Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
December 14, 2015
Down and Out in Myanmar
Here in the United States, we have gotten used to cash being the default payment method when other payment methods are not accepted or fail for one reason or another. But a few years ago, I had the pleasure of traveling to a country where cash was pretty much the only acceptable payment method. My experience there really made me appreciate the existence of mobile money transfer (MMT) services like M-Pesa. These MMTs are rapidly spreading across the developing world. Unfortunately for me, however, I had no access to an MMT in the country I visited.
In 2010, my wife was sent on a three-year assignment to her employer's Asian offices in Singapore. During one of my periodic visits, my wife and I vacationed in Myanmar, also known as Burma. Myanmar has a predominately cash-based economy.
Let me provide a little geography and history. Myanmar is bounded by Bangladesh, India, China, Laos, and Thailand. Before independence in 1948, it was ruled by the British, except during World War II, when the country was occupied by Japanese troops. At the end of the war, the country reverted to British rule. In 1962, a military coup led to nearly 50 years of military rule. In the year we visited, fewer than 600 tourists arrived at the international airport in Yangon, the busiest airport in the country.
Before our visit to Myanmar, we wired funds to a tour operator's account in Thailand to pay for the services of a driver, a guide, and some of our lodging. We estimated that we would need about $3,000 for the rest of our travel expenses during our three-week visit. At the time of our visit, Myanmar was under stringent trade sanctions due to the repressive military regime, so no international payment networks operated in the country. Consequently, the coin-of-realm for international tourists was U.S. hundred-dollar bills that could be exchanged for kyats, the local currency.
What we didn't understand is that the money exchangers required U.S. bills of the 1996 series or later with no folds, tears, markings, or stains of any sort. Yikes, we are essentially talking about uncirculated, brand-new bills. Since no international ATMs operated in the country, our first visit was to a local bank. The teller agreed to exchange only $500 after scrutinizing in microscopic detail (like a paleontologist examining a fossil) for 15 minutes our thirty $100 bills. This would cover less than our first week of expenses. We had thousands of dollars burning a hole in our pocket and no place to spend it. We were hard up.
We were getting anxious after several failed attempts at other bank branches, so our guide suggested using an unofficial currency marketer to see if we could exchange more bills. We walked a serpentine route to an untouristed, possibly unsafe area of town. Our guide took us to a money exchanger who grudgingly exchanged an additional $500. Even with further economizing, we estimated we were still short in funds for the last week of our trip. Success arrived when we met fellow travelers with excess funds they were willing to exchange.
I have wondered to this day why the reluctance to accept less-than-pristine bills. Obviously, one concern is the possible counterfeiting of $100 U.S. notes by the government of North Korea, according to some press accounts.
But whatever the reason, it left us spending $1,000 less than we anticipated. If we had had access to an MMT, we presumably would have been able to more freely purchase goods and service without wondering whether our cash would be accepted—though it should be noted that we may still have had problems with the initial cash load at an MMT money transfer agent.
Stepping back, the lessons we learned include the various risks associated with a cash economy, such as counterfeiting and, on a personal level, the disappointment of a diminished vacation due to the time and anguish spent in exchanging money. As I said in the beginning, I can appreciate firsthand the real advantages of moving away from cash to a low-cost, widely accepted mobile money transfer service. In Kenya, for example, M-Pesa reported in 2015 a 22.8 percent growth in revenue and 13.86 million active customers out of a population of 45 million. Meanwhile, next time I go to Myanmar, I'll know what to bring.
By Steven Cordray, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
April 11, 2011
Dispelling the myths about mobile banking and payments
There is a lot of confusion these days when it comes to mobile banking and payments. Consumer advocates warn that mobile payments will be unsafe and we need to develop consumer protections now to create a harbor from scams and rip-offs. While it's true that payment innovations often introduce new risks, they also create opportunities to create better safeguards that ensure a more secure payments system. So the path forward is best armed with accurate information about how the mobile wallet will work in the future. With so many new product trials and service rollouts for both mobile banking and payment services, it's difficult to separate fact from fiction. Today, we take an opportunity to do just that. We’ll look at some of the myths we hear most often about mobile banking and payments in the United States.
Myth #1: Mobile banking and mobile payments are one and the same
We often hear people use the term mobile financial services to refer to banking and to payments, as if they were the same thing. The fact is, they are different services that appeal to consumers in different ways, and they are accompanied by very different types of risk. As a recent position paper published by the Atlanta and Boston Federal Reserve Banks defined it, mobile banking refers to a service that accesses bank information such as account balances and transaction history and that facilitates transfers between accounts and online bill payment. Mobile payments, on the other hand, refers to the use of the phone either to make a payment for purchasing goods or services at a merchant's point-of-sale—a transaction also known as a proximity payment—or to transfer money to another person or a business. The latter transactions, domestic and remittance payments, are referred to as mobile money transfer (MMT) payments and occur remotely either within a country or cross-border. Because mobile banking services are merely extending online functionality from the PC to the cell phone, the risk profile for the mobile phone is not markedly different.
Myth #2: Mobile payments represent digital money and lack regulation
While emerging markets are experiencing some remarkable advances in mobile commerce using text messaging to send a payment via prepaid airtime, the U.S. experience, as with other developed countries, is very different. Text-message-based mobile payment systems work for those emerging markets because they are clearly safer than cash. Here and in other developed countries, we have safe payments already, so the mobile device would merely be another channel to access existing payment instruments and their networks for clearing and settlement. All the rule sets, laws and regulations, and consumer protections that govern retail payments today will simply migrate to the mobile channel. While new networks, or rails, may emerge in the future, at present, the payment network systems remain the same.
Myth #3: Mobile payments are less secure that other payment methods
First of all, the security functionalities resident in the mobile handset provide authentication capabilities that don't exist in the current payments environment. The ability to add passwords and GPS location functionality to the handset represent additional security controls to accessing payment instruments in the future mobile wallet. Today, there are no locks on your leather wallet to preclude a bad actor from stealing your credit and debit cards and using them for illicit activity.
Moreover, the technologies that enable our current payments are becoming increasingly obsolete and vulnerable to fraud. Card payments grow riskier every day as the United States remains reliant upon mag-stripe technology, which is very easy for criminals to breach and then use to clone cards for illegal payments. Because mobile devices will use contactless technology in the form of an embedded computer chip, the mobile phone will be a much more secure payment device than the plastic cards we use today.
Conclusion So maybe the idea of mobile banking and payments isn't that scary—and maybe these things aren’t even that trendy any more. When you get right down to it, the cell phone is just another form factor for a payment.
But that's not to say that a lot of new ideas aren’t percolating out there. We know that telecoms are taking small steps with micropayments by allowing consumers to pay after-the-fact for digital goods—things like avatar accessories, ringtones, and even cows and corn in online games like Farmville—on their regular phone bills. Facebook credits are reportedly evolving into Facebook payments for physical venues outside of virtual online games and stores. And we all are waiting expectantly to see if Apple will make use of its extensive iTunes network as a more open payment system whenever the next iPhone is released.
At the Retail Payments Risk Forum we'll continue to keep an eye on emerging payment developments such as these, and work toward clearing up confusion. So don't wait for a blog post, feel free to send an e-mail to any one of us in the Risk Forum if you have a question. We’d love to hear from you.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum
TrackBack URL for this entry:
Listed below are links to blogs that reference Dispelling the myths about mobile banking and payments:
November 15, 2010
Retail Payments Risk Forum publishes white paper on mobile payments
Everyone has a cell phone these days, and that ubiquity is paving the way for wide acceptance of mobile money person-to-person transfer services, also known as MMT. Emerging countries, where the mobile channel provides a safe, efficient environment for conducting financial transactions and improving financial inclusion, have been especially quick to adopt MMT. In contrast, mobile payment adoption in the United States has been slow, but many experts believe that, with more people acquiring smart phones and having access to all the applications that go with them, MMT is on the brink of becoming widely accepted.
As roaming agreements between wireless carriers and the globalization of commerce in general work together to render our world's geographic borders irrelevant, how quickly can we expect these services to migrate to the United States? More importantly, as various forms of electronic payment crimes emerge, what should the industry do to prepare for new mobile services in a cross-border environment?
To answer these questions, the Retail Payments Risk Forum recently published a white paper titled "Mobile money transfer services: The next phase in the evolution in person-to-person payments," which describes the current landscape for these services and examines the risk environment for mobile money for both developed and emerging countries as new business partnerships between bank and telecom firms take shape.
MMT has the potential to catalyze the mobile financial services market
Infrastructure developments to support MMTs could support the evolution of other financial services. According to the GSM Association, this infrastructure provides the basis for the concept of the mobile wallet, which will allow mobile phones users to conduct banking, proximity payments using the phone at a merchant's point-of-sale terminal, and remote mobile payments, including domestic and cross-border mobile transfers.
The mobile money risk environment
The risks inherent in all retail payments are also present in the mobile space, including money laundering, privacy and security, consumer protection, fraud, and credit and liquidity. As mobile financial services evolve, there will be a number of issues to consider for managing the new risks mobile phone-based payments stand to introduce. The emergence of more nonbank participants in the distribution of mobile payments, including telecom firms and their agents along with technology vendors, may create additional risk considerations for payment regulators. Since mobile technology-enabled payments do not require the face-to-face interaction that takes place with traditional banking, the resulting opaque, anonymous experience can also create more opportunity for criminal activity. This will be increasingly important in a future where mobile retail payments will occur rapidly and across geographic borders, potentially outside the purview of traditional regulatory oversight. Payments regulators have limited expertise and experience in identifying electronic payments crime in communication systems—so the potential for abuse is a real and imminent threat that is still abstract and not well understood in this early stage of the game.
Policy considerations for industry stakeholders, policymakers, and regulators
The integrity and safety of the world's retail payment systems rely on cooperative information sharing about service developments and potential gaps in regulation. A number of considerations should remain at the forefront of industry discussions.
- The new mobile landscape will require dialogue between the regulatory authorities for financial services and telecom firms. Financial and telecom sector regulators will need a comprehensive understanding of the emerging risks in mobile payments with a collective eye toward the potential need to establish new regulatory concepts of electronic money regulation. This may demand a program for routine communication to ensure that regulators understand payment system risk issues and provide effective risk-based supervision for payment services providers.
- An oversight infrastructure for mobile payments, including the financial services of telecom firms, should be established. This oversight might be established through a routinely convening workgroup representing applicable regulators or the creation of a new organization with expertise in the unique and dynamic risk issues in mobile services.
- Cross-border mobile payments may require improved customer-data sharing on an international basis. The anticipated growth in mobile remittances may demand a new environment of international cooperation and sharing of customer data and analysis.
- U.S. mobile payments services providers should be required to establish programs to mitigate the risk of money laundering. Mobile services will require new methods for detecting and monitoring data flows. All service providers, including telecoms, will need to establish risk management programs commensurate with the risk in their service offerings.
- Converged regulatory authorities should examiner consumer protection risks for potential gaps in regulatory oversight. In the United States, it may be necessary to reexamine the applicability of Regulation E protections to stored-value payments as they become more prevalent in the mobile channel, in order to prevent consumer confusion in error resolution scenarios.
The experts are right in saying that mobile adoption still low. But the rapid pace of change means that industry stakeholders, and especially regulators, need to be forward-looking and anticipate where the winds of change will blow. A rearview mirror approach to addressing emerging risks in mobile payments can be modified with proactive thinking, dialogue, and global collaboration.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum
TrackBack URL for this entry:
Listed below are links to blogs that reference Retail Payments Risk Forum publishes white paper on mobile payments:
October 4, 2010
Has existing regulation of money services businesses kept pace with their enhanced financial services options?
Most businesses that meet the definition of money services business (MSB) offer financial services such as wire transfers, currency exchange, check cashing, traveler's checks, money orders, or stored-value cards. In the past, MSBs mostly served consumers without an established banking relationship—that is, the unbanked. Today, consumers with established banking relationships may also use these services on occasion because the MSBs sometimes offer cheaper services, such as wire transfers, than banks do.
Well-established MSBs such as Western Union and MoneyGram have provided the traditional services—wire transfers, currency exchange, check cashing, and so on—for years. Over the past few years, MSBs have rapidly grown and expanded their financial services offerings with options such as Internet-directed services for person-to-person (P2P) and person-to-business (P2B) payments, stored-value products, and, most recently, mobile money transfer service, which permits users to send funds cross-border and domestically using their mobile phone.
But are these expanded financial services within the coverage of the existing regulatory framework for MSBs? Are there new money laundering risks with the introduction of new financial services options not previously anticipated by the existing regulatory framework?
Conforming MSB regulation to mirror MSBs enhanced services
Although states have regulated check cashers and money transmitters for years, regulation of these nonbank financial institutions has not been uniform. The Uniform Money Services Act (UMSA) was adopted in an effort to provide a framework to deal with money laundering issues unique to nondepository providers of financial services. UMSA applies to businesses that provide money services and requires that MSBs be licensed, maintain extensive records of their transactions, and submit to audits. Although some MSBs may only offer one or more of the services listed above, all MSBs are subject to the provisions of UMSA because of the interrelated group of services they offer and because they are not regulated in the same manner as depositary institutions.
UMSA expanded existing MSB regulatory coverage to include what was considered at the time a new type of payment service: Internet-based service. It was believed that this new type of financial service posed the same concerns as did traditional financial services, such as wire transfers and check cashing, for example.
A patchwork of regulation
MSB compliance is a complex patchwork of regulations that involve federal restrictions on money laundering as well as state consumer protection mandates. MSBs are required to follow Bank Secrecy Act/Anti-money Laundering (BSA/AML) regulations that require them to file "Currency Transaction Reports," implement AML programs, and file "Suspicious Activity Reports." The Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has delegated authority to the IRS to examine MSBs for compliance with BSA requirements. State agencies may evaluate MSBs for compliance with BSA, though they may not directly enforce the BSA. Generally, State agencies are charged with enforcing their own MSB state statutes and regulations, which sometimes may impose requirements that overlap with the BSA.
Navigating through MSB regulations
In 2009, FinCEN conducted outreach meetings with some of the largest MSBs in an effort to better understand how MSBs navigate through these numerous regulations. The meetings resulted in the production of a report that stated that as MSBs navigate through these regulations, they place significant emphasis on agent oversight and compliance, value their reputation and consumer trust as the core objective of their business models, and feel that being in compliance with BSA regulations is consistent with their business model. The results of this report do not certify that the participating MSBs were in compliance with MSB regulations.
In the last year, legislation was proposed that would centralize MSB anti-money laundering compliance with the Treasury and authorize that office to recognize a self-regulatory organization similar to the private nonprofit Financial Industry Regulatory Authority (FINRA) that regulates broker dealers. The goal of the bill is to bring about uniform registration and supervision of MSBs without preempting state laws.
MSBs play a vital role in domestic and foreign economies, particularly by providing the needed financial services that facilitate the transmission of money to foreign countries. Establishing uniform legislation may strengthen the continued work of combating money laundering and help prevent the use of MSBs as channels for money laundering or other illicit activities.
By Ana Cavazos-Wright, senior payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Has existing regulation of money services businesses kept pace with their enhanced financial services options?:
June 1, 2010
Mobile P2P money: Contemplating new risks while analyzing adoption potential
Cell phone ubiquity and the growth of wireless networks are helping the world's poor to transcend from informal, cash-based societies to societies with more efficient and safer payments systems. The recent success of mobile operator-led payments services in emerging markets is galvanizing market experimentation in developed countries such as the United States.
Technology ripe for advance of mobile P2P
Mobile network operators and other nonbank firms are beginning to offer mobile-enabled payments transfer services in cross-border environments, using "agents" such as the corner store to accept cash deposits and accommodate withdrawals in lieu of traditional bank branches. These money transfer services, including both domestic and cross-border person-to-person (P2P) payments, are shifting to the mobile channel, providing consumers efficient, electronic alternatives to paper-based P2P payments. However, improved carrier roaming capacity and increased transaction activity may create opportunities for money laundering abuses and other unforeseen financial crimes. As new mobile financial services such as mobile P2P gain acceptance in markets throughout the world, how will industry participants plan for new and unanticipated risks?
The potential for market adoption
According to CGAP—or the Consultative Group to Assist the Poor—more than a billion people worldwide lack access to traditional financial services, but they do have mobile phones. This ubiquity has the potential to extend even more financial services to unbanked peoples throughout the world. In fact, a 2007 survey conducted by the GSM Association found that respondents expected the number of subscribers using mobile domestic money transfers to grow more rapidly for developed markets than for developing markets. These results imply that consumers in developed markets are interested in electronic P2P payment options and would be willing to conduct them via the mobile device.
The game changer when we think about payment adoption is the ability of the cell phone to execute domestic transfers in addition to international exchanges. This expanded functionality may fulfill the needs of mainstream consumers, as well as the unbanked, by giving them a convenient, cheap, and efficient alternative to writing checks or going to an ATM for a cash withdrawal for low-value exchanges.
The risk environment
In emerging markets, the risks of money laundering, identity theft, and other fraud are very real—they are merely eclipsed by the risks inherent in informal, cash-based systems, such as theft and extortion and possibly more violent crimes. So consumers in these countries where mobile payments are successful are arguably better off today despite the new risks introduced. However, this may not be the case in the United States, where we have a vast array of secure payment alternatives in place already. If convenience ultimately leads to adoption here, as it has abroad, what risks will P2P mobile money introduce, and how will we manage them?
The risks inherent in all retail payments systems are also present in the mobile space, including money laundering, privacy and security, consumer protection, fraud, and credit and liquidity risks. However, the mobile environment adds a dimension of complexity that makes quantifying risk more difficult. Participants in the payments value chain are increasingly disintermediated and outside the traditional legacy banking environment where the regulatory and legal governances are well established. In addition, there are other risks more unique to telecom firms that financial institutions and their regulators lack experience in detecting and monitoring. Finally, the regulatory domains governing banking and telecommunications are accustomed to operating independently and autonomously from one another and may be challenged to work collaboratively.
Implications for the United States
Domestic and international mobile money transfers are gaining adoption in world markets whose participants are likely to transact with U.S. consumers as wireless carriers provide services cross-border. Today, evidence in support of U.S. consumer demand is inconclusive because of the limited availability of P2P services and limited user experience. However, prevalence in offerings may not be the appropriate benchmark for determining whether discussions on risk management and payment system integrity are important going forward, as risk exposure may not be directly correlated to the rate of adoption. In order to protect the integrity and ensure continued security of retail payments systems in the United States, all participants in the emerging mobile payments industry should engage in proactive dialogue on emerging risk issues inherent in mobile money transfers.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum
TrackBack URL for this entry:
Listed below are links to blogs that reference Mobile P2P money: Contemplating new risks while analyzing adoption potential:
- The Year(s) of Ransomware
- What Canada Knows That We Don't
- Calculating Fraud: Part 1
- Additional Authentication: Is the Protection Worth the Hassle?
- Would Consumers Ever Give Up Their Passwords?
- Will the Password Ever Die? Part 1
- Catch Me If You Can
- Governance Down Under
- Don't Forget the Check
- Fraud Reduction at the IRS: Some Happy Returns
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud