About


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Take On Payments

October 16, 2017


No Magic Bullet for Preventing Data Breaches

Much has been written about the Equifax data breach, including a Take On Payments piece several weeks ago. Since the announcement of the breach in early September, my LinkedIn timeline has been filled with articles and messages from sales and development professionals claiming that their technologies and solutions could have prevented the Equifax breach. Unfortunately, the weakest leak isn't a technology problem or issue. It is, and will continue to be, the human element.

Before I hear from the sales and development professionals I just referred to, let me say that I believe that technology does play an important role in mitigating data breaches. For example, statistics show that homes equipped with a security system—"hard targets"—are significantly less likely to be burglarized than homes without them—"soft targets." I suspect the same is true for companies and data breaches in that those who do a better job of securing their data with technology are harder targets than those who do not. However, technology is only one aspect of preventing data breaches—which brings us back to the human element.

We are the weakest link. We architect and program security systems with flaws. We fail to properly update software or install patches on a timely basis. We open suspicious attachments on emails. We sometimes visit dubious websites and click on suspicious ads or links. We divulge too much information over social media. We share sensitive information with people we think we know and who we think are friendly. And we are mistake- and accident-prone. Education does and will continue to help, but humans will continue to make mistakes and be accident-prone, thus data breaches will remain an ongoing problem.

The late, great musician Tom Petty said, "Music is probably the only real magic I have encountered in my life. There's not some trick involved with it. It's pure and it's real." While Petty's remark that music is probably the only real magic is debatable, there is no debating that data breach prevention has no magic bullet. Educating people remains critical, but, as is all too often the case, education also ends up falling short. As a risk expert, I really wish that I had the answer to preventing data breaches. Unfortunately, human actions trump any answers that I might have. Given the grim outlook for data breaches, it is imperative for companies and individuals to have a plan in place to minimize the damage when a data breach occurs.

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

October 16, 2017 in consumer fraud , cybercrime , data security , identity theft , malware | Permalink | Comments ( 0)

October 2, 2017


A Record-Breaking Season of Hurricanes and Data Breaches

I lived in the panhandle of Florida in 2005, during a record-breaking hurricane season. Four hurricanes that started in the Atlantic—including Katrina—reached Category 5 status that season. That disastrous hurricane season seemed unsurpassable. Yet hurricane Harvey and Irma set new records (both made first landfall in the United States as Category 4 hurricanes).

As Hurricane Irma made its destructive way across the Caribbean, a different kind of disaster was also setting records. On September 7, Equifax announced a data breach potentially affecting most U.S. adults. Could this year also prove to be a record-breaking year for data breaches? According to the Identity Theft Resource Center (ITRC), there are already 976 on the books. Breaches reached a record high of 1,093 in 2016—a substantial hike of 40 percent over the near-record high of 780 reported in 2015.

Truth be told, we can't be sure these data breach "records" are even accurate. Data breach notification laws vary by state in terms of definitions and standard reporting elements. Even the ITRC questions whether there actually are more breaches or the numbers have risen because more states are requiring public release of information on them.

The ITRC Breach Report is a compilation of breaches confirmed by various media sources and notification lists from state governmental agencies. This list is updated daily and published each Tuesday. The ITRC has been tracking breaches since 2005, but only since 2010 has that tracking included the information that has been exposed. Even so, many notifications made available do not include what damages, or types of records, were at stake.

To that point, we don't understand the extent victims will suffer when, for example, card information is stolen along with Social Security numbers. We have yet to see standard data on how fraud trends morph when a certain type of data breach occurs. Lack of correlation could be a risk to consumers.

With data breaches, as with hurricanes, we can respond better if we know what is at stake. Is it time for states to adopt a uniform set of statutes regarding data breach notifications? What do you think?

Photo of Jessica Washington  By Jessica Washington, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

October 2, 2017 in cybercrime , data security , identity theft | Permalink | Comments ( 0)

September 25, 2017


Fed Payments Webinar Series Launching

One of the comments we consistently received when we conducted the Mobile Banking/Payments Survey last fall was the desire for the Atlanta Federal Reserve to provide more educational opportunities on current payment technologies and issues. Not only have small and mid-sized financial institutions expressed this need, but so have consumer advocacy groups and law enforcement agencies. Educational efforts, along with research, on payment risk issues are at the core of the Retail Payments Risk Forum's overall mission.

In response to these requests, the Risk Forum is launching a webinar series called Talk About Payments (TAP). The TAP webinars will supplement this blog, forums and conferences we convene, and other works we publish on the Forum's web pages. The current plan is for the webinars to be presented once a quarter. Financial institutions, retailers, payment processors, law enforcement, academia, and other payment system stakeholders are all welcome to participate in the webinars. Participants can submit questions during the event.

We will have our first webinar—titled "How Safe Are Mobile Payments?"—on Thursday, October 5, from 1 to 2 p.m. (ET). The webinar will cover such topics as mcommerce growth, mobile wallets, tokenization, fraud attack points, and risk mitigation tools and tactics.

Participation in the webinar is complimentary, but you must register in advance. To register, go to the TAP webinar web page. After you complete your registration, you will receive a confirmation email with all the log-in and toll-free call-in information.

We hope you will join us for our first webinar on October 5, and for our future webinars. If there are any particular topics you would like for us to cover in future webinars, please let us know.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

 

September 25, 2017 in emerging payments , mobile banking , mobile payments , payments risk | Permalink | Comments ( 0)

September 18, 2017


The Rising Cost of Remittances to Mexico Bucks a Trend

From time to time, I like to look back at previous Risk Forum activities and see what payment topics we've covered and consider whether we should revisit any. In September 2012, the Risk Forum hosted the Symposium on 1073: Exploring the Final Remittance Transfer Rule and Path Forward. Seeing that almost five years have passed since that event, I decided I'd take another, deeper look to better understand some of the effects that Section 1073 of the Dodd-Frank Act has had on remittances since then. I wrote about some of my findings in a paper.

As a result of my deeper look, I found an industry that has been rife with change since the implementation of Section 1073 rules, from both a regulatory and technology perspective. Emerging companies have entered the landscape, new digital products have appeared, and several traditional financial institutions have exited the remittance industry. In the midst of this change, consumers' average cost to send remittances has declined.

Conversely, the cost to send remittances within the largest corridor, United States–Mexico, is rising. The rising cost is not attributable to the direct remittance fee paid to an agent or digital provider but rather to the exchange rate margin, which is the exchange rate markup applied to the consumer's remittance over the interbank exchange rate. As remittances become more digitalized and the role of in-person agents diminishes, I expect the exchange rate margin portion of the total cost of remittance to continue to grow.

Even though the average cost of sending remittances to Mexico is on the rise, I found that consumers have access to a number of low-cost options. The spread between the highest-cost remittance options and the lowest-cost options is significant.

Figure-11

With greater transparency than ever before in the remittance industry, consumers now have the ability to find and use low-cost remittance options across a wide variety of provider types and product options. To read more about the cost and availability of remittances from the United States to Mexico and beyond in a post-1073-rule world, you can find the paper here.

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

September 18, 2017 in payments risk , regulations , regulators , remittances , Section 1073 , transmitters | Permalink | Comments ( 0)

Google Search



Recent Posts


October 2017


Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31        

Archives


Categories


Powered by TypePad