Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
January 16, 2018
Not Just a Card-Not-Present Problem
In 2012, I published a paper that looked at trends in card fraud in several countries that had adopted or were in the later stages of adopting EMV chip cards. The United States is now in the process of adopting EMV, so I am refreshing that paper with an eye towards fraud trends in what are now mature EMV markets. Payments experts know that card-not-present (CNP) fraud will continue to pose challenges that EMV chip cards do not solve, but are there other challenges lurking in these markets that the U.S. payments industry should note?
Although I'm still gathering data, one particular data point from the United Kingdom—lost and stolen fraud—already has me intrigued. In 2016, losses from this type of fraud stood at more than £96 million (about $130 million), up from more than £44 million (about $60 million) in 2010, a 117 percent increase. In 2010, lost and stolen fraud accounted for 12 percent of overall card fraud in that country. By the end of 2016, it had become 16 percent of card fraud. It is now the second leading type of fraud in the United Kingdom, though it still falls far behind CNP fraud, which accounts for 70 percent.
Remember that in the United Kingdom, PIN usage was adopted to mitigate lost and stolen card fraud at the same time that EMV chip cards were implemented. Yet lost and stolen card fraud is up significantly. According to Financial Fraud Action UK, fraudsters are getting their hands on the PINs—a static data element—through distraction tactics and scams. Other factors, such as the proliferation of contactless transactions and those that have no cardholder verification method, could also be drivers of this fraud, as could an increase of reports of lost or stolen fraud that is actually first-party, or "friendly," fraud. EMV has proven to be an effective tool to authenticate cards, but authenticating an individual using a card, even in a card-present environment, remains a challenge.
The lost and stolen fraud figures out of the United Kingdom lead me to believe that cardholder authentication isn't just a CNP problem. Furthermore, the decades-old PIN solution for the card-present environment is now showing signs of weakness. At the same time, to reduce customer friction, many card networks are eliminating signature verification and relying on data analytics to authenticate transactions. Is this a perfect storm for lost and stolen card fraud? Is it the foreshadowing of the emergence of biometrics, or some lesser known technology? Or will I find that this problem is isolated and should not worry us in the United States?
By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
January 8, 2018
Consolidated Mobile Banking and Payments Survey Results Published
In earlier posts, we published highlights of the 2016 Mobile Banking and Payments Survey of Financial Institutions in the Sixth District results as well as a supplement showing the results by financial institution (FI) asset size. The survey was designed to determine the level and type of mobile financial services that FIs offered and to find out what plans FIs had to offer new services.
Six other Federal Reserve Banks also conducted the survey in their districts, and we've combined all the data into a single report. Marianne Crowe and Elisa Tavilla of the Boston Fed's Payment Strategies group led the team that consolidated the data. The report—now available on the Boston Fed's website—addresses mobile banking and payment services from the perspective of the FI. The report offers additional value with its inclusion of a large number of small banks and credit unions (under $500 million in assets), a group from which data are often difficult to obtain.
The seven districts participating were Atlanta, Boston, Cleveland, Dallas, Kansas City, Minneapolis, and Richmond. A total of 706 FIs responded.
Here are some of the key learnings from survey responses regarding mobile banking:
- Retail mobile banking offerings are approaching ubiquity across financial institutions in the United States. Eighty-nine percent of respondents currently offer mobile banking services to consumers, and 97 percent plan to offer these services by 2018.
- By the end of 2018, 77 percent of bank and 47 percent of credit union respondents will be providing mobile banking services to nonconsumers including commercial and small businesses, government agencies, educational entities, and nonprofits. Commercial and small businesses will be the most prevalent.
- Among FIs offering and tracking business mobile banking adoption, more than half still have adoption rates of less than 5 percent.
- The most important mobile banking security concern that respondents cited is the consumer's lack of protective behavior. In response, FIs have implemented a range of mitigating controls. To enhance security and help change consumer behavior, more than 80 percent of respondents support inactivity timeouts and multi-factor authentication (MFA) as well as mobile alerts.
And here are some important findings regarding mobile payments:
- Implementation of mobile payment services is growing as FIs respond to competitive pressure and industry momentum. In addition to the 24 percent already offering mobile payments, 40 percent plan to do so within two years. However, the current offering level fell substantially short of the expected 57 percent predicted by the responses to the 2014 survey.
- Mobile wallet implementations are increasing steadily, with Apple Pay as the current leader.
- Enrollment and usage remain low. Eighty-one percent of the respondents had fewer than 5 percent of their customers enrolled and actively using their mobile payment services.
- Asset size makes a difference in many areas: larger FIs have greater resources to expend on new services, implementations, and security technologies and controls.
- Banks and credit unions often differ in approaches and strategies for mobile payments.
We will conduct the survey again this year and are eager to see how the mobile banking and payments landscape has changed. If you have any questions about the survey results, please let us know.
By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
January 2, 2018
2017 Year-End Review
In December 2013, the Retail Payments Risk Forum began an annual tradition of authoring an end-of-year post highlighting what we consider to be the most significant payment topics or events of the year. We continued that tradition this year, but we changed our platform, instead covering our top events in our Talk About Payments webinar series. Watch a recording of the webinar's presentation.
We encourage you to listen to the webinar, during which we discussed in more detail the following key payment stories of 2017:
- Fraud schemes
- Data breaches
- Chip migration
- Payments security
- Same-day ACH–phase II
- Person-to-person payments
- Mobile payments
- Virtual currency/Distributed ledger
As we begin 2018, we in the Risk Forum look forward to continuing our efforts to mitigate payments risks through industry collaboration and convening. We will also continue to offer our insights using multiple platforms, including this weekly blog and our quarterly webinar series, Talk About Payments. As always, we value your feedback and comments, so do not hesitate to reach out to any of the Risk Forum team members.
Best wishes for a happy, and fraud-free, new year from all of us at the Retail Payments Risk Forum!
December 18, 2017
Training Workers for Payments Jobs
Do you boast, or at least talk, about your work in payments at social events? When I tell someone in a social setting that I work in payments, they either move on, after a polite pause, to meet the next person, or they take a deep breath and ask, “What does that entail?” What is most humbling is when I overhear my husband trying to explain my job. And what has been the most entertaining was when a four-year old asked me to perform an interpretive dance representing my occupation—a payments Nutcracker, if you will. Whatever the circumstance, you have to be ready to engage and convey excitement about all things payments to keep our workforce thriving. The industry is growing so rapidly that many employers are struggling to fill positions.
Many people I meet assume I am a mathematician when I talk about my work in payments. While I do own a calculator, I tell them, people in the payments workforce have diverse skill sets that go above and beyond using calculators. This diversity becomes more important every day, as technology keeps growing and changing. Ultimately, the majority of the population may not care how payments work, and they may not care to see an interpretive dance about payments. But there are dedicated, skilled professionals who, thankfully, perform their payments-related jobs safely and efficiently. And we need more of them.
The payments industry is growing. Fintechs alone account for a good portion of this growth. According to an industry research firm, venture capital-backed fintech companies globally raised a total of $5.2 billion in the second quarter of this year—–a 19 percent increase from last year. U.S. fintech funding saw a 58 percent rise, to $1.9 billion in the second quarter this year compared to $1.2 billion in the first quarter.
We need a more robust pipeline of available workers to support the growth in the industry. We need to both cultivate new talent and attract available skilled talent. This task can be daunting given the range of jobs available in the industry that transcend traditional educational curriculums.
Here are just a very few of many inspiring workforce training initiatives supporting industry growth today:
- FinTech Atlanta, along with the University System of Georgia and other colleges and universities in Georgia, launched a FinTech Degree and Certificate Programs to create needed talent to fuel the fintech workforce.
- NACHA, with the regional payments associations, has launched a Payments Risk Professional accreditation program. The program brings together skills for managing risk combined with knowledge in payment services, whether for financial institutions, solution providers, processors, businesses, or other end users.
- Workforce Innovation Hub, sponsored by Accenture and affiliated with Atlanta's City of Refuge, provides nonprofit technical education options to lift the underemployed and underprivileged. The IT training program teaches software and application development, IT support, web development, graphic design, and more—all skills that can be put to use in payments and fintechs.
- Some professional development programs work with military veterans, offering career opportunities and education resources that can help prepare them for careers in the payments industry. One example is First Data Salutes; another is Syracuse University's Institute for Veterans and Military Families (IVMF) and its affiliated program Entrepreneurs Bootcamp for Veterans with Disabilities.
Be a payments ambassador at your next social event and talk about your favorite payments initiative. It is up to you to decide if you want to perform an interpretive dance of your payments job—but it's up to all of us to keep our workforce growing at pace with the industry.
By Jessica Washington, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
- Not Just a Card-Not-Present Problem
- Consolidated Mobile Banking and Payments Survey Results Published
- 2017 Year-End Review
- Training Workers for Payments Jobs
- Fintechs and the Psychology of Trust
- What Will the Fintech Regulatory Environment Look Like in 2018?
- How Intelligent Is Artificial Intelligence?
- Webinar: Key Payment Events in 2017
- The Future of Wearables
- My Fingertips, My Data
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud