Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
July 25, 2016
Cash: Reports of Its Pending Death are Greatly Exaggerated
I usually chuckle when I read an article forecasting the impending elimination of cash from the U.S. payments system. It seems the frequency of these articles is steadily increasing, and I wonder why. What do these people have against cash? Yes, I can somewhat understand the argument about trying to abolish the penny when it costs more to produce it (1.7 cents) than its face value. Canada, New Zealand and Australia have done so, and their citizens' lives don't seem too dramatically altered.
There is no question that consumers continue to embrace card-based payments as an alternative to cash and checks, none more so than the millennials. Critics of cash portray it as a payment method with a number of negatives including harm to personal safety (robbery) and its being expensive to acquire or process. Yet research by the Federal Reserve through its 2013 Consumer Payment Choice Survey project shows that 89 percent of the population continues to have at least some cash, and the number of currency notes that the public holds continues to grow. Additionally, while prepaid cards have made an impact on the un- and under-banked, cash is still an essential form of payment for them.
But as the 1964 Bob Dylan song goes, "the times they are a-changin'." The survey demonstrated the potential increasing influence on the future of cash that millennials might have, as more than 60 percent of those surveyed as "cash-adverse" (they never hold or spend cash) fall into the millennial age range. But will this behavior persist as they grow older and build their financial resources? The survey results provided some conflicting data for this group that hopefully will be resolved in the next survey to be conducted in the fall. For example, while they claim to not hold or use cash, nearly one-fourth indicated that cash was their preferred payment method.
The anonymous nature of cash is often cited by governmental and law enforcement officials as a reason for using it for illegal business transactions or tax avoidance. But perhaps most importantly, cash has almost universal acceptance and, in times of natural disasters, may be the only payment method that can be used for the purchase of goods and services. The reality is that cash is the payment method used by two-thirds of consumers for transactions under $10. While vending machines and parking meters are being enhanced to accept card and mobile payments, and the prepaid gift card has eliminated a lot of $20 bills in birthday cards, it's extremely difficult for me to consider a world without cash. And I believe history is on my side. Although many new payment methods have been introduced, I don't know of any that have been eliminated over the last two hundred years. So I take reassurance as I open my physical wallet and there among my various debit and credit cards, my $23 in cash sits waiting to be spent. I suspect that cash will continue to exist for centuries after my own obituary has been written.
By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
July 18, 2016
The 411 on Banning the RCC
Are you proficient in recognizing phone scams? One that I've frequently experienced is when the caller tells me I've won a cruise and all I have to do is pay the taxes. To help combat phone fraud, the Federal Trade Commission (FTC) amended the Telemarketing Sales Rule. Part of the amendment prohibits payment types commonly used in deceptive and abusive telemarketing practices. Effective June 13, 2016, telemarketers can't ask for payment by cash-to-cash money transfers, PINs from cash reload cards, or bank account information, which would allow them to create a remotely created check (RCC). Fraudsters prefer RCCs because reversals are more difficult, notes the FTC. In particular, RCCs sail quickly through the clearing and settlement process making for easy collection by fraudsters and clunky adjustment processes for financial institutions.
Financial institutions (FIs) are the gatekeepers to payment systems and, with the amendment to the rule, have a new risk for what their customers do. FIs have always had the compliance risk of understanding their customer's business. As an FI, how would you know if you had a telemarketing customer already on board or one attempting to apply today? Further, how would you know if a current customer is accepting payment via RCC, since RCCs look like traditional checks? If you have third-party processors as customers, these questions become more difficult. Then, the risk is to identify if your customer's customer is a telemarketer processing banned payments through your bank.
Most agreements between FIs and business customers typically include a clause binding their customers to process payments in compliance with applicable laws of the United States. What additional steps should FIs take to manage the risks that apply to different industries and different payment types?
There are limited ways to identify RCCs because such items are cleared like traditional checks. Effective November 2015, the standards for the MICR (magnetic ink character recognition) line were changed to include a "6" in a certain position in the line to indicate an RCC. This is a standard and not a requirement. But if the 6 is used, that is one way to identify an RCC. If the standard is not used, nothing uniquely identifies an item as an RCC unless one examines the signature block on the check, since RCCs have no signature. An FI or a processor may not have the ability to look at every item included in every deposit, but could have random testing in place to attempt to identify the illegal use of RCCs.
Another indicator of deceptive practices by a business customer is anomalies in return rates. A large number of adjustments may signal that abuses are taking place. An RCC is often confused with an ACH entry and some telemarketers may convert their RCCs to ACH to spread out alarming return rates.
It will be all hands on deck to stop abusive RCC practices, but the FTC has charted the course with its new rulemaking.
By Jessica J. Trundley, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
July 11, 2016
Surviving the Emerging Payments Providers
Predictions abound that emerging companies will dominate the remittance and person-to-person (P2P) payments space and financial institutions will be relegated to being a bystander. While I am not sold on their eventual dominance, I do think that emerging companies are creating positive changes. These changes have included new business models for financial institutions and traditional remittance providers who are able to offer their existing and prospective customers new, efficient payment choices. And as recently released financial and transaction figures show, some traditional players embracing change are poised to remain in their leadership positions.
I recently saw a speaker who said that one particular emerging digital remittance provider is the largest digital remittance business in the United States. However, I think the honor of the largest digital remittance transfer provider goes to a long-term remittance incumbent, Western Union. Though payments volume data are not available, revenue data do provide us with some insight into the size of these providers. According to Western Union's 2015 annual report, its digital money transfer services generated $274 million in revenues in 2015. As a point of comparison, three emerging companies (Xoom, Worldremit, and TransferWise) had combined revenues of $230 million. Though Western Union's online service represents only 6.3 percent of its consumer-to-consumer revenues, the segment grew by 26 percent in 2015.
In June, Chase announced changes to its digital P2P solution that will allow Chase customers to send and receive money in real time through ClearXchange with customers of Bank of America, U.S. Bank, and several other financial institutions. Chase's digital P2P solution has been a feature on the Chase mobile application and online banking website for several years now and was used in 2015 to send $20 billion in P2P payments. As a point of reference, the wildly popular emerging mobile and online P2P provider, Venmo, reported $1 billion in transfers during the month of January, up 250 percent from the prior January. With the additional reach of ClearXchange participants, Chase customers will now be able to digitally send and receive payments to 65 percent of the digital banking population in the United States, placing it in a position to experience significant growth to its digital solution.
With both remittances and P2P payments, online and mobile channels are seizing share from traditional channels. Even though the in-person agent model in remittances and P2P payments via cash and checks will remain a viable solution for many consumers, today's growth is being driven by digital models.
No doubt emerging players are threatening traditional companies for remittance and P2P dollars. However, financial institutions and established money transmitters are evolving, and based on the numbers, remain valuable payments providers. Given this environment, financial institutions and traditional remittance providers that don't evolve to embrace the digital remittance and P2P economy are at serious risk of losing share. And the threat isn't just coming from emerging companies. In fact, you can call me a traditionalist, but I think evolving traditional financial institutions and remittance providers are positioning themselves to remain the dominant providers of P2P and remittance payments.
By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
June 27, 2016
Between a Rock and a Hard Place?
Customer education encouraging safe payments practices has always been viewed by staff at the Retail Payments Risk Forum as a vital element in mitigating payments-related fraud. We have stressed this need time and time again in our posts as well as our numerous speaking engagements at payments-related conferences and events.
Financial institutions (FIs) have generally been identified as the group that should bear this responsibility as they own the account relationship, but with more intermediaries in the payments process, I think that others should also be involved. The advent of mobile banking and payments has introduced even more challenges since the financial institution doesn't get involved in the acquisition of the mobile device as that is normally handled by the mobile network sales representatives. My personal experience with these sales representatives is that once the device sale is done, they are more interested in selling me accessories or upgrading my data plan than they are teaching me about selecting and setting strong passwords or preventing malware and viruses from finding their way into my phone.
When I raise this issue with others, all too often I hear a pessimistic chorus that getting consumers to adopt strong security practices will always be a losing battle for FIs. They say that consumers will always choose convenience over security—that is, until they fall victim to fraud. And forget about any other player in the ecosystem taking on the education responsibility because if they have no liability for fraud losses, why direct funds to education when they could be deployed elsewhere?
The impact of fraud on a consumer's relationship with his or her financial institution has never been greater. We read every day about the increasing economic importance of the Gen Y or millennial segment. With an estimated 80 million people, they represent the largest segment of our country's bankable population. A late 2015 study by FICO on millennial banking habits revealed that 29 percent of respondents indicated that they would close all their accounts with a financial institution if one of those accounts experienced fraud. To make matters worse, one quarter of the survey participants indicated they would write a negative post on social media about their financial institution if they experienced a fraud incident.
So are financial institutions in a no-win situation? A ray of hope emerges from the same FICO study, which states that 41 percent of the millennials surveyed indicated that they recommended their FI to friends, colleagues, or family members after a positively handled fraud incident. Studies have consistently shown that payment security is a key concern of all customers, not just millennials. So although it may not seem fair that financial institutions have to shoulder most of the security education effort, the impact of not doing so could be significant. Perhaps it is time for a coordinated payments industry campaign to encourage consumers to adopt safer and more secure banking practices.
By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
- Cash: Reports of Its Pending Death are Greatly Exaggerated
- The 411 on Banning the RCC
- Surviving the Emerging Payments Providers
- Between a Rock and a Hard Place?
- There's an App for That!
- What Is GPR Feeding On? Part 2 of 2
- Mobile Security and Privacy
- What Is GPR Feeding On? Part 1 of 2
- What Would Happen If the Lights Went Out for a Long, Long Time?
- Improving Customer Authentication: Is the PIN Past Its Prime?
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud