trigger(s).

• Approval

If the Risk Manager agrees with the Risk Analyst’s assessment, the Risk Manager will confirm the Risk Analyst’s decision.

• Return for Further Review

There may be instances where the Risk Manager will return the file to the Risk Analyst and request the Risk Analyst provide additional information or conduct further review to adequately address the trigger(s).

Compliance/Audit Team

Periodically the Compliance/Audit Team will review samples from Risk Monitoring reviews.  

Risk Monitoring Periodic Review

Periodically, the merchant will be reviewed as part of ongoing monitoring and assessment. Higher risk merchants are continually reviewed. The merchant is reviewed using documents such as current financial statements, tax returns, bank references, trade lines, personal credit history of owners, website reviews to determine the merchant is financially able to continue operating and meeting obligations to their customers.

• Low Risk

Consistently Low risk merchants will be monitored by an automated monitoring tool to determine if there is activity of concern. Low risk merchants are included in the “Routine Monitor”.

• Medium Risk

Medium risk alerts will not always be generated for the same merchant. Therefore, a Periodic Review will be done at least weekly on Medium risk alerts to determine the triggers are being adequately addressed.

• High Risk

Priority is given to higher risk merchants when they trigger.

• Critical Risk 

Critical risk triggers are given immediate attention.

E‐Commerce merchants are reviewed according to the MCC risk level schedule listed above. The Risk Analyst will consider the following as part of the merchant’s website review:

1. Website violations reporting on the web content.
2. Confirm the merchant is PCI compliant credit card acceptance.
3. On the merchant’s website, verify that the merchant’s name is consistent throughout each screen of the website. If the merchant’s shopping cart is on a different website, the merchant’s name must be in the URL. Take a screenshot of the homepage and store it in the merchant’s file in GiveSync.
4. Verify the Card Brand full-color marks are present.
5. The products and or services listed must reflect the information noted on the Merchant Application.
6. The products and or services prices must be consistent with the information noted on the Merchant Application.
7. The customer service contact information must be the same information noted on the Merchant Application.
8. If applicable, ensure the proper disclosure for export or legal restrictions.
9. Confirm the delivery/shipping policy can be viewed and is consistent with the business’ model. Take a screenshot and store it in the merchant’s file in GiveSync.
10. Confirm the return/refund policy can be viewed and is consistent with the business model. Take a screenshot and store it in the merchant’s file in GiveSync.
11. Confirm the accepted currency is properly disclosed,
12. Ensure all links on the merchant’s website only lead to products and or services disclosed on the Merchant Application.  

2. Escalations

There are several types of escalations the Risk Analyst will be performing. The Risk Analyst will be escalating merchants to the Risk Manager to either turn on or off a trigger based on the results of either a review or consistent results over a reasonable period of time. The Risk Analyst will also escalate merchants with activity that is concerning.

2.1 Turn On a Trigger

Based on the results of a review, the Risk Analyst may determine the need for an additional trigger(s) or adjustment of a trigger(s). The Risk Analyst will document the results and review the appropriate trigger or trigger parameters with the Risk Manager.

2.2 Turn Off a Trigger

If a merchant consistently triggers for the same trigger(s) that the Risk Analyst has determined to have a reasonable explanation, the Risk Analyst may escalate the merchant for the consideration of having the specific trigger(s) turned for the merchant.

2.3 Activity of Concern

The Risk Analyst will escalate merchants with activity of concern to the Risk Manager for further review. If the Risk Analyst and the Risk Manager determine further review is necessary, the Risk Analyst will complete a Suspicious Activity Report (Attachment A) and submit it to the Compliance team.

3. Risk Monitoring

Give Corporation has implemented its patented ongoing risk monitoring and surveillance to identify risks across various customer types using real-time data analysis, historical information, customer and team responses, and external intelligence.

3.1 Risk Monitoring Strategy

Give’s monitoring strategy includes both monitoring and surveillance. This is done through Give’s patented surveilling platform and monitoring by the Risk Analyst. Activity is being surveilled and monitored in real time. Surveillance is done using a predetermined set of rules. The Risk Analyst will monitor identified risks through real-time data analysis, merchant response, external resources, team feedback and automated alerts and systems.

3.2 Alerts

Activity that is outside of the expected activity, the usual pattern, sudden changes and anomalies are flags for further review. Give’s surveillance and monitoring process will generate alerts for the Risk Analyst to review. Each alert will indicate to the Risk Analyst the reason(s) it was generated. The Risk Analyst will review all the activity to get a complete picture of the merchant’s business model, and product and services offered.

3.3 Ongoing Training 

Ongoing training is essential for effective risk management. The Compliance Team has developed a training program that provides role specific training materials, and targeted training for the Risk team to adhere to the regulatory requirements and perform their roles effectively. The Risk Manager will provide further training for the Risk team to perform daily operations efficiently and be prepared to recognize and respond to risks appropriately.

3.4 Assessment

Regular risk assessments are necessary to maintain an up-to-date understanding of the risk environment. The Risk Analyst will conduct these assessments periodically, evaluating both current and emerging risks. This process will include reviewing historical data, current trends and potential future scenarios to provide a comprehensive risk profile. Additionally, the Risk Analyst will assess risks based on the Merchant Category Codes (“MCC”), identifying specific risks associated with different types of merchants.

3.5 Machine Learning

The Risk Analyst will leverage the platform built-in machine learning tool to enhance the risk monitoring process. This tool is designed to trigger alerts when certain patterns occur, notifying the Risk Analyst of potential risks related to the merchants. With advanced algorithms and data analytics, the Risk Analyst can better spot patterns and anticipate potential risks.

4.1 Triggers for Alert Notifications

Give’s monitoring and surveillance system uses predefined thresholds and parameters for various risk areas. The triggers are expressly defined in Give’s monitoring and surveillance system. Each merchant’s activity and profile is compared to these predefined thresholds and values in real time. Activity outside of the thresholds and parameters are considered to be a breach. When the predefined thresholds and parameters are breached, a trigger is activated to generate an alert. The specific triggers are designed to detect unusual activities or patterns that may indicate possible risks. The triggers are dynamic as they will be updated or new triggers may be added. Additional triggers will be implemented at a later date. The Risk Analyst is notified of the trigger(s) reason(s), and reviews the alert. Below are the current list of triggers:

List of Automated Triggers:

Points are assigned to each trigger based on the risk level associated with the trigger. Higher risk triggers are assigned higher points. One alert may have more than one trigger. The triggers are either checked daily or when the triggerable event happens. For example, there are some event triggers that are checked at the time of account creation. There are transactional, volume, chargeback and refund triggers that also cover ratios, and changes. Transactional and volume based triggers include either one or three months of activity for the Risk Analyst to review.

4.2 Trigger Categories

As part of Give’s AML/Risk Monitoring Program, the triggers monitor a variety of activity such as dollar values, dollar amount ranges, volumes, ratios, chargeback. Below are categories of the triggers.

4.3 Risk Level Escalation

The trigger parameters also include factors when present would raise (escalate) the risk level. These factors include rejected or invalid emails, one customer using several cards. There is also a cooling mechanism that would lower a risk level over a specific period if the elevating risk factors are reduced or stopped. The risk level is reduced one level every 12 hours when elevating risk factors are reduced or absent.

4.4 Account Changes

Account changes and its ownership will be reviewed and verified using various verification methods such as; bank statements, bank confirmation and verified third party subscription. One signer will use their authenticated login credentials to make and authorize account changes. Senior management will review exceptions. Changes to the merchant will trigger a notification to verify CIP, CDD/EDD, OFAC and MATCH.

5.0 Risk Response Process

Give’s timely responds to mitigate potential risk effects. Give’s risk mitigation controls include reviews, investigations, oversight reporting and reducing the risk. Mitigating strategies are included in the risk response process.

5.1 Risk Review and Analysis

Upon receiving an alert notification, the Risk Analyst reviews the details that triggered the alert. The Risk Analyst initiates a thorough analysis of the merchant’s transactions, business operations and model. This comprehensive analysis aims to identify the underlying causes, determine if the activity is reasonable for the merchant, and or escalate for further review. In instances where the Risk Analyst has determined the activity is reasonable, the Risk Analyst will make a note and clear the alert.

The following are steps taken while reviewing the merchant’s website:

5.1.1 Website Verification

1. On the merchant’s website, verify that the merchant’s name is consistent throughout each screen of the website. If the merchant’s shopping cart is on a different website, the merchant’s name must be in the URL. Take a screenshot of the homepage and store it in the merchant’s file in GiveSync.
2. Verify the Card Brand full-color marks are present.
3. The products and or services listed must reflect the information noted on the Merchant Application.
4. The products and or services prices must be consistent with the information noted on the Merchant Application.
5. The customer service contact information must be the same information noted on the Merchant Application.
6. If applicable, ensure the proper disclosure for export or legal restrictions.
7. Confirm the delivery/shipping policy can be viewed and is consistent with the business model. Take a screenshot and store it in the merchant’s file in GiveSync.
8. Confirm the return/refund policy can be viewed and is consistent with the business model. Take a screenshot and store it in the merchant’s file in GiveSync.
9. Confirm the accepted currency is properly disclosed,
10. Ensure all links on the merchant’s website only lead to products and or services disclosed on the Merchant Application.  

5.2 Investigation

In some instances, further investigation is necessary to clear an alert or determine if the activity is suspicious and proceed with suspending the merchant’s activity or close the merchant’s account. When a trigger is activated, an alert notification is sent to the Risk Analyst, who reviews the trigger details, investigates the underlying cause and determines if the activity is reasonable for the merchant, and or escalate for further review.

After the investigation process, if the trigger appears to be a false positive, the Risk Analyst selects one of the predefined reasons in the platform and writes a description of the decision to close the trigger. If the Risk Analyst notices any indicators of fraudulent activity, an escalation report is prepared and escalated to the Compliance team.

Steps and criteria for verifying and investigating alerts include the following but is not exhaustive:

• Does the nature of the transactions align with the normal business transactions?
• Is there legitimate business growth, such as expanded product offerings or marketing campaigns?
• Are there known industry seasonal trends or patterns that might account for the surge in transactions?
• Are the transactions done in usual timing or frequency?
• Does the transaction deviate significantly from the merchant's typical transaction size or frequency?
• Is the product sold aligned to the merchant’s nature of the business?
• Is the product sold normally priced compared with the market?
• Does the transaction have mismatched billing and shipping details?
• Is the payment method for this transaction usual?
• Is there sufficient documentation such as invoice, shipping details or customer information?

Some of the predefined reasons for each trigger are listed in the following and is not exhaustive:

• High-Value Products or Services
• Enterprise Contracts
• Custom Orders or Projects
• Change in business model
• Fraudulent activity
• Launch of a New Product or Service
• Promotional or marketing campaigns
• Business expansion
• Seasonal business fluctuations
• Service model

5.2.1 Chargeback

Chargeback monitoring and retrieval monitoring will identify areas of concern. Retrieval is an indicator of potential chargebacks. Card-not-present merchants may have higher chargebacks than card-present merchants. Risk Manager conduct the following actions for each chargeback:

• Review merchant file and history.

• Send the merchant a Request for Information for an explanation if there is not enough documentation.

• A proper investigation is conducted, and if the explanation is reasonable, no further action is needed.

• If the activity is fraudulent, AML/OFAC violation, or other criminal activity, place the merchant on the Watch List.

• Suspend deposits temporarily.

• Terminate merchant’s account(s).

*Note: Monthly, the Watch List will be reported to the Sponsor.

Visa’s Threshold for Chargebacks

Visa’s standard chargeback is transaction ratio of 0.9% and 100 chargeback in a month (Chargebacks911).  Both the chargeback ratio and number of chargebacks has to breach the standard limit for Visa to consider it a breach. Once the dispute/chargeback ratio breaches the early warning category, the business enters the Visa Dispute Monitoring Program (“ VDMP”). A business exits the VDMP after reducing the dispute/chargeback ratio for three (3) consecutive months. If another dispute/chargeback ratio breaches one of the categories again then the clock starts again towards the 3 months.

The organization’s dispute/chargeback ratio is calculated by dividing the total number of transactions by the total dispute/chargeback transactions during a specific period. Note: Even if chargeback is reversed it counts towards the dispute/chargeback ratio and count.

Visa Dispute Monitoring Program

 Copied from (Chargebacks911)

Visa Fraud Monitoring Program (“VFMP”) Visa Fraud Ratio

The organization’s fraud ratio is calculated by dividing the sum of the total number of transactions by the sum of the total fraudulent transactions during a specific period. Fraud type code 3 - fraud application is excluded from the fraud ratio calculation. High fraud ratios means higher processing fees if not managed. Visa only counts the first (1st) 10 fraudulent transactions from one cardholder in a month when calculating the fraud ratio and count. A business can exit the VFMP after reducing the fraud ratio for three (3) consecutive months. If another fraud ratio breaches one of the categories again then the clock starts again towards the 3 months.

Visa Fraud Monitoring Program (“VFMP”)

Copied from (Chargebacks911)

Contesting Disputes in the Visa Fraud Monitoring Program

While in the VFMP, only evidence for reason code 10.5 can be  provided for disputes, they include:

We processed a refund before the dispute

A dispute for the transaction was accepted prior

The states in writing they will continue with the dispute

Visa considers fraud and disputes/chargebacks as indicators how the organization is managing potential chargebacks.

Customer Notification

The first month the merchant  enters either the VDMP or VFMP, the acquirer is required to notify the merchant that they exceeded their chargeback threshold.   The acquirer and merchant are required to coordinate on a remediation plan, The remediation plan should be implemented  in months 2-4. In months 5-12 acquirers make adjustments to reduce the merchant’s fraud levels to the appropriate level.

Mastercard Chargeback Thresholds

Mastercard calculates chargeback ratios by dividing the prior month’s number of processed transactions by the number of processed transactions for the current month.

Mastercard Chargeback Thresholds Program

Copied from (Chargebacks911)

Mastercard Excessive Fraud Merchant (“EFM”) Program

Copied from (Chargebacks911)

5.2.2 Unanticipated Activity

Conduct the following if the activity is unanticipated:

• Send the merchant a Request for Information for an explanation.

• Request sales draft and invoices of concerned transaction(s).

• If necessary, contact the issuing bank to validate the transaction(s).

• Review merchant’s transactions, business operations, model and history to determine if the current business activity is consistent.

• Verify the merchant is compliant with the merchant processing agreement terms.

• Verify the merchant is compliant with the Card Brand Rules

• Search for previous investigation(s) on the merchant.

• If applicable, conduct a merchant site visit

5.2.3 Investigation Results Indicates the Risk is Increasing

If the result of the investigation indicates the Risk is increasing take the following actions:

• Extend the period on the WatchList.

• Institute a reserve or adjust the existing reserve.

• Suspend deposits temporarily, if applicable.

• Terminate merchant’s account(s).

• Add the merchant to MATCH (Members Alert to Control High Risk), if applicable"

5.2.4 Investigation Results are Unsatisfactory

If the result of the investigation is unsatisfactory take the following remediation steps:

• Place the merchant on the WatchList.

• Institute a reserve or adjust the existing reserve.

• Suspend deposits temporarily, if applicable.

• Terminate merchant’s account(s).

• Add the merchant to MATCH (Members Alert to Control High Risk), if applicable.

5.3 Request For Information (“RFI”)

The Risk Analyst may issue a Request for Information (“RFI”) to the Merchant to gather additional details or clarification regarding transaction details. This step ensures complete understanding of the transaction details and risk before determining the appropriate response. The merchant’s account will be suspended after 30 days for non-response.

5.4 Escalate

When suspicious activity is noticed, the Risk Analyst escalates the alert to the Compliance Manager. This is done through an escalation report, which details the nature of the suspicious activity and the findings from the initial investigation. This process ensures that the Compliance team is informed and can take further action.

5.5 Approvals

One of the Risk Analyst's main tasks is to review and analyze trigger alerts. If the analysis confirms that there is no actual risk, the Risk Analyst can close the trigger. However, if suspicious activity is detected, the Risk Analyst will escalate the alert to the Compliance Manager. This ensures that only valid risks are escalated, maintaining focus on significant issues.

5.6 Timeline

The Risk Analyst should respond to every trigger alert as soon as possible, typically within a few days. The response process begins with merchants who have the highest risk level points. This prioritization ensures that first the most critical risks are addressed promptly.

5.7 Suspension

In situations where immediate action is necessary to mitigate a significant risk, the Risk Analyst has the authority to suspend certain activities or processes temporarily. This proactive measure helps prevent further exposure to the identified risk until a more permanent solution can be implemented. If the risk level points remain high for more than one week, the platform will also apply transaction limits and hold funds to further protect against potential losses.

5.8 Terminating a Merchant Account

The following are common reasons to terminate a merchant’s account(s):

• The Merchant Category Code was added to the prohibited list.

• The merchant involved in deceptions and or scams

• Collusive merchant

• Confirmed bust-out merchant

• Laundering of sales drafts

• Consistently exceeds processing thresholds

• Excessive chargeback activity

• Processing of counterfeit transactions

• Processing of unauthorized transactions

• Confirmed fraudulent activity

• Card Brand mandated closure

• Increased loss exposure

• Violation of merchant agreement

• Violation of Card Brand operations and/or rules Sale of illegal product and/or services

• Industry trends indicate business method may pose additional risk/loss exposure.

If the decision is made to terminate a merchant account the following are recommended:

• Email the merchant a Letter of Termination.

• Suspend the merchant’s processing ability.

• If applicable, add the merchant to MATCH.

5.9 Onboarding Exception Follow up

Within 30-days follow up on any existing onboarding exceptions to ensure that the exceptions have been resolved. Review the following exceptions:

• Missing or positive OFAC result

• Prohibited merchant category

• Merchant volume or risk exposure exceeds Give’s underwriting approval thresholds.

• Suspected identity theft

6. Risk Reporting

Risk reporting identifies risk areas, risk trends and indicates if remediation measures are effective. Identifying risk areas allows Give to allocate more mitigation measures in those risk areas. Risk trending indicates the direction of risk so that Give can redeploy some of the risk measures to manage risk in that direction. Effective risk reporting ensures transparency and provides insights into current and potential risks.

6.1 Risk Reporting

Regular and detailed reporting is essential for maintaining a clear overview of risk management activities. Some reporting are done weekly, monthly and quarterly.  Reporting is available for Senior Management and Sponsor reviews. The following information is available daily for oversight review on each merchant to monitor for risk factors:

• Gross sales volume of weekly deposits
• Average transaction amount
• Number of transactions
• Number of chargebacks
• Number of credits

6.2 Targeted Risk Analysis Reports
Several reports will be provided regularly to the Sponsor and for internal use. On the reporting schedule are targeted risk reports to closely monitor specific risk areas. These targeted risk areas are higher in risk and require a quick response when necessary. Risk Management, compliance and Senior Management use these reports to allocate resources to avoid regulatory noncompliance and out of control risks. The following reports are some of the reports that focus on specific risk areas for deeper insights and details:

Suspensions
This report provides details on merchant suspensions due to identified possible risks. The report includes details such as, the date of the suspension, reasons for the suspension and the additional measures taken, such as transaction limits or fund holds.

Merchant Risk Report

The Risk Analyst is responsible for providing a detailed report on all merchants with risk activity. This report includes details such as new alerts, current risk points, ongoing investigations and alerts closed by the Risk Analyst. The report provides a detailed overview of the risk status associated with each merchant.

E-Commerce Monitoring Report

Risk Analyst review the merchant websites to confirm that details provided in the website align with the Merchant profile in the platform:
-Periodic scan of merchant’s website, products and services

-Review hyperlinks steering cardholders to other websites  

E-Commerce reports are prepared on a regular basis(at least once a month) with focus on the higher risk merchants.

7. Mitigation and Response

After a new trigger alert occurs, the Risk Analyst is notified about the new risk activity and the Risk Analyst responds to it with a predefined criteria.

7.1 Red Flags

The Risk Analyst monitors for red flags that indicate potential risk activities or suspicious activity. Identifying red flags is crucial for early detection and taking timely action to prevent potential risks. These red flags include unusual transaction patterns, sudden changes in merchant behavior and other anomalies. Identifying red flags early helps in taking timely action to prevent potential issues.

The Risk Analyst will monitor transactions and behaviors that deviate from normal patterns using platform built in tools and established criteria with thresholds. Any anomalies or unusual activities will be flagged for further investigation to address potential issues. The following are red flags the Risk Analyst will be vigilant in monitoring:

Colluding Merchants

This involves forced transactions without a code. Collusion between the merchant, and or its employees who knowingly process transactions on reported lost, or stolen credit cards. These merchants do not fight push back against the forced transactions. 

New Merchant Bust-Out Schemes

A new fake business is set up. The merchant opens several merchant accounts with various banks at a time to process as many transactions within a short period. The processed transactions are from fraudulent credit cards. No goods or services are rendered. Once the merchant receives the funds the merchant disappears.

Sales Draft Laundering or Factoring

A fraudster posing as a merchant asks an unsuspecting or financially distressed merchant if they can deposit sales drafts in their account for a percentage of the proceeds. This fraudulent activity will continue for a short time. Resulting in the merchant not having enough funds to cover the chargebacks.

Merchant Cash Advances

A merchant uses their own credit card for a purchase, usually a large even dollar transaction. However, no goods or services are exchanged. The activity is conducted to fund the merchant’s account because usually these merchants have financial difficulties.

Merchant Credits

Someone fraudulently makes a credit return on their credit or debit card. However, there is no return of goods to match the credit. This is similar to the fraudulent merchant cash advance scam.  The credit is either used to offset the credit card balance or withdrawn as cash from an Automated Teller Machine (“ATM”).

Telemarketing Scams

Individual customers make a purchase from a telemarketer. The price of the product is usually much lower than the price the customer is charged.  The customer is charged repeatedly either monthly, same day or within a short period of time.

Bot Attacks

This involves automated attempts to process large volumes of small or repetitive transactions using bots. The system detects and blocks suspicious activity; however, the Risk Team reviews alerts, escalates confirmed cases to Compliance, and refunds any transactions that were not automatically blocked.

8. Documentation and Record Keeping

Every risk activity history is stored in the platform, providing details of the trigger alert, date of the alert, investigation process, conversation related to the merchant, every manual activity and description about the investigation process that led to the decision to close or escalate the trigger.

All those details are stored in the Conversation tab under the risk activity group and the Risk and Compliance team can access the information for review and reporting purposes.

9. Custodial Account and Reserves

The funds processed for sub-merchant funds and collected fees are transferred into Give’s FBO account. The funds are then distributed to the sub-merchants via a daily ACH file from the FBO bank account.

10. Transfers Section Overview

The Risk Manager monitors all external transfers initiated by merchants using the dedicated "Transfers" section within the platform. This section provides an overview of external merchant transfers, including details such as the merchant name, transfer status, date, recipient information, hold period end, transfer amount, bank details, and account number. The Risk Manager uses this information to identify and address potential threats associated with merchant transfers.

As part of the monitoring process, the Risk Manager assesses transfers to detect unusual patterns, such as unusually large amounts, transfers inconsistent with merchant profiles and the open alerts for the merchant's unusual activities and transfers prior to account closure request. For merchants classified as High or Critical risk, the Risk Manager receives email and push notifications 24 hours before the hold period ends. This allows the Risk Manager to review the transfer and determine whether to approve, extend, or cancel it. This includes approval for account closure requests. Transfers on new accounts or accounts with no history should be monitored closely using 3, 5, 7 points. If the Risk Manager approves the transfer, it is ready for processing. If no action is taken within the 24-hour window, the transfer is automatically canceled to mitigate potential risks.

The decision to approve, extend, or cancel a transfer depends on the merchant’s risk level and any open risk alerts:

The ability to monitor and manage transfers through this section significantly enhances the risk monitoring process, enabling identification and resolution of the suspicious activity.

11. Transaction Monitoring System

11.1 Introduction 

Our system monitors each transaction and takes automatic action when fraudulent behavior or unusual activity is detected. The system creates a profile for each transaction using the IP address, recording activity and unusual behavior.

11.2 Risk Levels

Each transaction gets a risk profile based on several criteria, using the IP address. Risk levels range from 0 (lowest) to 3 (highest). If no escalation occurs within 12 hours, the risk level decreases by 1.

11.3 Risk Events

Some of the events that contribute to increased risk are:

• VPN detected
• Transaction originates outside EU or North America
• Manually blocked transaction
• Rejected email authentication
• Multiple card declines
• Same customer using multiple cards
• Attempted transaction breach such as bot attack using transactions

11.4 Processing Action

Based on the risk level, the system handles payments as follows:

• Normal Processed – Transaction proceeds without issue.
• Quarantined – Held in quarantine for 24h.
• Fraud Detected – Flagged as potential fraud and blocked.
• Declined – Transaction is declined.

11.5 Risk Manual Response

The whole transaction risk monitoring process is done automatically, but the risk team can manually adjust statuses in specific cases:

• Quarantined transactions can be marked as Fraud Detected or Voided.
• Fraud Detected transactions can be marked as False Positive if proven valid.

For every manual change done, the risk manager will have to provide a description of what led to the decision.

Common reasons for changing a Quarantined transaction to Fraud Detected or Void:

• Unusual account activity
• Suspicious transaction timing or location
• Inconsistent purchase history
• Evidence of fraudulent behavior

Common reasons for changing a Fraud Detected or Void transaction to False Positive:

• Transaction details review indicates legitimacy
• Recognized, trusted customer behavior
• Incorrect data entry
• Customer provides a valid explanation

There are several reasons a card may be declined. There may be instances where the cardholder is asked to authenticate their identity through a two (2) factor authentication (2FA) to complete the transaction. In such instances, the card will be declined until the cardholder completes the 2FA. The Risk Analyst may have to search through several declinations to see the eventual card approval. These cases are not fraudulent but triggered because of the decline.

11.6 Investigation 

Before making manual changes, a thorough investigation must occur. Key steps include:

• Review the transaction details thoroughly
• Check the system’s reason for the assigned risk level
• Verify whether the risk level is accurate and justified
• Review any merchant requests or explanations
• Consider customer history or prior behavior patterns

After completing the investigation, if the transaction is confirmed as a false positive or fraud, the Risk Manager selects a predefined reason and provides a detailed description supporting the decision.

11.7 System Alerts and Notifications

If a merchant’s total daily Blocked or Declined transactions exceed 10% of their total transactions, the risk team receives a risk alert, notifying that attention is required to the merchant’s risk profile. In cases requiring urgent action, the Risk Manager can manually adjust transaction statuses or block further transactions.

11.8 Escalation Process

After a risk alert is opened, the risk team conducts a thorough investigation to determine the reason. If the issue appears isolated and not recurring, the alert is closed. However, if the issue persists or indicates a possible merchant issue, the risk team escalates the case to the Compliance Team for further analysis and action.

Attachment A. Suspicious Activity Report (SAR)/ Suspect Violation Report (SVR) Template

*Add Additional Rows as Needed

The information contained herein is intended to provide a general overview of the Company’s policies and procedures relating to compliance with this Policy and does not constitute legal advice or a complete description of the laws and regulations relating to this Policy. The Company has made every effort to ensure the accuracy and completeness of this Policy.  This document is intended to provide guidance to employees of Company on how to comply with applicable laws and regulations related to this Policy. Employees should consult with the Legal or Compliance Department if they have any questions about the Policy or how to comply with it. Company reserves the right to modify or update this Policy at any time without notice. Employees are responsible for reviewing the Policy on a regular basis to ensure that they are aware of any changes. This Policy applies to all employees of Company, regardless of their position or location unless stated otherwise in the Policy. Employees are responsible for complying with the Policy and for reporting any suspected violations to their respective supervisor, the Legal Department, AMLCO or respective recipient of such violation as outlined in this Policy.