Take On Payments

About


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

August 15, 2016


The Personal Cost of Fraud

Last week's post by my colleague Doug King described the check fraud that took place after someone burglarized his wife's car and stole her wallet, including her driver's license and credit and debit cards. The frequency and magnitude of data breaches and constantly reading and researching payments fraud as part of my job have probably numbed me to the personal impact of fraud. When discussing the likelihood of becoming victims of some sort of identity theft fraud, we jokingly paraphrase the slogan in the South about termite infestations: "It's not a matter of if, it's a matter of when." Given the data breaches and information available through public records, we operate under the assumption that the criminal element has all the information they need to perpetrate fraud against us and, for those of us who haven't already been victimized, it is likely to happen in the near future. A pessimistic outlook for sure, but one I fear is realistic.

I still get frustrated when I see the many studies that show that, despite consumers' concern about the security and privacy of their transaction and personal information, the vast majority do not adopt strong security practices. They use easy-to-guess passwords or PINs and often use the same user ID and password for their various online accounts, from social media to online banking access. I believe that many financial institutions (FI) and ecommerce providers have passively supported this environment in that they often do not require customers to use stronger practices because they don't want to incur the customer service cost associated with password resets or customer abandonment. The lack of consistent password formatting structures adds to the confusion (some require special characters and others don't allow them).

I certainly don't hold myself out as the poster child for strong security, but our family has adopted a number of the recommended stronger security practices. These include using a simple compound password structure that creates a separate password for each application, creating a more complex password structure for financial applications, establishing filter rules designed to spot spam and phishing emails, and conducting a frequent review of financial accounts to spot unauthorized transactions.

While liability protection laws and regulations generally hold a consumer financially harmless, there clearly is a social and individual cost associated with fraud from the time spent dealing with law enforcement and FI representatives to the issue of not being able to access the funds fraudulently taken until reimbursement is made. Perhaps Doug's wife's requirement for her FI to provide a stronger level of authentication reflects a changing sense of the need by the general public for stronger security practices. I certainly hope so.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

August 15, 2016 in consumer fraud, cybercrime, data security, fraud, identity theft | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

April 11, 2016


Combat Gear for Tax Season

Recently, a local newspaper reported on two ex-bankers who were sentenced for their roles in a two-year-long fraud scheme. These ex-bankers created fraudulent bank accounts, then generated more than 2,000 false tax returns totaling more than $2.8 million in fraudulent refunds. The IRS has plenty more stories of tax fraud to tell.

Currently, "file taxes" is number one on my to-do list, and maybe yours. Do you shiver considering the possibility a tax return in your name has already been filed by someone else? Criminals, organized or not, know they can earn a living by filing fake returns. Even a legitimate taxpayer who owes taxes can be a victim of identity theft tax (IDT) refund fraud, as defined by the Internal Revenue Service's (IRS) Security Summit. (Note: The Electronic Tax Administration Advisory Committee, which reports to Congress, calls IDT refund fraud stolen identity refund fraud, or SIRF).

Formed on March 19, 2015, the Security Summit joins the IRS, state departments of revenue, and members of the tax refund ecosystem to discuss ways to combat IDT refund fraud. The Summit currently has seven working groups, including one focused on refund authentication and fraud detection. We have blogged before on the importance of data analytics in detecting fraudulent filings; this working group is attempting to strengthen these data tools. The working group also laid out best practices for software providers in enhancing identity requirements and strengthening validation procedures. At the end of last year, Congress provided a big assist in these efforts by passing the Protecting Americans from Tax Hikes, or PATH, Act of 2015, which closes one of the biggest loopholes in the tax refund process by requiring employers to electronically file W-2 forms and 1099 forms with the IRS by January 31 of each year instead of March 31. This new requirement, which becomes effective in 2017, will allow federal and state taxing authorities to match returns with actual W-2s for the first time.

The Security Summit also has a Financial Services Working Group, which explores ways to prevent criminals from using stolen identification credentials to establish financial services products such as checking accounts and prepaid cards that would allow the criminal to access the proceeds of fraudulent returns. After all, fraud may not be realized until after processing the tax return. Refunds are distributed either by check or direct deposit via ACH, which can be sent to a prepaid account (card) or traditional bank account. The IRS can't determine which account type an ACH refund is destined for since routing number and account number aren't standardized by account type, nor is there a database of routing numbers to identify prepaid accounts. Some have suggested that knowing when it is a prepaid account could be helpful in risk rating the return before sending the refund. The Financial Services Working Group has developed a standard state ACH file-naming convention so that state tax refunds can be identified by the industry in order to apply enhanced fraud filtering. Suspicious state tax refund deposits can be detected based on amounts, name matching, account type, length of relationship, and volume of deposits or withdrawals. The new format standard will strengthen fraud control systems in that all tax refund deposits will be able to be further scrutinized.

The Security Summit has a total of seven working groups, and they have their work cut out for them. While I shiver to think I could be a victim to identity theft, I support the progressive efforts to stop this crime, especially in the pre-filing and pre-refund stages so the criminals can't see a reward for their efforts.

Photo of Jessica Trundley By Jessica J. Trundley, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

April 11, 2016 in ACH, consumer fraud, fraud, identity theft | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

January 19, 2016


Mobile Wallets: Is This the Year?

In our 2015 year-end retrospective post, we commented on the slow pace of adoption of mobile payments despite the introduction of several major mobile wallets. While some consumer research continues to point to widespread consumer usage of mobile wallets in the coming years, we have seen similar projections from past research fail to materialize.

So what have been the major barriers to adopting mobile wallets? And for those who have adopted them, what functions are the most important? As I have noted before, I am a firm believer in former Intel CEO Andrew Grove's 10X rule: a new technology experience must be at least 10 times better than the previous method to achieve widespread consumer adoption and usage. A number of different elements—speed, cost, convenience, personalized experience, ease of use, and so on—can all contribute to achieve that 10X factor. Another critical element is the consumer's trust in the security of the wallet to ensure that payment credentials and transaction information will not be compromised in some way. The market research and strategy firm Chadwick Martin Bailey (CMB) conducted mobile wallet research in March–April 2015 on a nationally representative sample of smartphone owners and specifically asked mobile wallet nonusers what were their particular security concerns. As the chart shows, identity theft and the interception of personal information during the transaction were the top two reasons given.

Chart-1

The tokenization of payment credentials goes a long way to providing a higher level of security, but a major educational effort is required to relay this knowledge to consumers to increase their level of confidence. The CMB study found that 58 percent of nonusers would be somewhat or extremely likely to use a wallet if tokenization of their payment account information were performed.

But is it enough to convince consumers that mobile payments are more secure to significantly speed up adoption and usage? Mobile wallet proponents have been saying for years that the mobile wallet must deliver more than just a payment function, that it should include incorporate loyalty, couponing, identification, or other functions.

So if the desired end state is known, why is it taking so long for the mobile wallet providers to achieve that winning solution? The retailer consortium MCX is going into its fourth year of development and has just recently begun a pilot program of its CurrentC wallet in the Columbus, Ohio, market. Two of MCX's owners and major U.S. retailers, Walmart and Target, have announced in the last couple of months their plans to develop and operate their own mobile wallet. While these companies still profess their support of the MCX program, have they concluded that a common mobile wallet solution among competing retailers doesn't meet all their specific needs? Or is it a desire to offer their customers a wider choice of shopping experience options and differentiate their experience? Or is it another reason altogether? Only time will tell.

So do you believe that 2016 will be the year of the mobile wallet? Let us know what you think.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

January 19, 2016 in consumer fraud, contactless, identity theft, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

August 3, 2015


Friendly Fraud: Nothing to Smile About (Part 2)

Last week's post discussed the increasing frequency of friendly fraud and the problems it presents for e-commerce merchants. A transaction that could be classified as friendly fraud might actually be one the customer just forget about, or one involving a family member using the customer's card without permission, or one with the customer actually not receiving the goods. So the merchant really can't just assume the customer is out to commit fraud and take an aggressive approach in dealing with the customer. The merchant would probably then have lost the customer's business altogether. But with the burden of proof on the merchant, the merchant must adopt a number of best practices to help minimize losses.

A company that works with merchants to both prevent chargeback disputes and respond to them has published a detailed guide (the site requires e-mail registration for access to the guide) to help merchants deal with friendly fraud. The following list includes some of the guide's best practices:

  • Promote a clear and fair refund policy that encourages customers to contact the merchant directly instead of the card issuer.
  • Make sure that the name of the business is on all billing statements—clearly, to avoid confusion.
  • Ensure that the customer communication channels—such as a call center or e-mail—are accessible.
  • Be responsive to customer inquiries.
  • Clearly communicate shipping charges and delivery timeframes to avoid misunderstandings about the total cost or delivery date of orders.
  • Always obtain the card security code and use address validation services. For larger-value purchases, consider the use of delivery confirmation and other validation services.
  • With digital goods or services, consider using a secondary verification tool—an activation code or purchase confirmation page—to ascertain that the customer received the goods.
  • When there is a chargeback, make every effort to contact the customer directly to attempt to resolve the matter. While the contact may not resolve this particular situation, it may offer a lesson that might help prevent future chargebacks from other customers.
  • Keep a database of customers who initiate chargebacks that appear fraudulent. Research shows that customers who deliberately defraud merchants and succeed at it are very likely to do it again.

As with all efforts to fight payments fraud, merchants must study their own customer base. They should identify their particular risks and then employ the practices that will help them best mitigate their fraud losses.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

August 3, 2015 in cards, consumer fraud, fraud | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

July 27, 2015


Friendly Fraud: Nothing to Smile About (Part 1)

Friendly fraud (also referred to as chargeback fraud or first-party fraud) occurs when someone makes an online purchase then later requests a chargeback from the bank. The person has received the goods or services, but claims they were defective or the transaction never authorized. Sometimes this happens because of buyer's remorse—the customer just doesn't want to have to explain his or her regret to the merchant, preferring to initiate a chargeback and let the bank resolve it with the merchant. Sometimes the buyer's remorse comes from a child making purchases, particularly digital goods, using the parent's card, or when a merchant's refund time limit has passed but the cardholder still wants to be reimbursed.

While there certainly can be legitimate disputes, friendly fraud is becoming a growing problem for e-commerce merchants. Not only are the merchants out the cost of the goods or services, but they also incur administrative costs and fees from the card-issuing bank. Companies selling digital goods, office supplies, or electronics—as well as auction sites—seem to be the most frequent targets of friendly fraud, but other types of businesses can also be affected.

One of the main difficulties merchants experience in combating this fraud is predicting or recognizing when it first occurs, since it often occurs on the account of a "good" customer. And with these remote purchases, the merchant is at a disadvantage in determining if a legitimate cardholder made the purchase or the goods were actually received by the cardholder.

Because the burden of proof is on the merchant, the merchant community has started to implement a number of tactics to help reduce this increasing problem. In our next installment on this topic, we will discuss some of those tactics.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

July 27, 2015 in cards, consumer fraud, fraud | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 23, 2015


Balancing Security and Friction

Several weeks ago, my colleague, Dave Lott, wrote a post addressing the question "Does More Security Mean More Friction in Payments?" Having had several weeks to ponder this concept while attending multiple payments conferences and participating in similar discussions, I can say that I believe that securing payments does mean more friction. Friction may not be seen as good for commerce, but it can be good for security. An enormous challenge that those in the payments industry face is determining the right balance of friction and security. This challenge is heightened since consumers have a range of choices in payment types, yet do not often bear financial liability for fraudulent transactions.

It is absolutely critical to secure the enrollment or provisioning of the payment instrument on the front end. However, this introduces friction before a payment transaction is even attempted. And if consumers deem the process too onerous, they can reject that payment instrument or seek alternative providers. The recent media coverage of fraud occurring through Apple Pay highlights the challenge in the onboarding process. Consumers and pundits have raved about the ease of provisioning a card to their Apple Pay wallet through what they already have on file with iTunes. But fraudsters have taken advantage of this easy onboarding process. I should stress that this isn't just a mobile payments or Apple Pay problem—fraudsters are well-versed in opening bank accounts, credit cards, and other payment instruments using synthetic or stolen identities.

Let's assume that a person's payment credentials are in fact legitimate. Verifying that legitimacy introduces more friction into the payment process. A transaction that requires no verification obviously comes with the least friction, but it is the riskiest. Signatures and PINs bring a small amount of friction to the process, with very different results in terms of fraud losses. We don't know yet what kind of friction, if any, different biometric solutions create during both provisioning and the transaction. Issuers must enable the various forms of verification, and it is up to the merchants to implement solutions that will use various verification methods. Yet consumers, who bear less of the risk of financial loss from fraudulent transactions than the merchants, can choose which payment method, and sometimes which verification method, to use—and they often do so according to the amount of friction involved, with little to no regard for the security.

Issuers and merchants will offer the right balance of friction and security based on the risks they are willing to take and the investments they make in security processes and solutions. But it is the consumer who will ultimately decide just by accepting or rejecting the options. With limited or no financial liability, consumers are often willing to trade off security in favor of less friction—and the financial institutions and merchants have to bear the losses. So I'll ask our Take On Payments readers, how do you balance friction and security in this environment?

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed


March 23, 2015 in biometrics, consumer fraud, identity theft | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01bb080d3a99970d

Listed below are links to blogs that reference Balancing Security and Friction:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

January 20, 2015


Phone Scams: Still Calling Around

With 2014 filled with news about data breaches and faster payments and new technologies trying to jumpstart various payment applications, it was easy to forget about that old-fashioned device, the telephone, and the role it can play in fraud. (It's been almost a year since I wrote the post "Phone Fraud: Now It's Personal!" about fraud schemes involving telephones.)

Pindrop Security recently released some research on the most frequent consumer phone scams, reminding us of how criminals can use a low-tech device combined with high-tech research tools to scam millions of consumers out of tens of millions of dollars each year.

We can generally place the underlying tactics of the scams into one of four categories:

  • Scare tactics. Often, the caller poses as a governmental agency official such as an IRS agent or law enforcement officer and advises the victim they have an outstanding debt or arrest warrant. The caller tells the victim to send in a certain amount of money immediately to cover the debt or pay a fine—or be arrested, have a lien placed against the home, or face other serious actions. The criminal's goal is to obtain funds directly from the victim.
  • Attractive offers. In this type of scam, the caller generally wants the victim's payment card or bank account number—although, as we outlined in an earlier post on advance fee scams, the caller may also be after direct payments. The offer may be for anything from a free vacation to a government grant, or from a reduction in the victim's mortgage or credit card interest rate. In any case, the caller insists the victim pay a handling fee. Sometimes, the caller asks questions about the victim's banking accounts to make sure the victim "qualifies" for the special offer. With the information obtained, the fraudsters generate payment transactions or use that information for future identity theft efforts.
  • High-pressure techniques. Most scams involve high-pressure techniques; the criminals want to create a sense of urgency to get the victim to act quickly, without thinking. A common scenario is when the caller tells the victim that his or her bank account or payment card has been frozen because of suspicious activity and then urges the victim to provide sensitive account information to restore the account to normal status. The caller can then use the information the victim has provided to initiate fraudulent transactions or identity theft.
  • Information-gathering. A criminal may call to get "additional" information about a customer to go into an identity profile that the criminal can use later in committing an identity theft crime. Often the criminal has already gathered some information about the targeted victim through social media or public records to weave into a cover story about why they are requesting the information to make the story more believable.

Since any of us can be a target of such calls, we must educate ourselves—and the public and our colleagues—about these scams constantly so we can all be on the alert and safeguard our accounts and personal information.

Photo of David LottBy David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed


January 20, 2015 in consumer fraud, identity theft, phone fraud | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01b7c73af7e5970b

Listed below are links to blogs that reference Phone Scams: Still Calling Around:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

August 25, 2014


Forty Years and Still Scamming

I suspect that a lot of us have received a letter or an e-mail supposedly from another country's government official or banker informing us that there were some unexpected riches coming our way. We could become millionaires, these strangers tell us, by claiming a prize from a lottery that we don't remember entering. Or they say we just might become millionaires by helping them transfer money out of their country, since they can't because of some sort of bureaucracy or regulation. Before tossing these letters or e-mails into the trash, did you ever linger for just a moment wondering if these riches could actually be coming to you?

A large number of people, particularly in the United States, think the scam is legitimate and are willing to invest up to tens of thousands of dollars to claim their share of the pot of gold. Sadly, they find not only that there is no gold, but also that there isn't even a pot. This type of fraud is classified as an advance fee fraud because the scam involves the victim having to send money in advance, to cover fees or taxes, before they can receive their share of the bounty. The advance fee fraud is one type of 419 Nigerian fraud, so called because early versions originated in Nigeria, where criminal code 419 describes the fraud. 419 fraud began in the 1970s with letters—often with counterfeit postage marks—that targeted small business owners, requesting their help in handling new oil wealth.

Over the next three decades, the solicitations grew at such a tremendous pace that in 2002, the Department of Justice got a court order to allow postal employees to open every letter from Nigeria that was handled through the United States Postal Service's mail facility at John F. Kennedy Airport. They found that more than 70 percent of these letters contained some sort of fraudulent scheme solicitation.

As law enforcement's focus on Nigeria intensified, the 419 groups moved to other countries. These groups reportedly have major operations in at least 150 countries and the involvement of more than 800,000 people. Ultrascan Advanced Global Investigations (UAGI), an Amsterdam-based association focused on disrupting the operations of criminal networks, stated in a preliminary 2013 report that U.S. victims lost $2.3 billion in 2013—more than in any other country.

As with other types of criminal activity, the techniques that advance fee criminals use have become more sophisticated, evolving alongside technological advances. They've moved their method of solicitation from mail to faxes and then to e-mails. And now, instead of just sending mass mailings or e-mails, many of the criminals are tailoring e-mail messages, lacing them with personalized information obtained from social networks and professional and dating websites. For lottery-themed advance fee schemes, the UAGI estimates that 3 percent of the targets respond and make at least one advance payment.

Even more interesting, the report refutes some common misconceptions about the victims usually being lower income or with less education and desperate for some sort of financial windfall. In fact, a number of high-income professionals are taken in by some of the more sophisticated schemes involving high-dollar ventures including real estate development and medical equipment. The report also notes that, for victims losing more than $200,000, 85 percent of them had recently experienced some sort of life-changing family trauma such as a death, divorce, or major illness.

Education by financial institutions remains the most valuable tool to defend against these schemes. These institutions should use in-house media and other methods, such as public service announcements, to alert consumers to these scams, particularly those that appear in the FIs' service areas. I know of some institutions that train their frontline staff to watch for such unusual transactions, particularly by the elderly, as a supplement to their anti-money-laundering education. Financial institutions and consumers should report advance fee fraud attempts immediately to the local Secret Service or FBI office for investigation.

Photo of David LottBy David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

August 25, 2014 in consumer fraud, consumer protection | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01a73e082622970d

Listed below are links to blogs that reference Forty Years and Still Scamming:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

August 4, 2014


Fishing for Your Private Data

fishing Recently, I received a text from my daughter about an e-mail that appeared to be from her financial institution. The e-mail stated that online access to her bank account would be terminated because she had tried to access her account from several computers. However, she could retain access by clicking on a link. While my daughter's natural reaction was concern that she would lose online access to her bank account, I told her that this was probably a phishing incident.

Unlike the hobby of fishing, phishing is the work of fraudsters. With phishing, fraudsters attempt to dupe a consumer or employee into believing that they must immediately provide personal or private data in response to an e-mail that appears to be (but is not actually) from a legitimate entity. Much like fishing, phishing relies on numerous casts, with the phisher hoping that many of those who receive the e-mail will be fooled and swallow the bait. If they get hooked, malware may be loaded on their computer to monitor their keystrokes and pull out financial service website log-on credentials. Or, in my daughter's case, if she had clicked on the link, it would have most likely taken her to a legitimate-looking web page of the bank and requested her online banking credentials. The volume and velocity by which anyone can send e-mails has created a wide window of opportunity for fraudsters.

In their e-mail, the fraudsters create a sense of urgency by indicating some sort of drastic action will be taken unless the customer acts immediately. Although organizations have repeatedly posted statements that they would never send an e-mail asking for private data, this threatened action often causes the recipient to act without considering the consequences or taking the time to call the company or organization to verify the e-mail's authenticity. If it is not authentic, the individual should immediately delete the e-mail without replying, without clicking on any links embedded in the email, and without opening any attachments.

In addition to the need for consumers and employees to be wary of e-mails that are not legitimate, financial institutions must continually stay abreast of the latest technologies to help combat these schemes and educate customers. In a past post, we discussed steps financial institutions should take to help customers protect themselves from fraudsters. These schemes remain in the news even though banks, businesses, and government entities continue to post educational information and best practices for consumers and employees. As my daughter's example demonstrates, consumers opening bank accounts for the first time are not likely to know these schemes. This example suggests that—in addition to educating both business and consumer customers generally—it would be beneficial for financial institutions to place more emphasis on education concerning these schemes at the time customers open their accounts.

Photo of Deborah Shaw

August 4, 2014 in banks and banking, consumer fraud, consumer protection, data security, fraud, identity theft | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01a73dfaf641970d

Listed below are links to blogs that reference Fishing for Your Private Data:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

June 23, 2014


Do Consumers REALLY Care about Payments Privacy and Security?

Consumer research studies have consistently shown that a top obstacle to adopting new payment technologies such as mobile payments is consumers' concern over the privacy and security protections of the technology. Could it be that consumers are indeed concerned but believe that the responsibility for ensuring their privacy and security falls to others? A May 2014 research study by idRADAR revealed the conundrum that risk managers often face: they know that consumers are concerned with security, but they also know they are not active in protecting themselves by adopting strong practices to safeguard their online privacy and security.

The survey asked respondents if they had taken any actions after hearing of the Target breach to protect their privacy or to prevent credit/debit card fraudulent activity. A surprising 79 percent admitted they had done nothing. Despite the scope of the Target data breach, only 4 percent of the respondents indicated that they had signed up for the credit and identity monitoring service that retailers who had been affected offered at no charge (see the chart).

Consumers Post Breach Actions

In response to another question, this one asking about the frequency at which they changed their passwords, more than half (58 percent) admitted that they changed their personal e-mail or online passwords only when forced or prompted to do so. Fewer than 10 percent changed it monthly.

When we compare the results of this study with other consumer attitudinal studies, it becomes clear that the ability to get consumers to actually adopt strong security practices remains a major challenge. At "Portals and Rails, we will continue to stress the importance of efforts to educate consumers, and we ask that you join us in this effort.

Photo of Deborah Shaw

June 23, 2014 in consumer fraud, consumer protection, data security, identity theft, privacy | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01a3fd23a8ce970b

Listed below are links to blogs that reference Do Consumers REALLY Care about Payments Privacy and Security?:

Comments

Consumers have been hearing "the horror stories around the campfire" for so long, they have come to believe that if the "boogieman" is going to get you, there is nothing you can do about it. However, this is just not true. The FSO industry needs to promote consumer education efforts to update the public: we are each provided options every day that can serve to reduce our exposure to the fraud/ID theft boogieman - at FraudAvengers.org we call it "anti-fraud activism". Once aware, consumers will find themselves liberated to make choices based on their own risk tolerance about: how they make and receive payments; how they use their communication devices; the places in which they voluntarily place their personal information; ways and frequency of monitoring their financial, medical and other personal records; who and how they do business with people they have never met and/or do not know; etc. By ensuring we always include the "lessons learned" after we tell our horror stories, we serve to educate the public and inform them of protective actions they can take in their own defense. Crime collar criminals are always looking for victims: by reducing one's visibility to them and by proactively knowing what to watch-out for, consumers can greatly reduce the likelihood of becoming victims.

Posted by: Jodi Pratt | June 23, 2014 at 03:19 PM

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

Google Search



Recent Posts


August 2016


Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      

Archives


Categories


Powered by TypePad