Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
November 21, 2016
Are Mobile Phone Payments Secure?
A consistent and leading reason consumers give as to why they don't use their mobile phone to make payments is their concern about the phone's level of security. While many consumers don't believe that mobile payments are as safe as other payment methods, is that actually the case? For more than six years, the Federal Reserve Banks of Atlanta and Boston have been supporting the Mobile Payments Industry Workgroup (MPIW). The MPIW was created to facilitate the development of a vision for a mobile payments environment that will be effective, secure, and ubiquitous. This group has met frequently to address the issues of technology, standards, security, privacy, functionality, regulation, and adoption barriers. The various deliverables from past MPIW meetings focus on security and risk and can be found on the Federal Reserve Bank of Boston's website.
As this blog has noted numerous times over the last two years, the migration to chip cards for in-person POS payments will shift more fraud over to the card-not-present (CNP) market. With the introduction of numerous mobile wallets since 2014 that can be enabled on smartphones, the MPIW believed that an assessment should be made of the risk issues associated with commerce generated through the mobile phone—or m-commerce—whether through a browser or a specific wallet application. Over the last eight months, Fed representatives and mobile payment experts have been working on the development of a white paper, which was released on November 8. You can access the full report here.
The MPIW's report provides an assessment and the future position of mobile payments as a part of the overall e-commerce growth expected in the United States. It groups the various types of remote mobile payments into four use cases and dissects the transaction flow for each use case with a description of the potential risk attacks in each key function of the transaction. We believe the report provides the payments industry with a sound primer of mobile wallet transaction security issues. While there are attack points in the mobile phone channel just as there are in other payment channels, the mobile phone offers features that can make a mobile payment transaction much more secure than many people currently believe. The MPIW will continue to assess the mobile CNP payments environment and produce presentations and other materials intended to educate the industry and consumers.
You can find additional MPIW white papers and other publications on the MPIW web page.
By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
November 14, 2016
"Good, Better, Best" in Understanding Merchant Payments
The marketing mantra "Good, Better, Best" from Sears in selling different grades of merchandise at different price points might serve as a guide for segmenting quality levels of information needed in understanding merchant payments. While attending several merchant-focused conferences and trade shows this year, I began thinking about this mantra in relation to the dearth of even "good," rigorous information on the payments experience of the important retail trade sector of our economy. Payment information such as person-present and remote payments, successful and unsuccessful fraud attempts, use of technology, cost of acceptance, and other information by type of payment instrument is simply not widely available. In cases where some information exists, it isn't representative of the entire retail industry.
Currently, there is a wealth of information available on payments for the overall economy through the previous and pending release of the latest Federal Reserve's Triennial Payments Study, the first of which was compiled in 2000. But the focus of this study is the broader landscape, with individual sectors of the economy not examined in detail. Today, the Fed continues to collect and publish aggregate survey information from payments providers (including some private-label card issuance information from retail merchants) via the payments study and from consumers via surveys conducted by the Consumer Payment Research Center at the Federal Reserve Bank of Boston. However, there is no major representative survey of quantitative payments information about businesses, of which merchants are a critical part since so many payments are made by consumers for purchase of goods/services.
How important is the retail trade sector to the economy? Using figures from the U.S. Census Bureau, these charts show the 1.2 million businesses engaged in retail, accommodation, and food services. Collectively, the businesses employ 27 million people and produce annual sales of $5.4 trillion. More to the point, the lion's share of retail payment transactions are thought to be accepted via this sector of the economy, making it the sector to be impacted the most by payment economics and policy.
Many government entities, including the Reserve Bank of Australia, have surveyed merchants in their own countries. The Bank of Canada has a report due next year; the European Commission surveyed 10 European Union (EU) states; and the European Central Bank surveyed 13 EU states. Colleagues of mine at the Federal Reserve Bank of Kansas City offer a comprehensive review and compelling case for "Measuring the Costs of Retail Payment Methods" here in the United States.
Below are some of the benefits of conducting a merchant study in the United States. Doing so could
- Narrow the gap in tracking merchant payments and payment fraud information compared with other developed countries.
- Offer detailed breakouts of point-of-sale and remote payments that provide information on fraud and other losses prevented and actual losses incurred.
- Help identify efficiency-improving changes in retail payments and strengthen the understanding of payments end to end for a sector with high impact in payments.
- Contribute to social welfare analyses by providing more facts about merchant benefits, costs, and fraud risks associated with different payment methods.
Perhaps we should apply the mantra of retail and move from good or better to best. Perhaps we should aspire to doing the best reporting we can muster for this important sector of our economy. What are your views on the value of such an undertaking?
By Steven Cordray, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
November 7, 2016
The Downside of a Wide Paintbrush
Fall is the time of the year that I normally do my exterior home painting and touchup. During the summer, I noticed that my deck and stair metal support poles were a bit dull and had some rust spots, so that was to be my project. The poles have a 4-inch diameter, so I was in a bit of a quandary over the best width paintbrush to use—a 2-inch or a 4-inch. The 4-inch brush would provide faster coverage so my football-game-watching time wouldn't be compromised, but the 2-inch brush would give me greater control and reduce drips and splatters. I went with the expedient choice, and it turned out to be a mistake, as my coverage was uneven with plenty of drips and splatters.
I mention this story because I recently appeared at the National ATM Council's (NAC) annual conference. NAC is an industry trade organization representing nonfinancial-institution ATM owners/operators in the United States. I was asked to speak primarily about the Fed's research into the use of cash as well as the current chip card and terminal deployment status. After my presentation and in the subsequent days of the conference, I was approached by a number of owners/operators telling me that their banks had recently terminated their longstanding relationships; they were deemed to be "high risk" since they were in the currency business. Many were scrambling to establish new banking relationships and wondering why this was happening.
Being an old ATM guy, I was a bit surprised hearing about this action due to the built-in controls on ATM currency settlement and reconciliation that severely limit the ability for an ATM owner/operator to launder money through an ATM. It would be very easy for the bank to spot an imbalance if the money being replenished far exceeded the currency paid out by the ATM. There is still the concern, of course, regarding the initial load (deposit) to establish the account to ensure that those are legitimate funds, but that concern exists with the establishment of all banking relationships by any type of business.
Financial institutions certainly have the obligation to develop a risk management strategy and determine which types of business activities they deem acceptable versus those considered high risk. Supporting ATM operators with their currency needs could be considered a niche business with some unique requirements and may not be the best allocation of resources for all financial institutions. At the same time, bankers may not want to paint a business with the wide brush of "high risk" just because they deal with currency as a major part of their business operation. To do so may force many of these operators to shutter their units, which often are located in areas where there is not a wide choice of ATM locations.
By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
October 31, 2016
Of Piggy Banks and Bank Branches
Fall is my favorite time of the year. Football season cranks into high gear, pumpkins replace chocolate in my desserts, and excellent payment-related events take place with great published content. On the content front, this fall has not disappointed. I have recently read several excellent reports, including the FDIC's 2015 National Survey of Unbanked and Underbanked Households. Although the focus of the survey is on the unbanked and underbanked population, there are some interesting findings concerning banked households, including their methods used for accessing their accounts. After seeing these findings, I began pondering the question, why do I still visit a bank branch for my deposit account needs?
According to the FDIC survey, 75 percent of banked households use a bank teller to access their accounts. However, a teller is the primary or main access method for only 28 percent of banked households, suggesting that over 70 percent of households prefer to interact through a non-face-to-face channel. The other physical channel, the ATM, is the primary access method for only 21 percent of banked households. The FDIC found that online and mobile banking usage is lower than the physical channels; however, nearly 50 percent of banked households' primary method of access to their account is digital (online or mobile). So while a majority of banked households still visit a physical location to access their accounts, almost half of them prefer to access their account digitally.
As I think about my own banking practices, I visit physical banking locations less and less. I will drop in to make a check deposit, but only if I am running errands and a physical location just happens to fall on my route. Or sometimes my kids want a sucker and I know my local branch will come through. They have even provided my children with piggy banks during visits! I use mobile check deposit more often than not. I still visit ATMs, but those interactions are substantially fewer today thanks in large part to being able to obtain cash back via my debit card at a number of retailers.
So I will visit a branch for my deposit account needs if it is convenient for me while running errands or if my kids want candy or some other treat. And these two reasons aren't necessarily sustainable. I am running fewer errands as more of my shopping takes place in the digital world (and my phone is becoming more convenient for check depositing). And unfortunately, I am not getting any younger, which means my children are growing up, and as they do, suckers and piggy banks will more than likely not stir up as much excitement as they currently do.
As a traditionalist, my past thinking led me to believe that the demise of bank branches was overblown. However, my thinking has changed. The bank branch will not disappear overnight or completely in the long term, though indications are that the number of branches will decline. As I contemplate the results of the FDIC study coupled with observations from my own behavior, it becomes obvious to me that the physical importance from a deposit account perspective is being diminished in this digital age. I am not sure what the branch of the future will look like, but I feel confident in saying that tellers, and even ATMs, focusing on deposit accounts will not be primary reasons for consumers to visit. Why will you visit your local branch in the future?
By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
- Are Mobile Phone Payments Secure?
- "Good, Better, Best" in Understanding Merchant Payments
- The Downside of a Wide Paintbrush
- Of Piggy Banks and Bank Branches
- EMV Comments That Make Me Cringe
- Taking a Quantum Leap into Payment Security
- Looming Questions with the Rollout of NACHA's Mandated Same-Day ACH Rules Change
- AdmiNISTering Passwords: New Conventional Wisdom
- Mobile Banking and Payments—What's Changed?
- Risk Mitigation Isn't Just for Banks
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud