Thredd Warns of Triple Threat to Payments Businesses

Financial institutions and fintechs must address significant operational, fraud and compliance challenges to maintain growth in the payments sector, according to a new report from payments technology provider Thredd.

The report, Protecting & growing your payments business in 2025, highlights how the payments industry has entered a more calculated phase of development following recent investment surges, with companies now refocusing on fundamentals.

“Having navigated an unprecedented surge in investment and growth, we're now in a more calculated phase characterised by a renewed emphasis on mainstream business concerns like financial fidelity, protecting against threats, and introducing new efficiencies to control costs and protect future profits,” says Jim McCarthy, CEO of Thredd.

The report identifies three primary challenges facing payments businesses: labour-intensive operational controls prone to error, evolving fraud threats and increasing regulatory scrutiny. 

These issues affect organisations at all stages of development, from early-stage fintechs to mature financial institutions.

Back-office operations drain resources

Back-office operations for payments programmes consume significant resources.

According to Thredd's research, manual processes and unnecessary network fees can cost approximately £165,000 (US$213,000) per month for every million card transactions processed, plus 10-20% of an organisation's total annual BIN (Bank Identification Number) cost.

These operations typically span multiple interdependent functions including reconciliation, network fee management, programme invoicing, and exception handling. 

Most organisations still manage these critical functions using manual, spreadsheet-dependent processes across data silos, leading to unclear decision-making and compliance failures.

For instance, reconciliation tasks require matching transaction data across processors, networks and core banking systems. 

Network fee management involves the line-by-line breakdown of invoices from payment networks like Visa and Mastercard. 

Programme invoicing requires extensive staff hours to review invoice lines, apply pricing tiers, and split revenue.

The report suggests organisations should implement automated back-office management systems that can consolidate these processes without extensive integration work.

Fraud threats evolve with technology

Fraud and scam tactics continue to evolve, with Thredd reporting that scammers extracted more than US$1.03tn globally in 2023. 

The UK alone loses an estimated £1.5bn (US$1.9bn) annually to fraud, representing 40% of reported crime despite significant under-reporting.

Synthetic identity fraud, which involves creating fabricated identities to open accounts, is expected to cause losses exceeding US$100bn annually by 2025 according to Javelin Strategy & Research.

Other prominent threats include account takeover attacks, where criminals gain unauthorised access to legitimate accounts, business email compromise schemes that target organisations with fraudulent payment requests, and SMS phishing ("smishing") attacks, which analysts predict will double in volume by the end of 2024.

Financial institutions are increasingly looking to consolidate their fraud and risk operations for a more holistic approach and implement real-time detection systems that can identify threats during transaction authorisation.

Regulatory compliance becomes more complex

Regulatory requirements present growing challenges for payments businesses, particularly those operating across multiple jurisdictions or business lines overseen by different authorities.

The report details how regulatory frameworks for third-party risk management (TPRM) are becoming standardised globally. 

Examples include the European Banking Authority's guidelines on outsourcing, the UK's Prudential Regulation Authority supervisory statement on third-party risk management, and similar frameworks from regulators in Singapore, Australia, Hong Kong and the United States.

These frameworks generally require organisations to identify, assess and mitigate risks associated with third-party relationships, with a particular focus on technology risk and cybersecurity.

“The dialogue around the globe has changed. Finding and maintaining strong bank-fintech partnerships in today's environment requires higher levels of readiness, transparency and controls. 

“Those who position themselves to adapt to rapidly-changing regulatory requirements will create strategic advantages,” concludes Zedrick Applin, Head of Regulatory Compliance at Thredd.

Explore the latest edition of FinTech Magazine and be part of the conversation at our global conference series, FinTech LIVE. 

Discover all our upcoming events and secure your tickets today.

FinTech Magazine is a BizClik brand