Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
August 29, 2011
Seeing what dimly lies in the distance: Parting thoughts on addressing payments system risk
As this post for Portals and Rails runs, it is likely that my concerns about fraud may be starting to center on whether the manufacturer's claims about the bass lure I am using are fraudulent. I guess that's a way of saying that on August 31, I will officially retire after 38 years with the Federal Reserve, an extraordinary organization faced with extraordinary challenges across the three legs of its mission responsibilities: monetary policy, bank supervision and regulation, and payments services. I have been blessed to have had so many challenging and diverse experiences through the years, including the last two years directing the fascinating work of the Retail Payments Risk Forum. Learning about the risks in our payments system, marveling at the entrepreneurship of those who want to exploit its weaknesses to commit fraudulent activity, and working with the industry to try to find ways to mitigate those risks has been both interesting and exhilarating.
Clearly such work is never done and the constant arms race to stay ahead of the bad guys in a technology-centric payments world is not likely to abate. My hope is that those who read this column continue to support the work of the Forum, its outstanding staff, and its new leader. But even more importantly, my hope is that the industry continues to make progress in collaboratively addressing the needs of our payments system in difficult times when investment dollars are scarce and tough choices must be made. At the risk of waxing philosophic, it is with all this in mind that I leave the following thoughts for others to consider and hopefully run with.
First, as an industry, we need to push our leaders to understand that the paradigms of success today are not those that served us well 10 years ago. The payments system is now a global infrastructure, and purely domestic solutions to managing fraud will not work. Business models for success changed with the advent of the Internet and they will change again with the evolution of mobile technology. A corporation's worst nightmare may be riding a train in Eastern Europe while simultaneously cleaning out a bank account in the United States. This means that it will inevitably be harder to implement solutions, but imminently necessary to extract ourselves from domestic thinking while building partnerships across the globe.
Second, standards are the key to long-term progress in such an environment. Certainty about what standards frees markets to invest in developing solutions to payments problems in a competitive environment that encourages escalating performance. Hence, we must give a lot of attention to doing the work in the basement rooms where standards folks work. While I suppose that revenue opportunities may abound for the entity that owns the standards, companies that are able to depend on standards to deliver risk management systems and products greatly reduce their cost of development and ongoing operations.
Third, it would be useful to clarify the roles of the many government (and sometimes private sector) groups that must engage in the business of protecting our payments system. The Forum and colleagues from the Boston Fed have been engaged in an ongoing effort with mobile payments that has demonstrated to us that nobody wants this clarity more than a frequently confused marketplace. While they long for integrated operations, integrated law, and integrated technology, it is integrated oversight that would help clarify who is responsible for what, encourage collaboration and sharing, and expose gaps in coverage that bad actors can exploit.
Fourth, in recent industry meetings I have heard payments professionals lament that a big part of our problem is that customers—both consumers and businesses—are not well educated in how to protect themselves against fraud. The discussion concerning who should be responsible for providing the education, however, resembles a group of folks juggling a hot potato. My suggestion is that financial institutions (individually or collectively through their trade associations) are the one party that touches both user groups and that stepping up and assuming the leadership role in payments education would not only be a great service but might actually be an endearing customer relationship and retention strategy.
Finally, as an industry we seem to be struggling to establish a vision for the future. On a wall at a recent meeting room, I read a quote by Thomas Carlyle that said, "Our main business is not to see what dimly lies at a distance, but to do what lies clearly at hand." Carlyle (who is credited with calling economics the "dismal science") may have had a point when he wrote this in the mid-19th century, but today the future comes at us so fast, it seems to me that we have to constantly keep our eye on what lies vaguely in the distance and create a vision for the future that embraces the possibilities. Said differently, it may be useful to create a vision for how we will collectively address future risks in the payments system even as we deploy new technology, rather than focusing on how to defeat the threats we already know.
With that, I wish our readership all the best and trust that perhaps our paths may cross again.
By Rich Oliver, executive vice president of the Atlanta Fed and director of the Retail Payments Risk Forum
TrackBack URL for this entry:
Listed below are links to blogs that reference Seeing what dimly lies in the distance: Parting thoughts on addressing payments system risk:
- EMV Comments That Make Me Cringe
- Taking a Quantum Leap into Payment Security
- Looming Questions with the Rollout of NACHA's Mandated Same-Day ACH Rules Change
- AdmiNISTering Passwords: New Conventional Wisdom
- Mobile Banking and Payments—What's Changed?
- Risk Mitigation Isn't Just for Banks
- The Simple Consider Three but Four is the Key
- As with Nuclear Disarmament, So with ACH: Trust, but Verify
- The Personal Cost of Fraud
- When Fraud Hits Home: Questioning Today’s Authentication Methods
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud