Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
August 24, 2015
Payroll Cards at Interstate Speed
State lines happen fast in New England, which is where I call home. In this part of the country, it's not uncommon for people living in one state to commute for employment to a neighboring state. One could pay property tax enjoying the motto "Live free or die" (New Hampshire) while paying income tax to the Bay State (Massachusetts). Employees may not take much notice of state employment law, but employers almost certainly do. I'm thinking that minimum wage, tax rates, and corporation law would be key factors for an employer to consider, but do payroll card laws also fit into the evaluation?
Payroll cards are prepaid cards onto which an employer loads wages. They offer an alternative to paychecks or direct deposits, and are subject to a different sort of regulation. Outside of a federal law prohibiting an employer from mandating the exclusive use of a payroll card, states are generally free to develop their own legislation governing payroll cards. In Maine, for example, employers can offer payroll cards if they give their employees free access to full pay. Connecticut goes one step further, requiring employers to provide certain disclosures and prohibiting overdrafts and certain fees. Massachusetts does not have any law for or against payroll cards. Somewhere in the middle is Vermont, which allows payroll cards with certain disclosures as long as employees receive three free transactions monthly. Proposed New York legislation would go so far as to require employees to sign a written consent form—printed with a large, 12-point font—to be retained for six years following the cessation of the employment relationship.
And that's only in my home of New England. Out of 50 possibilities, I've mentioned only fragments of only five state laws. Outside of this area, payroll-card-related legislation is being introduced or pending in 12 states.
Regulation E has covered payroll cards since 2006. Regulation E includes (i) protection to employees so they do not have to receive wages via electronic funds transfers with a particular institution; (ii) access to statements, balances, and transaction histories; (iii) clear and conspicuous disclosures; and (iv) error resolution and limited liability. In January 2016, we expect the final version of the Consumer Financial Protection Bureau's Rule on Prepaid to be published.
Because payroll cards are already covered under Regulation E, only two significant issues are applicable in the pending rule. First, credit and overdraft services, while not prohibited, will be subject to compulsory use provisions and Regulation Z's definitions of credit and periodic statement requirements. Second, disclosures will carry a bold print warning, "You do not have to accept this payroll card. Ask your employer about other ways to get your wages."
What federal regulation doesn't touch is the type and amount of fees assessed on payroll cards. Regulation E provides only that fees are disclosed. Certain industry stakeholders such as National Branded Prepaid Card Association, Consumer Action, MasterCard, and the Center for Financial Services Innovation have worked to develop industry standards. Simply speaking, most agree that cardholders should have access to full wages each pay period without cost and that they should be able to perform basic functions without incurring unreasonable fees.
Best practices give the industry the ability to fill gaps and stay nimble to changing technology, fraud schemes, and consumer needs. The CFPB even says in their proposed rules, "Employees may not always be aware of the ways in which they may receive their wages, because States may have differing and evolving requirements." Does state-by-state regulation ultimately fill the gaps needed, especially in a system that crosses state lines so often?
And in case you didn't know it, National Payroll Card Week starts September 7, a day that also happens to be Labor Day.
By Jessica J. Trundley, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
August 17, 2015
Pigskin and Payments
For those who know me well, they know that I find August to be the slowest-moving month of the year. It's not because of the oppressive southern heat and humidity, but rather it's my anticipation for football season. To help speed along the "dog days of summer," I generally read my fair share of prognostication publications. Alongside the predictions, improving player safety has become a key discussion topic as the season approaches.
Armed with data showing an increase in injuries as well as long-term negative effects from playing the sport, football's governing bodies on both the collegiate and professional levels are instituting rule changes to make the game safer. Equipment manufacturers are introducing new gear to improve safety and individual teams are adding new experts to their medical staffs all in the name of player safety.
Ironically, while there is a focus on improving player safety, football players continue to get stronger and faster aided by advancements in nutrition and workout regimes. As player strength and speed improves, this contact sport becomes more vicious and dangerous. And as a fan, I'll admit that I find watching a game featuring stronger and faster players more exciting. I do not want to see players injured, but at the same time I enjoy the excitement that comes with hard tackles and big hits.
Does this state of football sound at all like the current state of the U.S. payments industry? To make payments safer, public and private entities are leading literally hundreds of initiatives across various payments rails. Network rule changes are taking place and new technologies are being harnessed all in an effort to better secure payments. At the same time, start-ups, established payment companies, payment associations, and the Federal Reserve are collaborating to improve the speed of payments.
It's hard not to get excited about the possibilities of faster payments, from important just-in-time supplier payments to simple repayments for borrowing money from a friend or family member. However, can securing payments better derail the speed of payments? By way of example and personal experience, my more secure EMV (chip) credit card has clearly reduced the speed at the point-of-sale for my card payment transactions.
But just as player strength and speed has evolved alongside safety through rule-making and technology (think about leather football helmets here), I think we have seen the same progression within the payments industry. I think football remains as exciting as ever, and the payments expert in me is clearly excited about the future of payments.
Speed and safety are not to be viewed as mutually exclusive, and I am confident that the payments industry supports this view. In both football and payments, elements of risk will exist, regardless of safety measures in place. Finding the right balance between speed and safety should be the goal in order to maintain an exciting football game or efficient payments system. I can't wait to see what lies ahead on the gridiron and within the payments industry.
By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
August 10, 2015
Payments at the Speed of Electricity--What Could Go Wrong?
From mobile phones to the Internet—it's hard to think of many of today's great inventions that aren't beholden to the wonder of electricity and the pace at which it can facilitate the management and movement of data. Electricity has underpinned numerous payment advances already. Now, harnessed current promises to help us build a payments scheme that will make it possible to pay (and be paid) almost as fast as one can conceive of the need. That happy thought might cause us to forget this otherwise widely known truth: electricity is just as efficient in yielding a bad outcome as it is in bringing about a good one.
Those who have begun work to design a faster payment scheme will obviously be thoughtful about everything, from functional design and basic operation to ongoing management of the new system. Giving due consideration to what could go wrong may not be the most glamorous task, but it's necessary.
One way to identify potential problems is to reflect on lessons from the past. Look at the photograph below and see if you know what's depicted.
Source: Wikimedia Commons
If you guessed the photo shows a bank run, congratulations. As most of us know, rapid, heavy cash withdrawals constitute a bank run and can be caused by a variety of things, including diminished confidence in a bank, in the banking system broadly, or the local economy, among other things.
Back to faster payments. A faster payment platform offers many upsides, but for all its promise, it could also offer the unexpected, the unintended. Circa 1929, when the picture was taken, making a run on a bank meant standing in line and waiting for a teller to retrieve your money. Circa 2015, even with ATMs and other improvements, bank runs still have some natural choke points, including weekends, when customers know with certainty that their bank is closed for at least one day, and limits on ATM withdrawal amounts in a 24-hour period. A fast, 24/7, universally accessible system could offer depositors a way to drain cash reserves like never before.
What to do? Setting aside broader systemic actions, it seems reasonable that individual banks consider measures to guard against this possibility. To deal with runs in the "old days," withdrawals were limited or even fully suspended for a time. These mitigations could be efficiently, readily mimicked and become part of the new system's basic construct. Automated tools capping withdrawal amounts might be in order. Logic in the core platform that considers the full range of activity across institutions and accounts and that allows for automated or manual controls (or a combination of these) may also make sense. Tailored rules could prove worthwhile.
The considerations should be fulsome—across not just this, but a range of issues—among those who may design, build, and operate the system and also those who may use it. Meanwhile, here's to anticipating a new system that moves money as fast as electricity allows, insulated from shocks.
By Julius Weyman, vice president, Retail Payments Risk Forum at the Atlanta Fed
August 03, 2015
Friendly Fraud: Nothing to Smile About (Part 2)
Last week's post discussed the increasing frequency of friendly fraud and the problems it presents for e-commerce merchants. A transaction that could be classified as friendly fraud might actually be one the customer just forget about, or one involving a family member using the customer's card without permission, or one with the customer actually not receiving the goods. So the merchant really can't just assume the customer is out to commit fraud and take an aggressive approach in dealing with the customer. The merchant would probably then have lost the customer's business altogether. But with the burden of proof on the merchant, the merchant must adopt a number of best practices to help minimize losses.
A company that works with merchants to both prevent chargeback disputes and respond to them has published a detailed guide (the site requires e-mail registration for access to the guide) to help merchants deal with friendly fraud. The following list includes some of the guide's best practices:
- Promote a clear and fair refund policy that encourages customers to contact the merchant directly instead of the card issuer.
- Make sure that the name of the business is on all billing statements—clearly, to avoid confusion.
- Ensure that the customer communication channels—such as a call center or e-mail—are accessible.
- Be responsive to customer inquiries.
- Clearly communicate shipping charges and delivery timeframes to avoid misunderstandings about the total cost or delivery date of orders.
- Always obtain the card security code and use address validation services. For larger-value purchases, consider the use of delivery confirmation and other validation services.
- With digital goods or services, consider using a secondary verification tool—an activation code or purchase confirmation page—to ascertain that the customer received the goods.
- When there is a chargeback, make every effort to contact the customer directly to attempt to resolve the matter. While the contact may not resolve this particular situation, it may offer a lesson that might help prevent future chargebacks from other customers.
- Keep a database of customers who initiate chargebacks that appear fraudulent. Research shows that customers who deliberately defraud merchants and succeed at it are very likely to do it again.
As with all efforts to fight payments fraud, merchants must study their own customer base. They should identify their particular risks and then employ the practices that will help them best mitigate their fraud losses.
By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
- Payroll Cards at Interstate Speed
- Pigskin and Payments
- Payments at the Speed of Electricity--What Could Go Wrong?
- Friendly Fraud: Nothing to Smile About (Part 2)
- Friendly Fraud: Nothing to Smile About (Part 1)
- Unsafe at Any Speed?
- Biometrics and Privacy, or Locking Down the Super-Secret Control Room
- Growing, Growing, Gone!
- The More Things Change, the More They Stay the Same
- The Current Tokenization Landscape in the United States
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud