About


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Take On Payments

January 23, 2017


Mobile Banking and Payments Survey Results

In the fall of 2016, the Atlanta Fed and six other Federal Reserve Banks asked financial institutions (FI) in their districts to participate in a survey to determine the level and type of mobile financial services they were currently offering or planning to offer. The Atlanta Fed conducted a similar survey in the district in 2014.

Financial institutions completed 117 surveys; they represent FIs of all sizes and types operating in the district (see chart below). The response rate of 8 percent should provide financial institutions with good directional information when comparing their own mobile banking and payments strategy. You can find the full report here. The Federal Reserve Bank of Boston will be preparing a consolidated report for all seven districts later this year.

Chart-one

Key learnings from the responses to this survey include:

  • Mobile banking has become a standard service of financial institutions, with 98 percent indicating they currently or plan to offer mobile banking.
  • Competitive pressure and the retention of existing customers are the primary reasons for offering mobile banking.
  • Consistent with the 2014 survey and numerous other mobile research reports, FIs cite security concerns by consumers as the greatest barrier to mobile banking adoption.
  • FIs identify biometric methodologies as the security tool most likely to be used in their program.
  • Over half (59 percent) currently or plan to support at least one mobile wallet. Their primary reason for offering the service was competitive pressure as mobile payments appear to be gaining traction among some consumers.
  • Most of the survey respondents have a long-term outlook (three years or more) for mobile payments to reach a customer participation level of 50 percent.

Supplemental results breaking the data into the six asset-size segments will be made available in early February. If you have any questions about the survey results, please let us know.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

January 23, 2017 in banks and banking, biometrics, mobile banking | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

November 7, 2016


The Downside of a Wide Paintbrush

Fall is the time of the year that I normally do my exterior home painting and touchup. During the summer, I noticed that my deck and stair metal support poles were a bit dull and had some rust spots, so that was to be my project. The poles have a 4-inch diameter, so I was in a bit of a quandary over the best width paintbrush to use—a 2-inch or a 4-inch. The 4-inch brush would provide faster coverage so my football-game-watching time wouldn't be compromised, but the 2-inch brush would give me greater control and reduce drips and splatters. I went with the expedient choice, and it turned out to be a mistake, as my coverage was uneven with plenty of drips and splatters.

I mention this story because I recently appeared at the National ATM Council's (NAC) annual conference. NAC is an industry trade organization representing nonfinancial-institution ATM owners/operators in the United States. I was asked to speak primarily about the Fed's research into the use of cash as well as the current chip card and terminal deployment status. After my presentation and in the subsequent days of the conference, I was approached by a number of owners/operators telling me that their banks had recently terminated their longstanding relationships; they were deemed to be "high risk" since they were in the currency business. Many were scrambling to establish new banking relationships and wondering why this was happening.

Being an old ATM guy, I was a bit surprised hearing about this action due to the built-in controls on ATM currency settlement and reconciliation that severely limit the ability for an ATM owner/operator to launder money through an ATM. It would be very easy for the bank to spot an imbalance if the money being replenished far exceeded the currency paid out by the ATM. There is still the concern, of course, regarding the initial load (deposit) to establish the account to ensure that those are legitimate funds, but that concern exists with the establishment of all banking relationships by any type of business.

Financial institutions certainly have the obligation to develop a risk management strategy and determine which types of business activities they deem acceptable versus those considered high risk. Supporting ATM operators with their currency needs could be considered a niche business with some unique requirements and may not be the best allocation of resources for all financial institutions. At the same time, bankers may not want to paint a business with the wide brush of "high risk" just because they deal with currency as a major part of their business operation. To do so may force many of these operators to shutter their units, which often are located in areas where there is not a wide choice of ATM locations.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

November 7, 2016 in ATM fraud, banks and banking, currency | Permalink

Comments

Good article, Thank you for your comments.

Chris Waters
National ATM
NAC Board member

Posted by: Chris Waters | November 23, 2016 at 08:49 AM

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

October 31, 2016


Of Piggy Banks and Bank Branches

Fall is my favorite time of the year. Football season cranks into high gear, pumpkins replace chocolate in my desserts, and excellent payment-related events take place with great published content. On the content front, this fall has not disappointed. I have recently read several excellent reports, including the FDIC's 2015 National Survey of Unbanked and Underbanked Households. Although the focus of the survey is on the unbanked and underbanked population, there are some interesting findings concerning banked households, including their methods used for accessing their accounts. After seeing these findings, I began pondering the question, why do I still visit a bank branch for my deposit account needs?

According to the FDIC survey, 75 percent of banked households use a bank teller to access their accounts. However, a teller is the primary or main access method for only 28 percent of banked households, suggesting that over 70 percent of households prefer to interact through a non-face-to-face channel. The other physical channel, the ATM, is the primary access method for only 21 percent of banked households. The FDIC found that online and mobile banking usage is lower than the physical channels; however, nearly 50 percent of banked households' primary method of access to their account is digital (online or mobile). So while a majority of banked households still visit a physical location to access their accounts, almost half of them prefer to access their account digitally.

As I think about my own banking practices, I visit physical banking locations less and less. I will drop in to make a check deposit, but only if I am running errands and a physical location just happens to fall on my route. Or sometimes my kids want a sucker and I know my local branch will come through. They have even provided my children with piggy banks during visits! I use mobile check deposit more often than not. I still visit ATMs, but those interactions are substantially fewer today thanks in large part to being able to obtain cash back via my debit card at a number of retailers.

So I will visit a branch for my deposit account needs if it is convenient for me while running errands or if my kids want candy or some other treat. And these two reasons aren't necessarily sustainable. I am running fewer errands as more of my shopping takes place in the digital world (and my phone is becoming more convenient for check depositing). And unfortunately, I am not getting any younger, which means my children are growing up, and as they do, suckers and piggy banks will more than likely not stir up as much excitement as they currently do.

As a traditionalist, my past thinking led me to believe that the demise of bank branches was overblown. However, my thinking has changed. The bank branch will not disappear overnight or completely in the long term, though indications are that the number of branches will decline. As I contemplate the results of the FDIC study coupled with observations from my own behavior, it becomes obvious to me that the physical importance from a deposit account perspective is being diminished in this digital age. I am not sure what the branch of the future will look like, but I feel confident in saying that tellers, and even ATMs, focusing on deposit accounts will not be primary reasons for consumers to visit. Why will you visit your local branch in the future?

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

October 31, 2016 in banks and banking, mobile banking | Permalink

Comments

As a person who works in a retail branch, I have noted that aging members are coming inside because they are fearful of on-line fraud and that the technology has gotten to be too complex for them. This is just as true for the 55 year old engineer as it is for the 80 year old former school teacher.

Posted by: Kevin B. O'Neill | November 7, 2016 at 12:25 PM

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

September 19, 2016


Mobile Banking and Payments—What's Changed?

This week, the Federal Reserve Banks of Atlanta, Boston, Cleveland, Dallas, Kansas City, Minneapolis, and Richmond are launching an online mobile banking and payments survey to financial institutions based in their respective districts. The purpose of the survey is to achieve better understanding of the status of mobile banking and payments initiatives, products, and services that financial institutions offer in the various regions of the country. The results of the survey at the individual district level should be available to participants by mid-December; a consolidated report for all the districts will be published in early 2017.

The last survey, which had 625 participants, was conducted in the fall of 2014. That was before the launch of the various major mobile wallets operating today, so it will be interesting to see what level of impact these wallets have had on the mobile payments activity of financial institutions. You can find the results of the 2014 Sixth District survey on our website. This survey effort complements the 2016 Consumer and Mobile Financial Services survey conducted by the Federal Reserve Board's Division of Consumer and Community Affairs.

First designed by the Federal Reserve Bank of Boston in 2008, the survey has been updated over the years to reflect the many changes that have taken place in the mobile landscape in the United States. Similar to past surveys, the 2016 survey looks to capture:

  • Number of banks and credit unions offering mobile banking and payment services
  • Types of mobile services offered or planned
  • Mobile technology platforms supported
  • Features of mobile services offered or planned
  • Benefits and business drivers associated with mobile services
  • Consumer and business adoption/usage of mobile services
  • Barriers to providing mobile services
  • Future plans related to mobile payment services

If your financial institution is based in one of the participating districts and has not received an invitation to participate in this year's survey, please contact your district's Federal Reserve Bank. For the Sixth District, you can contact me via email or at 404-498-7529. You can also contact me if you need assistance in locating your district's lead survey coordinator.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

September 19, 2016 in banks and banking, financial services, mobile banking, payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

September 12, 2016


Risk Mitigation Isn't Just for Banks

My summer in Atlanta wouldn't be complete without "shooting the Hooch." Friends and family gather upriver on the Chattahoochee River, bringing rafts, tubes, or kayaks for a chance to beat the pervasive southern heat. This year, towards the end of our two-hour float, we came upon Diving Rock, a crowded swimming hole where people stop to watch cliff jumpers. A jumper can choose either a 20- or a 30-foot freefall into the river below. As the family's "chief risk officer," when my eight-year-old son asked me if he could jump, I quickly assessed the inherent and residual risks of such an activity at this location. I concluded that our family was risk-averse in this situation and there would be no jumping.

Conversely, when my son asked if he could play tackle football, I decided we had an appetite for this type of risk. I don't want to detail all of the risk factors compared to the mitigation controls that went into my assessments and ultimate decisions. But looking at these two personal examples made me wonder: in a business context, who else is faced with important risk decisions? And who, besides banks, should be conducting constant risk assessments for their organization?

A tax preparer faces fines and, in extreme cases, jail time for filing returns with errors. Those who receive return-related penalties can also face suspension or expulsion of themselves or their entire firm, or other enforcement action by the IRS. Can a tax preparer be held liable for filing returns with errors even if unaware that the taxpayer was acting illegally? The tax preparer is held to the reasonable person standard, so if it is something he or she should have known, yes. But if the client omitted pertinent details, the tax preparer might have no way of knowing. Since the consequences are severe, should the tax preparer dig deeper and try to catch fraudulent client activity prior to submitting a return or keep blinders on?

I pay for monthly parking at a city garage. This week I found out that they monitor my activity closely with the access card I use. They know whether or not my car is in or out of the garage. They have triple-factor authentication to prevent parking space fraud. In order to get in or out, you need the weight of a vehicle at the gate with an authorized access card and the correct in and out record on the card in order to be provided pass through.

Doesn't it stand to reason that all organizations—whether they're responsible for tax preparation, parking space provision, or payment network access—in pursuit of success, whatever that is for them, should conduct assessments and implement mitigation controls in order to understand how customers engage in their services, especially if they can be held liable for those activities? Should payment services be any different and if so to what extent?

Photo of Jessica Trundley By Jessica J. Trundley, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

September 12, 2016 in banks and banking, risk management | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

August 1, 2016


FFIEC Weighs In On Mobile Channel Risks

In late April, the Federal Financial Institutions Examination Council (FFIEC) released new guidance regarding mobile banking and mobile payments risk management strategies. Titled "Appendix E: Mobile Financial Services," the document becomes part of the FFIEC's Information Technology Examination Handbook. While the handbook is for examiners to use to "determine the inherent risk and adequacy of controls at an institution or third party providing MFS" (for mobile financial services), it can also be a useful tool for financial institutions to better understand the expectations that examiners will have when conducting an exam of an institution's MFS offering.

Consistent with examiners' focus on third-party relationships for the last several years, the document points out that MFS often involves engagement with third parties and that the responsibilities of the parties in those relationships must be clearly documented and their compliance closely managed. Other key areas the document reviews include:

  • Mobile application development, maintenance, security, and attack threats
  • Enrollment controls to authenticate the customer's identity and the payment credentials they are adding to a mobile wallet
  • Authentication and authorization, emphasizing that financial institutions should not use mobile payment applications that rely on single-factor methods of authentication.
  • Customer education efforts to support the adoption of strong security practices in the usage of their mobile devices

The document also identifies and reviews strategic, operational, compliance, and reputation risk issues for the various elements of a financial institution's MFS offering. The final section of the document outlines an examiner's work plan for reviewing an MFS program with seven key objectives. I believe that it would be time well spent for the institution's MFS team to assume the role of examiner and use the work plan as a checklist to help effectively identify and manage the risks associated with an MFS program.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

August 1, 2016 in bank supervision, banks and banking, financial services, mobile banking, mobile payments, regulations, regulators, third-party service provider | Permalink

Comments

Looking forward to welcoming David Lott to our upcoming Next Money Tampa Bay meetup.

David will be our keynote on Wednesday, Sept 21, 2016 6:00 ~ 8:00 PM

Tampa Bay Wave Venture Center
500 East Kennedy Boulevard 3rd FL
Tampa Florida 33602

All are welcome to attend RSVP at

https://www.meetup.com/NextMoneyTPA/events/233171815/

Posted by: Bruce Burke | August 6, 2016 at 05:22 PM

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

July 11, 2016


Surviving the Emerging Payments Providers

Predictions abound that emerging companies will dominate the remittance and person-to-person (P2P) payments space and financial institutions will be relegated to being a bystander. While I am not sold on their eventual dominance, I do think that emerging companies are creating positive changes. These changes have included new business models for financial institutions and traditional remittance providers who are able to offer their existing and prospective customers new, efficient payment choices. And as recently released financial and transaction figures show, some traditional players embracing change are poised to remain in their leadership positions.

I recently saw a speaker who said that one particular emerging digital remittance provider is the largest digital remittance business in the United States. However, I think the honor of the largest digital remittance transfer provider goes to a long-term remittance incumbent, Western Union. Though payments volume data are not available, revenue data do provide us with some insight into the size of these providers. According to Western Union's 2015 annual report, its digital money transfer services generated $274 million in revenues in 2015. As a point of comparison, three emerging companies (Xoom, Worldremit, and TransferWise) had combined revenues of $230 million. Though Western Union's online service represents only 6.3 percent of its consumer-to-consumer revenues, the segment grew by 26 percent in 2015.

In June, Chase announced changes to its digital P2P solution that will allow Chase customers to send and receive money in real time through ClearXchange with customers of Bank of America, U.S. Bank, and several other financial institutions. Chase's digital P2P solution has been a feature on the Chase mobile application and online banking website for several years now and was used in 2015 to send $20 billion in P2P payments. As a point of reference, the wildly popular emerging mobile and online P2P provider, Venmo, reported $1 billion in transfers during the month of January, up 250 percent from the prior January. With the additional reach of ClearXchange participants, Chase customers will now be able to digitally send and receive payments to 65 percent of the digital banking population in the United States, placing it in a position to experience significant growth to its digital solution.

With both remittances and P2P payments, online and mobile channels are seizing share from traditional channels. Even though the in-person agent model in remittances and P2P payments via cash and checks will remain a viable solution for many consumers, today's growth is being driven by digital models.

No doubt emerging players are threatening traditional companies for remittance and P2P dollars. However, financial institutions and established money transmitters are evolving, and based on the numbers, remain valuable payments providers. Given this environment, financial institutions and traditional remittance providers that don't evolve to embrace the digital remittance and P2P economy are at serious risk of losing share. And the threat isn't just coming from emerging companies. In fact, you can call me a traditionalist, but I think evolving traditional financial institutions and remittance providers are positioning themselves to remain the dominant providers of P2P and remittance payments.

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

July 11, 2016 in banks and banking, emerging payments, financial services | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

June 27, 2016


Between a Rock and a Hard Place?

Customer education encouraging safe payments practices has always been viewed by staff at the Retail Payments Risk Forum as a vital element in mitigating payments-related fraud. We have stressed this need time and time again in our posts as well as our numerous speaking engagements at payments-related conferences and events.

Financial institutions (FIs) have generally been identified as the group that should bear this responsibility as they own the account relationship, but with more intermediaries in the payments process, I think that others should also be involved. The advent of mobile banking and payments has introduced even more challenges since the financial institution doesn't get involved in the acquisition of the mobile device as that is normally handled by the mobile network sales representatives. My personal experience with these sales representatives is that once the device sale is done, they are more interested in selling me accessories or upgrading my data plan than they are teaching me about selecting and setting strong passwords or preventing malware and viruses from finding their way into my phone.

When I raise this issue with others, all too often I hear a pessimistic chorus that getting consumers to adopt strong security practices will always be a losing battle for FIs. They say that consumers will always choose convenience over security—that is, until they fall victim to fraud. And forget about any other player in the ecosystem taking on the education responsibility because if they have no liability for fraud losses, why direct funds to education when they could be deployed elsewhere?

The impact of fraud on a consumer's relationship with his or her financial institution has never been greater. We read every day about the increasing economic importance of the Gen Y or millennial segment. With an estimated 80 million people, they represent the largest segment of our country's bankable population. A late 2015 study by FICO on millennial banking habits revealed that 29 percent of respondents indicated that they would close all their accounts with a financial institution if one of those accounts experienced fraud. To make matters worse, one quarter of the survey participants indicated they would write a negative post on social media about their financial institution if they experienced a fraud incident.

So are financial institutions in a no-win situation? A ray of hope emerges from the same FICO study, which states that 41 percent of the millennials surveyed indicated that they recommended their FI to friends, colleagues, or family members after a positively handled fraud incident. Studies have consistently shown that payment security is a key concern of all customers, not just millennials. So although it may not seem fair that financial institutions have to shoulder most of the security education effort, the impact of not doing so could be significant. Perhaps it is time for a coordinated payments industry campaign to encourage consumers to adopt safer and more secure banking practices.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

June 27, 2016 in banks and banking, financial services, payments, risk | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

June 20, 2016


There's an App for That!

Few would question that mobile phones have had a considerable influence in our everyday activities. They provide a level of convenience and connectivity that also generates benefits to our personal safety and the security of our banking accounts and other assets. The Pew Research Center estimates that almost two-thirds of adults in the United States own a smartphone and 15 percent use them as their primary online access device either because they do not have broadband access at their home or have few other online options.

In recent blogs, I highlighted some key findings from the Federal Reserve Board of Governors' recently released Consumers and Mobile Financial Services 2016 report. The report includes a section of questions that probe how consumers use their mobile phones in financial decision making. Within the past year, 62 percent of mobile banking users with smartphones responded that they checked their balance before they made a large purchase. The power of that information is demonstrated in that for those who checked their balance or available credit, half didn't make a purchase as a result of having that information.

Forty-five percent of smartphone owners use their phone for comparison shopping at retail stores. Forty-one percent reported they use their phones to obtain product information while shopping at retail stores, and 28 percent use a barcode scanning application for price comparisons.

Though smartphone owners value the convenience phones bring to financial decision making, security and safety are primary concerns. A little more than half of the mobile banking users take advantage of the feature of receiving some type of alert from their financial institution. The most common alert cited was for a low balance, but 36 percent reported they also receive fraud alerts.

Later this year, a number of the Federal Reserve districts, including the Sixth District, will be conducting a survey of the financial institutions in their districts about the mobile banking and mobile payments services they offer. The Sixth District participated in this effort in 2014; you can find the results here. It will be interesting to see the changes that have taken place over the last two years, especially in light of the launch of the various mobile wallets, so stay tuned.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

June 20, 2016 in banks and banking, mobile banking, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

November 30, 2015


Half Full or Half Empty?

My colleagues and I in the Retail Payments Risk Forum participate as speakers or attendees in what sometimes seems to be a nonstop stream of banking and payments conferences that run from mid-September to mid-November. This effort is part of our mission to support the education of the stakeholders in the payments ecosystem with a focus on payments risk. We also use the opportunity to network with other attendees and vendors to stay on top of the latest developments and market solutions that are being deployed to combat payments fraud. These events also give us a chance to provide our perspective on trends and key issues involving payment risk.

At a recent fraud conference, I was on a panel discussing fraud trends and key threat vectors. The moderator of the panel revealed some results from Information Security Media Group's 2014 Faces of Fraud survey of financial institutions (FIs). There was a specific question about whether FIs had seen a change in the level of losses from account takeover fraud since the Federal Financial Institutions Examination Council issued its supplemental guidance on Internet banking authentication in 2011. That guidance directed financial institutions to evaluate "new and evolving threats to online accounts and adjust their customer authentication, layered security, and other controls as appropriate in response to identified risks." The survey results are shown in the chart below.

graphic-chart

Source: 2014 Faces of Fraud Survey, Information Security Media Group

While the moderator and some of the other panelists seemed to focus on the 20 percent who said they had seen an increase in fraud, I had the perspective of the glass being half full by the 55 percent who indicated that the fraud had stayed about the same or decreased. Given the certainty that the number and magnitude of data breaches have increased and that the number of attempts by criminals to commit some sort of payment fraud through account takeovers was significantly up, I opined that since the fraud levels for the majority of the FIs had stayed at the same level or declined should be considered as a victory.

Certainly, I am not saying the tide has turned and the criminals are on their way to retirement, but I think the payments industry stakeholders should take some pride that its efforts to combat payment fraud are making some progress through the continuing development and deployment of anti-fraud tools. Am I being too Pollyannaish?

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

November 30, 2015 in banks and banking, crime, cybercrime, fraud, payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

Google Search



Recent Posts


March 2017


Sun Mon Tue Wed Thu Fri Sat
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31  

Archives


Categories


Powered by TypePad