Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
May 23, 2011
The dilemma of measuring fraud in the U.S. payments system
Growing up, I was fascinated with books about animals, particularly those focusing on totally unique and strange Australian animals. Kangaroos, wallabies, duck-billed platypuses, and spiny echidnas caught my fancy because they were unique, existing nowhere else on the planet. Perhaps one reason I am so fascinated with the U.S. payments system is that it is totally unique and replicated nowhere else in the world.
Limited government engagement in payments system policies
While part of its uniqueness stems from its size and scope, the true novelty of the U.S. payments system lies in its exceedingly free market roots. That is, relative to most other developed countries, our system is very lightly regulated. Certainly, there are a reasonable number of regulations that afford consumer protection, but in the nearly 30 years from 1980 to 2009, Congress only occasionally addressed payments system issues, most notably with the Expedited Funds Availability Act of 1988 and the Check Truncation Act of 2003. One would normally expect infrequent legislative engagement in situations where a strong government regulator was in place, making legislative activity unnecessary, but there is no government agency specifically charged with regulating the overall U.S. payments system.
This arrangement has created an environment where innovation flourishes, but it also has allowed for a bit of a void when the evolution of the payment system creates public policy issues, either internally or with respect to global compatibility. Recent history bears witness to this point as Congress has suddenly become more engaged in passing the CARD Act of 2009, the overdraft legislation of 2009, and the debit card interchange legislation housed in the Durbin Amendment to the Dodd-Frank financial reform legislation of 2010. While each of these efforts was directed at increasing transparency and promoting choice for consumer and business users of the payments system, there has been little effort to address another important public policy issue—the increasing concern over risk and fraud in the payments system.
Through the creation of the National Strategy for Trusted Identities in Cyberspace, the current administration has proactively addressed growing concerns over ID theft in an increasingly electronic and globally accessible payments system. But many other tangential and separate fraud issues loom on the horizon. In tough economic times, however, organizations make difficult choices about the business case behind any fraud mitigation investments. Individual organizations generally have the data necessary to conduct such assessments, but from a broader national viewpoint, precious little data exist on which to base needed public policy analysis. For example, when the Federal Reserve Board, via the aforementioned Durbin Amendment, was handed the responsibility to oversee debit card interchange and fraud management issues, they had no choice but to begin their work by developing and distributing extensive surveys so they could get a handle on experiences in the marketplace.
Lack of a public fraud measurement systems
Much of what exists publicly today in terms of payments system measurements and metrics for fraud comes from independent survey work initiated by trade associations or consultants, such as the American Bankers Association, the Independent Community Bankers Association, and the Association for Financial Professionals. While the data flowing from these efforts is extremely helpful, each survey has its own focus, methodologies differ, and voluntary participation levels vary the statistical accuracy of results.
In other countries, the government, central bank, or bank-centered payments authorities systematically and accurately gather and report fraud data, and then publish such data for all to use as they go about managing their payments portfolios and making investment decisions in technology. Recently, I have engaged in discussions with many payments leaders about the dilemma of not having good data on which to base fraud-mitigation decisions related to growing concerns about the use of chip-and-pin card technology being implemented across the globe versus the magnetic-stripe technology used in the United States.
As a result, U.S. decision makers have to examine instances of card fraud mitigation in the United Kingdom, or the Netherlands, or Brazil, or Canada, and opine on whether these foreign experiences are pertinent to this country. Moreover, while we have seen some results of surveys looking at fraud losses, there is almost no public data with respect to the perhaps more critical factor of the costs of managing fraud.
Is it time to address the issue?
I have heard increasing industry concern about this lack of data, to the point where it may be time to ask how such a limitation can be addressed. My sense is that any voluntary private sector effort will continue to be snubbed by respondents who have neither the time nor the inclination to share data that they fear may be made public at the individual respondent level. Additionally, entities that could conduct such work are not positioned to address fraud across all channels, but are likely to focus on a single channel, such as check or credit card.
Perhaps it is time for the government or collective industry groups to address this shortcoming and organize an effort to design and support an approach to collecting statistically accurate, cross-channel payments fraud data to be publically shared. Metrics stemming from a data-gathering initiative could go a long way toward helping a troubled industry wrestle with the business case behind more aggressive fraud-management efforts.
By Rich Oliver, executive vice president of the Atlanta Fed and director of the Retail Payments Risk Forum
TrackBack URL for this entry:
Listed below are links to blogs that reference The dilemma of measuring fraud in the U.S. payments system:
- EMV Comments That Make Me Cringe
- Taking a Quantum Leap into Payment Security
- Looming Questions with the Rollout of NACHA's Mandated Same-Day ACH Rules Change
- AdmiNISTering Passwords: New Conventional Wisdom
- Mobile Banking and Payments—What's Changed?
- Risk Mitigation Isn't Just for Banks
- The Simple Consider Three but Four is the Key
- As with Nuclear Disarmament, So with ACH: Trust, but Verify
- The Personal Cost of Fraud
- When Fraud Hits Home: Questioning Today’s Authentication Methods
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud