Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
July 12, 2018
Behind the Growth in Debit Card Payments
U.S. consumers make more payments with nonprepaid debit cards than with other types of cards (credit and prepaid) combined. The 2016 Federal Reserve Payments Study found that consumers made 57.5 billion payments in 2015 using nonprepaid debit cards.
That's a 26 percent increase over 2012, when consumers made 45.7 billion nonprepaid debit card payments.
No doubt, effects of more favorable economic conditions—including declining unemployment, increasing wages, and greater consumer confidence—were important factors in increased consumer spending from 2012 to 2015. But from a payment choice perspective, such as which method or card to use, what might be driving this increase of almost 12 billion? Two factors related to those choices could be at play:
- Maybe people started using the cards more intensively. That is, people who owned nonprepaid debit cards started using them more often, making more payments per card per month.
- Maybe people started using the cards more extensively. That is, more people owned and actively used a nonprepaid debit card or more people owned and actively used multiple cards.
For this discussion, an "active" card is defined to be one that is not expired and had purchase activity or bill pay associated with the card during at least one month of the year 2015 or, for the 2012 estimate, at least one transaction during the month of March 2013. Note that the difference between the 2012 and 2015 estimates could, in part, be related to the different definitions of the measurement periods. (The Federal Reserve Payments Study also measures nonprepaid debit, credit, and prepaid cards that are in circulation but not used.)
Let's look at the numbers:
- In 2012, there were 173.9 million active consumer nonprepaid debit cards in circulation. These cards are linked to a transaction account at a financial institution and can be used to make purchases at the point of sale.
- In 2015, there were 209.6 million active consumer nonprepaid debit cards. That's an increase of 21 percent over the three years.
- In 2012, U.S. consumers made 21.9 purchases per month per active nonprepaid debit card. In 2015, on average, across the months, they made 22.8 per card. That's almost flat—an increase of just four percent in the number of payments per card per month over three years.
These numbers overall tell us that increases in payments per card is not the main driver of this phenomenal increase in the number of nonprepaid debit card payments (see the chart). Note that payments per card is an average of various behaviors. Some people could be using their cards more—for example, new debit card owners may be moving from using cash or prepaid cards. Others could be using their cards less—for example, new owners of credit cards may be moving away from debit cards.
Rather, the increased number of active cards seems to be the source of the jump in the number of nonprepaid debit card payments. Here are some factors that could relate to the greater numbers of cards:
- The U.S. population ages 18 and older grew from 240 million to 247 million during this time, a three percent increase (American FactFinder search).
- The percentage share of consumers with a bank account (and thus able to own a nonprepaid debit card) increased from 91.8 percent in 2011 to 93 percent in 2015 (FDIC Survey of Banked and Unbanked Consumers [2012 estimate not available]).
- By birth year, the share of people more likely to own a debit card increased. Young people born between 1995 and 1997 turned 18 between 2012 and 2015—about 14 million of them (American FactFinder search). At the same time, the population of people born before 1940 declined by about 4 million between 2012 and 2015.
Whatever the source of the increase in the number of cards, we see here that typical behavior for an active nonprepaid debt card is around 23 purchases per month. How many times per month do you use your card or cards?
By Claire Greene, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
July 6, 2018
Attack of the Smart Refrigerator
We've all heard about refrigerators that automatically order groceries when they sense the current supply is running low or out. These smart refrigerators are what people usually point to when giving an example of an "internet-of-things" (IoT) device. Briefly, an IoT device is a physical device connected to the internet wirelessly that transmits data, sometimes without direct human interaction. I suspect most of you have at least one of these devices already operating in your home or office, whether it's a wireless router, baby monitor, or voice-activated assistant or "smart" lights, thermostats, security systems, or TVs.
Experts are forecasting that IoT device manufacturing will be one of the fastest growing industries over the next decade. Gartner estimates there were more than 8 billion connected IoT devices globally in 2017, with about $2 trillion going toward IoT endpoints and services. In 2020, the number of these devices will increase to more than 20 billion. But what security are manufacturers building into these devices to prevent monitoring or outside manipulation? What prevents someone from hacking into your security system and monitoring the patterns of your house or office or turning on your interior security cameras and invading your privacy? For those devices that can generate financial transactions, what authentication processes will ensure that transactions are legitimate? It's one kind of mistake to order an unneeded gallon of milk, but another one entirely to use that connection to access a home computer to monitor one's online banking transaction activity and capture log-on credentials.
As one would probably suspect, there is no simple or consistent answer to these security questions, but the overall track record of device security has not been a great one. There have been major DDOS attacks against websites using botnets composed of millions of IoT devices. Ransomware attacks have been made against consumers' home security systems and thermostats, forcing consumers to pay the extortionist to get their systems working again.
Some of the high-end devices such as the driverless cars and medical devices have been designed with security controls at the forefront, but most other manufacturers have given little thought to the criminal's ability to use a device to access and control other devices running on the same network. Adding to the problem is that many of these devices do not get software updates, including security patches.
With cybersecurity issues grabbing so many headlines, people are paying more and more attention to the role and impact of IoT devices. The National Institute of Standards and Technology (NIST) has begun efforts to develop security standards for cryptology that can operate within IoT devices. However, NIST estimates it will take two to four years to get the standard out.
In the meantime, the Department of Justice has some recommendations for securing IoT devices, including:
- Research your device to determine security features. Does it have a changeable password? Does the manufacturer deliver security updates?
- After you purchase a device and before you install it, download security updates and reset any default passwords.
- If automatic updates are not provided to registered users, check at least monthly to determine if there are updates and download only from reputable sites.
- Protect your routers and home Wi-Fi networks with firewalls, strong passwords, and security keys.
I see IoT device security as an issue that will continue to grow in importance. In a future post, I will discuss the privacy issues that IoT devices could create.
By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
June 25, 2018
Down but Not Out
As I noted in my last post, consumer habits are sticky when it comes to cash. Despite the many ways to pay, consumers make almost one-third of payments (by number) in cash. But sometimes cash just isn't an option. You can't use cash to buy a snack on an airplane, for example. This week, I look at factors about merchants that constrain consumers' payment options, including their unwillingness to accept cash for in-person payments or their inability to accept cash for online payments. (My colleague Doug King touched on cashless locations a couple of weeks ago.)
At the in-person point of sale, merchants' willingness to accept a payment instrument could affect the prevalence of cash. Consumers obviously cannot use cash when merchants will not accept it. Recent headlines (here and here) suggest that some quick-service restaurants, coffee shops, and food trucks may be growing reluctant to accept cash. As an example, here's a picture of a sign on a San Francisco food cart in late May.
The flip side of a merchant's unwillingness to accept cash is the merchant's willingness to accept card payments for ever-lower dollar values. And indeed, the average dollar value of card payments is dropping. For instance, the average dollar value of an in-person, non-prepaid debit card purchase fell from $35 in 2012 to $32 in 2016 (Federal Reserve Payments Study: 2017 Annual Supplement). This trend could indicate that merchants are increasingly agreeable to accepting cards for small-dollar transactions.
Consumers show they are aware of evolving merchant acceptance. The 2017 Survey of Consumer Payment Choice reported that consumers rate credit and debit cards highest for acceptance, with cash coming in third. The survey asked respondents to rate how likely each payment method is to be accepted by stores, companies, online merchants, and other people or organizations.
At the online point of sale, cash is not an option. (However, Doug mentioned in that same post that at least one online retailer is trying to make cash possible.) The share of purchases made online is still small—just about 12 percent of retail goods and services by number (2017 Survey of Consumer Payment Choice). Yet over the past four years that share has steadily increased. Data about remote card purchases in the Federal Reserve Payments Study (2017 Annual Supplement ) show the growing importance of online purchases. As Jessica Washington noted in her post in early May, remote card purchases grew more rapidly from 2015 to 2016 than did in-person card purchases, measured by both number and value.
Despite these developments, cash continues to dominate quick purchases. In October 2016, consumers paid for about half of their fast food purchases with cash. They used cash for 62 percent of convenience store purchases (2016 Diary of Consumer Payment Choice).
Cash has had staying power over decades of technological innovation. It may be down, but it isn't out.
To learn more about consumer payment choices and preferences, visit the Federal Reserve Bank of Atlanta's new consumer payments web pages that house a variety of surveys, studies, and research reports on the topic.
By Claire Greene, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
June 18, 2018
Thinking about My Grandmother and Future-Proofing Payments
I often reminisce about times I spent with my grandmother. She passed away when I was only nine years old, but fortunately left me with a host of memories that I cherish. How I loved our trips to Walden Bookstore in the Hickory Ridge Mall whenever she'd visit us in my hometown of Memphis. We'd pick out a book or two and then return home to read them together. I often wonder what she would think about my family's book shopping and reading habits today. Online bookstores, e-readers, and audiobooks downloaded or streamed onto mobile phones would be completely foreign to her as the technology behind these was not even around during her lifetime! How could she ever have known how the world of books would evolve?
And this brings me to the notion of future-proofing payments. Mobile payments just might be the hottest topic when payment professionals get together to discuss the future of payments. It makes sense to think that maybe one day our mobile phones will replace our debit and credit cards and maybe even cash. But to date, the mobile phone has not done for cards and cash what it has done for mp3 players, digital cameras, and portable navigation devices, to list just a few things. Perhaps we need more time for mobile phones to transform payments—or could it be that payments as we know them today will be made over by a technology or device that is not yet widely available or even conceived? Is it possible that the primary payment methods we use today can withstand the test of time and remain our primary methods for many more years? Thinking about my grandmother and books, maybe future-proofing payments is a losing proposition and we should be nimble, ready to adapt to whatever changes come our way.
Join me for the Atlanta Fed's Retail Payments Risk Forum's latest Talk About Payments webinar on Thursday, June 28, from 1 to 2 p.m. (ET), when I will explore the future of mobile payments at the point of sale by first considering the debit card's long rise to prominence. Participation in the webinar is complimentary, but you must register in advance. After completing registration, you will receive a confirmation email with all the log-in and toll-free call-in information.
By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
- Behind the Growth in Debit Card Payments
- Attack of the Smart Refrigerator
- Down but Not Out
- Thinking about My Grandmother and Future-Proofing Payments
- Consumer Habits and Cash Use
- The GDPR's Impact on U.S. Consumers
- Laurel or Yanny? Cash or Card?
- Heading toward A New Era of POS Portability?
- Is My Identity Still Mine?
- Evidence of the Digital Age
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- online retail
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud