About


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Take On Payments

March 19, 2018


Mobile Banking and Payments' Weakest Link: Me

What's the biggest hole in mobile banking security? As my colleague Dave Lott reported in January, bankers say it's consumers' lack of protective behavior when using mobile devices. That means you and me.

In response, financial institutions (FI) have implemented controls including inactivity timeouts and multifactor authentication, as noted in Mobile Banking and Payment Practices of U.S. Financial Institutions, which reported the findings of a 2016 Federal Reserve survey.

Baking these controls into mobile apps makes sense because research on consumer behavior suggests that expecting consumers to independently take steps to protect their accounts and data is not realistic. Take as one example: I co-wrote a paper with Joanna Stavins for the Boston Fed reporting the results of our investigation into consumers' responses to the massive Target data breach. We found that while consumers do react to reports of fraud, their reactions can be short-lived. In addition, consumers' opinions may change, but their behavior may not. In other words, considerations aside from security could take priority. (See also a report on the 2012 South Carolina Department of Revenue breach.)

Debit and credit card data for 40 million cards used in Target stores were stolen in late 2013. The breach was widely reported in the news media and caused many financial institutions to reissue cards. Because it was primarily a debit card breach, one might reasonably expect consumers to take a jaundiced view of debit cards after the breach.

And, indeed, that was the case. The Survey of Consumer Payment Choice was in the field at the time of the Target breach. Some consumers answered questions about the security of debit cards before the breach became public. Others answered after.

Consumers who rated card security after the breach rated debit cards more poorly relative to the average rating of the other payment instruments—cash, paper checks, ACH methods, prepaid cards, and credit cards. So in that sense, they reacted to the news.

One year later, consumers in 2014 rated the security of debit cards more poorly both relative to their ratings of other payment instruments and absolutely (that is, a greater percentage of consumers rated debit cards as risky or very risky). In contrast, compared to 2013, the absolute security ratings of cash improved. There was no change in the security ratings of credit cards.

The more important question: Did consumers change their behavior in response to this massive and widely reported data breach? The answer: not according to this survey data. There was no statistically significant change in consumers' method of payment mix in 2014. Debit cards remained the most popular payment instrument among consumers in 2014, accounting for almost one-third of their payments per month.

What does this mean for financial institutions? Realism about my willingness to take action is well placed. You can't count on me.

Photo of Claire Greene By Claire Greene, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

March 19, 2018 in account takeovers, banks and banking, cards, debit cards, identity theft, mobile banking, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 12, 2018


Webinars Discuss Mobile Banking and Payments Survey Results

Earlier this year, I wrote a post highlighting some of the Mobile Banking and Payments Survey results that were consolidated from the seven Federal Reserve districts that conducted the survey: Atlanta, Boston, Cleveland, Dallas, Kansas City, Minneapolis, and Richmond. The 706 responding financial institutions gave us valuable information about their current and planned services as well as security features for their mobile banking and mobile payments products. (You can download a copy of the report from the Boston Fed's website.)

You can get a more detailed review of the survey findings when the Boston Fed's Payment Strategies Group conducts two webinars on March 21 and March 22.

Attendees will learn about:

  • Current developments in mobile financial services
  • Practices, products, and trends related to consumer mobile banking and payment services
  • Financial Institution perspectives on mobile security, concerns, and mitigation tools

There is no charge for the webinars but you must register. To view both webinars, you must register for both. Select a link below, then click the Register button. After you have registered, you will receive a confirmation email with the access information.

REGISTER for Part I: Consumer Mobile Banking, Wednesday, March 21, 2018 at 2 p.m. (EDT)

REGISTER for Part 2: Consumer Mobile Payments, Thursday, March 22, 2018 at 2 p.m. (EDT)

Feel free to share this post with any of your colleagues who may wish to attend. If you have any questions about the webinars, please email elisa.tavilla@bos.frb.org.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

March 12, 2018 in banks and banking, mobile banking, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

February 26, 2018


Explosive News Regarding ATMs

You've probably seen at least one video of a criminal attaching a chain from a truck an ATM to try to pull the ATM out of its mounts. Or maybe you've seen one of someone using a sledgehammer to try to smash an ATM open. Although these types of attacks are destructive, they do not rise to the level of the explosive attacks that have been taking place in Europe, Australia, and South America—and, just recently, in the United States. First reported about 10 years ago in Europe, their frequency has increased dramatically over the last several years.

I learned a bit about these and other ATM dangers at a conference I recently attended in Las Vegas on emerging functionality for ATMs and cash dispensers. One of the most interesting sessions was a presentation on ATM crimes that a U.S. Secret Service agent gave. The agent talked about the two major categories of ATM terminal crimes: logical and physical attacks. Criminals carry out logical attacks using software, skimming devices, or cameras. With software, they aim to gain access to the ATM software or operating system so they can intercept data transmissions or issue commands to dispense currency. With skimming or shimming devices and cameras, they can capture card and PIN data. A recent logical attack "jackpotted" an ATM—that was the first time in the United States that a criminal forced an ATM to dispense all its currency.

Criminals trying to blow up ATMs in Europe have predominately used gas. They pump a combustible gas like oxyacetylene, used in welding, into the ATM enclosure through a drilled hole, currency slot, or other entry point, and then detonate it. This 2015 Bloomberg Businessweek article describes explosive attacks in England in great detail.

Unfortunately, reports indicate that solid explosives such as dynamite, explosive gel, and C4 are becoming more common in Europe and South America. In Brazil, dynamite is the predominant explosive, in part because a large supply of dynamite was stolen from a mining operation. As expected, these attacks are highly destructive, not only to the ATM but also to the surrounding building, which you can see in the photo below (this ATM attack recently took place in Atlanta). Normally these attacks are carried out at ATMs in isolated locations at off-hours. Fortunately, I have not heard of any loss of life or injuries to innocent people from these attacks.

From tweet
Source: WSB-TV

Because the frequency of these attacks is growing, ATM manufacturers and other third parties have developed countermeasures either to detect and thwart the attacks or to reduce the monetary value of a successful attack. For gas attacks, detection sensors installed in the ATM may do several things: trigger an audible—and monitored—alarm, release a gas-suppression system to prevent detonation, open a cover to prevent the gas pressure from building to a level that will detonate, or trigger a currency-staining mechanism that would put an ink stain on the currency in the machine, neutralizing its ability to be used. Additionally, penetration mats may be installed inside the ATM fascia that could detect drilling. Regrettably, attacks with solid explosives are more difficult to mitigate, but the industry has responded with harder enclosures and currency-inking neutralization systems.

We can hope that such attacks will not grow in frequency the United States, but security folks will probably tell us that we are being a bit Pollyannaish. Best be prepared.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

February 26, 2018 in ATM fraud, banks and banking, crime, theft | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

February 12, 2018


If the Password Is Dying, Is the PIN Far Behind?

Back in January, I wrote a post that highlighted the rising incidence of lost-and-stolen card fraud in the United Kingdom. I concluded that the decades-old PIN solution for the card-present environment is now showing signs of weakness. Results of a recent Minneapolis Fed survey of 283 financial institutions offer some validity to my conclusion: the survey found that losses on PIN-based debit increased by 50 percent from 2015 to 2016. In fact, 81 percent of the respondents reported fraud losses from PIN-based debit, compared to only 77 percent for credit cards.

The news wasn't all bad for PIN-based debit. Signature-based debit and credit cards still had more fraud attempts than any other payment instrument. At 63 percent, signature debit fraud actually had a higher increase in fraud losses from 2015 to 2016 than did PIN debit. The PIN is a far superior verification method for card payments, but I'm willing to bet that the PIN, much like the password, has become less effective.

Is this coming at a time when the PIN is about to become more prominent? In late January, the PCI Security Standards Council announced a new security standard for software-based PIN entry, also known as "PIN on glass." This standard specifies the security requirements for accepting a PIN on a mobile point-of-sale device such as a Square card reader.

As an aside, I am a bit surprised by this announcement. Apparently, mobile phones are safe enough for entering PINs, but when someone uses a pay wallet such as Apple Pay or Samsung Pay, the card's PAN, or primary account number, is tokenized for security purposes. I'll save a discussion of this inconsistency for another post.

People have been talking for years now about how the password has passed its prime as a standalone authentication solution. Yet it continues to live, and it's as difficult as ever to mitigate its vulnerabilities. In my opinion, attempts to do so have increased customer friction and had minimal impact. I think the PIN is following a similar path. It creates customer friction (especially for me as I now have different PINs for multiple cards that I struggle to keep straight) and is losing its effectiveness, according to the data I mentioned in the first paragraph. But it appears that, with the PCI's recent announcement, the PIN could become even more prevalent for cardholders. Is it time, in the name of security and customer friction, for us to replace PINs and passwords with more modern authentication technologies such as biometrics?

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

February 12, 2018 in authentication, banks and banking, cards, chip-and-pin, consumer fraud, debit cards, EMV, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

January 22, 2018


Business Email Compromise Is a Growing Threat

In April 2016, I wrote about the work of the FBI’s Internet Crime Center (IC3) and the rise of reported cases of business email compromise (BEC) attempts. BEC involves what looks like a legitimate email from another employee or customer requesting a transfer of funds. Since I wrote that post, BEC attempts—both successful and prevented—have continued to increase dramatically. The latest figures from the IC3 website show that from January 2016 through June 2017, BEC attempts totaled $223 million, with losses at $148 million. BEC scams are also attracting a wider variety of criminals, including individuals, small gangs, and professional groups.

At first, the fraudsters primarily targeted financial institutions and businesses dealing in frequent and large-value transfers, such as law firms handling real estate or trust account transactions. But as fraudsters have proliferated, they've begun targeting companies of all sizes. Last May, the FBI issued another BEC alert, which includes useful descriptions of BEC scenarios based on actual cases.

The BEC attempt is usually not the start of the criminal activity but rather the culmination of an extended effort that began with the criminal hacking a business's financial records. The hack may have occurred when an employee opened an email with a bogus attachment or link that loaded malware on the computer, or when the criminal purchased a user's credentials off the dark web. Once the fraudster has accomplished the intrusion, a period of information gathering begins. The fraudster obtains current accounts payable records, wire transfer transactions, and transfer procedures, and may also comb social media for information that could be useful. Perhaps a targeted company official will be out of town attending a conference, or on vacation and difficult to contact.

BEC attempts generally have the following common elements:

  • It is a funds transfer request.
  • The request is based on a routine event or legitimate transaction.
  • The bank account where the transfer is to be sent is new or has been modified in some way from previous transactions, or the requested method of payment is different.
  • The request often carries a sense of urgency—late fees or breach of a contract are threatened—to encourage bypassing of controls.

To avoid falling into this trap, it is imperative that businesses have strong funds transfer controls that are monitored to ensure compliance. Also, businesses should have a continuing program of internal education (and perhaps testing) for all employees involved in funds transfer requests. The FBI suggests that the best control is to verify transactions through a second, independent means, similar to two-factor authentication.

There are several actions a business can take if it becomes a victim of BEC:

  • Immediately contact the receiving financial institution to see if the funds can be frozen.
  • Notify all relevant employees of the attack—multiple employees are often targeted.
  • Contact the FBI or the Secret Service.
  • Conduct an internal investigation to determine the point of compromise, and then take the necessary corrective action.

Finally, financial institutions with customer education programs should consider providing business customers with materials regarding this threat.

We are interested in hearing from you about your experiences with BEC and preventive practices. Criminals are constantly changing their attack methods and sharing information is a valuable way to help develop best practices.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

January 22, 2018 in banks and banking, data security, fraud, malware | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

January 8, 2018


Consolidated Mobile Banking and Payments Survey Results Published

In earlier posts, we published highlights of the 2016 Mobile Banking and Payments Survey of Financial Institutions in the Sixth District results as well as a supplement showing the results by financial institution (FI) asset size. The survey was designed to determine the level and type of mobile financial services that FIs offered and to find out what plans FIs had to offer new services.

Six other Federal Reserve Banks also conducted the survey in their districts, and we've combined all the data into a single report. Marianne Crowe and Elisa Tavilla of the Boston Fed's Payment Strategies group led the team that consolidated the data. The report—now available on the Boston Fed's website—addresses mobile banking and payment services from the perspective of the FI. The report offers additional value with its inclusion of a large number of small banks and credit unions (under $500 million in assets), a group from which data are often difficult to obtain.

Consolidated-survey-respondents-by-asset-size

The seven districts participating were Atlanta, Boston, Cleveland, Dallas, Kansas City, Minneapolis, and Richmond. A total of 706 FIs responded.

Here are some of the key learnings from survey responses regarding mobile banking:

  • Retail mobile banking offerings are approaching ubiquity across financial institutions in the United States. Eighty-nine percent of respondents currently offer mobile banking services to consumers, and 97 percent plan to offer these services by 2018.
  • By the end of 2018, 77 percent of bank and 47 percent of credit union respondents will be providing mobile banking services to nonconsumers including commercial and small businesses, government agencies, educational entities, and nonprofits. Commercial and small businesses will be the most prevalent.
  • Among FIs offering and tracking business mobile banking adoption, more than half still have adoption rates of less than 5 percent.
  • The most important mobile banking security concern that respondents cited is the consumer's lack of protective behavior. In response, FIs have implemented a range of mitigating controls. To enhance security and help change consumer behavior, more than 80 percent of respondents support inactivity timeouts and multi-factor authentication (MFA) as well as mobile alerts.

And here are some important findings regarding mobile payments:

  • Implementation of mobile payment services is growing as FIs respond to competitive pressure and industry momentum. In addition to the 24 percent already offering mobile payments, 40 percent plan to do so within two years. However, the current offering level fell substantially short of the expected 57 percent predicted by the responses to the 2014 survey.
  • Mobile wallet implementations are increasing steadily, with Apple Pay as the current leader.
  • Enrollment and usage remain low. Eighty-one percent of the respondents had fewer than 5 percent of their customers enrolled and actively using their mobile payment services.
  • Asset size makes a difference in many areas: larger FIs have greater resources to expend on new services, implementations, and security technologies and controls.
  • Banks and credit unions often differ in approaches and strategies for mobile payments.

We will conduct the survey again this year and are eager to see how the mobile banking and payments landscape has changed. If you have any questions about the survey results, please let us know.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

January 8, 2018 in banks and banking, mobile banking, mobile payments, payments study | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

December 11, 2017


Fintechs and the Psychology of Trust

In the 14th century, Chaucer used the word trust to mean "virtual certainty and well-grounded hope." Since then, psychologists have described trust as an essential ingredient for social functioning, which, in turn, affects many economic variables. So how do we define trust in the 21st century, in the age of the internet? In particular, how do fintechs, relative newcomers in the financial services industry and not yet coalesced into an industry, gain the trust of the public? Would they more effectively gain that trust by relying on banks to hold them to certain standards, or by coming together to create their own?

In 2004, social psychologists Hans-Werver Bierhoff and Bernd Vornefeld, in "The Social Psychology of Trust with Applications in the Internet," wrote about trust in relation to technology and systems. They observed that "trust and risk are complementary terms. Risk is generally based on mistrust, whereas trust is associated with less doubts about security." They further explained that trust in technology and systems is based on whether an individual believes the system's security is guaranteed. Psychologically speaking, when companies show customers they care about the security of their information, customers have increased confidence in the company and the overall system. Understanding this provides insight into the development of certification authorities, third-party verification processes, and standardized levels of security.

To understand how fintechs might gain the trust of consumers and the financial industry, it's worth taking a step back, to look at how traditional financial services, before the internet and fintechs, used principles similar to those outlined by Bierhoff and Vornefeld. Take, for example, the following list of efforts the industry has taken to garner trust (this list is by no means comprehensive):

  • FDIC-insured depository institutions must advertise FDIC membership.
  • All financial institutions (FI) must undergo regulator supervision and examination.
  • FIs must get U.S. Patriot Act Certifications from any foreign banks that they maintain a correspondent account with.
  • Organizations with payment card data must comply with the PCI Standards Council's security standards and audit requirements.
  • Organizations processing ACH can have NACHA membership but must follow NACHA Operating Rules and undergo annual audits and risk assessments.
  • The Accredited Standards Committee X9 Financial Industry Standards Inc. has developed international as well as domestic standards for FIs.
  • The International Organization for Standardization has also developed international standards for financial services.
  • The American National Standards Institute provides membership options and develops standards and accreditation for financial services.

FIs have often been an integral part of the standards creation process. To the extent that these standards and requirements also affect fintechs, shouldn't fintechs also have a seat at the table? In addition, regulatory agencies have given us an additional overarching "virtual certainty' that FIs are adhering to the agreed-upon standards. Who will provide that oversight—and virtual certainty—for the fintechs?

The issue of privacy further adds to the confusion surrounding fintechs. The Gramm-Leach-Bliley Act (GLBA) of 1999 requires companies defined under the law as "financial institutions" to ensure the security and confidentiality of customer information. Further, the Federal Trade Commission's (FTC) Safeguards Rule requires FIs to have measures in place to keep customer information secure, and to comply with certain limitations on disclosure of nonpublic personal information. It's not clear that the GLBA's and FTC's definition of "financial institution" includes fintechs.

So, how will new entrants to financial services build trust? Will fintechs adopt the same standards, certifications, and verifications so they can influence assessments of risk versus security? What oversight will provide overarching virtual certainty that new systems are secure? And in the case of privacy, will fintechs identify themselves as FIs under the law? Or will it be up to a fintech's partnering financial institution to supervise compliance? As fintechs continue to blaze new trails, we will need clear directives as to which existing trust guarantees (certifications, verifications, and standards) apply to them and who will enforce those expectations.

As Bierhoff and Vornefeld conclude, "it is an empirical question how the balance between trust and distrust relates to successful use of the Internet." Although Chaucer was born a little too soon for internet access, he might agree.

Photo of Jessica Washington  By Jessica Washington, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

 

December 11, 2017 in banks and banking, financial services, innovation, mobile banking | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

December 4, 2017


What Will the Fintech Regulatory Environment Look Like in 2018?

As we prepare to put a bow on 2017 and begin to look forward to 2018, I can’t help but observe that fintech was one of the bigger topics in the banking and payments communities this year. (Be sure to sign up for our December 14 Talk About Payments webinar to see if fintech made our top 10 newsworthy list for 2017.) Many industry observers would likely agree that it will continue to garner a lot of attention in the upcoming year, as financial institutions (FI) will continue to partner with fintech companies to deliver client-friendly solutions.

No doubt, fintech solutions are making our daily lives easier, whether they are helping us deposit a check with our mobile phones or activating fund transfers with a voice command in a mobile banking application. But at what cost to consumers? To date, the direct costs, such as fees, have been minimal. However, are there hidden costs such as the loss of data privacy that could potentially have negative consequences for not only consumers but also FIs? And what, from a regulatory perspective, is being done to mitigate these potential negative consequences?

Early in the year, there was a splash in the regulatory environment for fintechs. The Office of the Comptroller of the Currency (OCC) began offering limited-purpose bank charters to fintech companies. This charter became the subject of heated debates and discussions—and even lawsuits, by the Conference of State Bank Supervisors and the New York Department of Financial Services. To date, the OCC has not formally begun accepting applications for this charter.

So where will the fintech regulatory environment take us in 2018?

Will it continue to be up to the FIs to perform due diligence on fintech companies, much as they do for third-party service providers? Will regulatory agencies offer FIs additional guidance or due diligence frameworks for fintechs, over and above what they do for traditional third-party service providers? Will one of the regulatory agencies decide that the role of fintech companies in financial services is becoming so important that the companies should be subject to examinations like financial institutions get? Finally, will U.S. regulatory agencies create sandboxes to allow fintechs and FIs to launch products on a limited scale, such as has taken place in the United Kingdom and Australia?

The Risk Forum will continue to closely monitor the fintech industry in 2018. We would enjoy hearing from our readers about how they see the regulatory environment for fintechs evolving.

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

 

December 4, 2017 in banks and banking, financial services, innovation, mobile banking, regulations, regulators, third-party service provider | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

November 20, 2017


Webinar: Key Payment Events in 2017

This year has been an exciting one for the payments industry. Topics such as block chain and distributed ledger, card-not-present fraud, and chip-card migration continued to be in the news, and new subjects such as behavioral biometrics and machine learning/artificial intelligence made their way into the spotlight.

In the past, the Retail Payments Risk Forum team has coauthored a year-end post identifying what they believed to have been the major payment events of the year. This year, we are doing something a little bit different and hope you will like the change. Taking advantage of our new webinar series, Talk About Payments, the RPRF team will be sharing our perspectives through a round table discussion in a live webinar. We encourage financial institutions, retailers, payments processors, law enforcement, academia, and other payments system stakeholders to participate in this webinar. Participants will be able to submit questions during the webinar.

The webinar will be held on Thursday, December 14, from 1 to 2 p.m. (ET). Participation in the webinar is complimentary, but you must register in advance. To register, click on the TAP webinar link. After you complete your registration, you will receive a confirmation email with all the log-in and toll-free call-in information. A recording of the webinar will be available to all registered participants in various formats within a couple of weeks.

We look forward to you joining us on December 14 and sharing your perspectives on the major payment events that took place in 2017.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

November 20, 2017 in banks and banking, biometrics, emerging payments, EMV, innovation | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

November 13, 2017


The Future of Wearables

My wife and I took our children to a Florida theme park for their recent fall break. While I would love to spend the next few paragraphs opining on why I think our school calendar is crazy or giving a review of the most phenomenal ride that I have ever experienced, it doesn't really fit the mission or purpose of Take On Payments. Fortunately, the trip did provide some fodder and thought for a blog post, thanks to a much-discussed and written-about wearable NFC—or near-field-communication—device that the theme park offers.

These bands were introduced in 2013 to create an awesome customer experience. This experience is much bigger than a payment platform and has absolutely nothing to do with a rewards program around which so many mobile wallet and payment applications are being developed. The band's functionality certainly includes payments, but the device also replaces room keys, park entry cards, and ride-specific tickets known as fast passes. As an additional feature, it is waterproof, which proves handy for a trip to the water park. I was able to spend the week without ever having anything in my pockets (yes, I even left my phone in the room). My wife commented how fantastic it would be to take the NFC band experience outside of the park because it was just so easy and convenient.

Ease and convenience–isn't that what a lot of us are after? If you have to give me something to get me to open an application and tap my phone in place of a payment card, is that really providing ease and convenience? I am now 100 percent convinced that rewards programs aren't going to drive mobile commerce to any significant degree. Experiences that provide ease and convenience will drive mobile commerce. Hello, mobile order-ahead. Hello, grocery delivery. And hello, wearable of the future.

It isn't hard to imagine a wearable device, like an open-loop band, transforming our lives. After my theme park experience, I long for the day when a wearable will be the key to my vehicle—which I won't have to drive, either—and to my house, my communication device, and my payment device (or wallet). Of course, we'll have to consider the security issues. Even the bands incorporate PINs and fingerprint biometrics in some cases to ensure that the legitimate customer is the one wearing the band.

Is this day really so far-fetched? I can already order a pizza through a connected speaker, initiate a call from the driver's seat of my car without touching my phone, or tap my phone to pay for a hamburger. The more I think about these possibilities, I have to ask myself, is it crazy to question whether or not using mobile phones for payments just might become obsolete before long? Or maybe mobile phones will provide that band functionality?

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

 

November 13, 2017 in banks and banking, innovation | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

Google Search



Recent Posts


Archives


Categories


Powered by TypePad