Take On Payments

About


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

May 2, 2016


Mobile Financial Services Are Still Growing

The Federal Reserve Board's Division of Consumer and Community Affairs (DCCA) recently released its Consumers and Mobile Financial Services 2016 report. This annual research effort began in 2011 to measure the adoption and usage of mobile banking and payment activities by consumers and the use of mobile technology in making financial decisions. The latest survey was fielded in November 2015 with a respondent base of 2,510 adults age 18 and over, of which 1,064 had participated in both the 2013 and 2014 surveys.

Key adoption and usage findings from the survey include:

  • The major barriers to mobile payment adoption remain the same as in previous studies—satisfaction with current methods of payment and concerns about security.
  • Convenience is the most common reason given by the respondents for adopting mobile banking.
  • Perhaps reflecting a positive effect of mobile phone security education, 70 percent of smartphone users indicated they password-protect their phone and 78 percent indicated they download applications only from their primary application store.
  • Mobile phone penetration has remained consistent over the last three years at 87 percent of the U.S. population, although smartphones now account for 77 percent of mobile phones versus 61 percent in 2013.
  • Ownership of smartphones is higher for Hispanics than for non-Hispanic whites in this survey.
  • Usage of mobile banking services by those with mobile phones increased to 43 percent from 33 percent in 2013. Smartphone owners showed a higher usage rate of mobile banking, at 53 percent, but this rate was essentially flat from 2014.
  • While usage of mobile banking has generally increased every year for each age group, younger consumers have consistently been the most likely users while the older segment has been the least likely, as the table shows:

chart-1

  • The most common mobile banking activity is checking an account balance or making a specific transaction, followed by transferring money between accounts and receiving an account alert.
  • Despite the strong usage of mobile banking, more than 80 percent of smartphone owners with a bank account visited a branch or used an ATM over the last 12 months, while only 29 percent called their banks.
  • Mobile payment activity still lags mobile banking activity. Only 24 percent of mobile phone owners had made a mobile payment over the last 12 months, compared to 43 percent of mobile phone owners with a bank account who used mobile banking. The study found that there is no clear relationship between mobile payment usage and income or education level. As in previous surveys, minorities make mobile payments at a higher rate than white, non-Hispanic consumers.

Additional findings from the survey as to security and privacy and the use of the phone in making financial decisions will be highlighted in future blogs. This survey provides valuable data in the ongoing evolution and adoption of mobile banking services and I hope you will read it in detail.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

May 2, 2016 in mobile banking, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 28, 2016


Continuing Education in Mobile Payments Security

Just over a year ago, I wrote a post raising the question of which stakeholder or stakeholders in the payments ecosystem had the responsibility for educating consumers regarding payments security. As new payment technologies such as mobile devices, wearables, and the Internet of things gain acceptance and increased usage, who is stepping up not only to teach consumers how to use the devices but also how to do so in a safe and secure manner?

Since it is generally financial institutions that have the greatest financial risk for payment transactions because of the protective liability legislation that exists in the United States, this responsibility has fallen largely to them. However, this educational effort has become increasingly difficult since consumers generally acquire these new products at retail outlets or mobile carrier stores, where the financial institution has no direct contact with the consumer.

The Consumer Federation of America (CFA) recently continued its ongoing efforts to provide educational information to consumers with the release of a guide to mobile payments. The guide is comprehensive, covering issues such as privacy, security of the mobile device, the dangers of malware, error resolution, and dispute procedures for mobile payments, and concludes with a humorous animated video that recaps some of the risks with mobile phones if they are not secured and used properly.

As an example, in its section on privacy, the guide offers the following tips:

  • Read the privacy policies of the companies whose services you are using to make mobile payments and the companies that you are paying.
  • If you don't like a company's privacy policy, take your business elsewhere.
  • Don't voluntarily provide information that is not necessary to use a product or service or make a payment.
  • Take advantage of the controls that you may be given over the collection and use of your personal information.
  • Since mobile payments, like all electronic payments, leave a trail, if there are transactions that you would prefer to make anonymously, pay with cash.

Kudos to the CFA for its work on this effort. I hope you will read the guide and spread the word about the availability of this valuable resource. It is through the combined efforts of the payments stakeholders that we can work to improve the knowledge level of all parties involved and promote secure usage.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

March 28, 2016 in consumer protection, innovation, mobile banking, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

February 22, 2016


2016 Payment Predictions

In our 2015 year-end review, we promised we would provide some predictions and expectations for payments in the United States during 2016. Predictions are usually pretty…unpredictable, so by waiting a couple of months to release ours, we're hoping they will end up being more accurate than usual. Disclaimer: These predictions are through the collective wisdom of the Retail Payments Risk Forum staff and do not reflect the opinions of the Federal Reserve System or the Board of Governors. So here we go in no particular order or probability of happening.

  • Cyberattacks will be the top threat to payments security: Cyberattacks and data breaches will be as robust as ever and will be the number one threat in the payments ecosystem. As retailers and financial service companies strengthen their defenses, the Risk Forum predicts that hackers will widen their focus.
  • This will be the year for mobile point-of-service (POS) payments…not!: Like the broken analog clock face that is correct twice a day, we believe that those forecasting 2016 as the "year of mobile payments" (as they did in 2013, 2014, and 2015) will be a little bit right, but will still be waiting for this optimistic prediction to be fully true. While the adoption pace of mobile payments is growing because of the increasing influence of millennials, the issues of limited merchant acceptance points, fragmentation, and consumer concerns over security and privacy will remain as substantial hurdles. Major educational efforts will be launched stressing the increased security provided by mobile payments through tokenization and biometrics.
  • EMV (chip card) POS migration will pick up the pace from 2015: The liability shift for POS took place October 1, 2015, and projections for both card and terminal capability missed their optimistic marks for a variety of reasons. Credit and debit card reissuance will continue during 2016 and should reach significant conversion levels by the end of the year. The Risk Forum expects the pace of merchant terminal conversions to pick up as certifications are completed and merchants targeted by counterfeit card fraudsters feel the sting of losses. However, we also think some merchant categories, such as restaurants, will continue to proceed at a tepid pace.
  • ACH same-day service will not be a huge hit: The Risk Forum forecasts that the roll-out of NACHA's mandated same-day ACH service in September will, at least initially, have modest adoption because corporate originators will have to update internal systems to support faster payments, the dollar cap of $25,000 per payment, and the imposition of the interbank fee. Consumer payment applications will have modest uptake due to competing payment alternatives.
  • EMV ATM liability shift will cause the number of ATMs to shrink: The implementation of chip card readers in ATMs will follow the same pattern as POS terminals did in 2015—the large ATM owners and operators will meet the October 2016 deadline but many of the small and mid-sized operators, especially those owned by nonfinancial institutions, will not and will be faced with absorbing the loss of transactions made with counterfeit cards—a fraud loss they haven't experienced in the past. Overall, the Risk Forum looks for the ATM base in the U.S. to contract by 10 to 15 percent because of financial institution mergers and the cost of EMV upgrades.
  • Mobile wallet space will continue to see turbulence: 2015 saw the launch or announcement of more mobile wallets by payment stakeholders such as Samsung, Google, Chase, Capital One, Walmart, and Target. Then add the retailer and credit union consortiums (MCX CurrentC and CU Wallet) that are struggling to emerge from uncertainty. How many wallets will the consumer be willing to load on a phone and which providers do they trust to keep their payments and banking credentials safe? We believe we'll see continued turbulence in this space during 2016, with some settling of the dust by next year.
  • Blockchain technology interest will accelerate: Cryptocurrencies will continue to exist in the "novelty" space, but we think large payments players will direct efforts to leveraging the distributed ledger technology for various uses and will proceed at an accelerated pace.
  • Biometric technology improves, but passwords remain supreme: Despite continued cries for intervention, the user ID and password will remain the primary authentication method that consumers use to access their various applications. Biometrics technology for payment and customer authentication applications will continue to improve while decreasing in price. Fingerprint, facial recognition, and eye/iris recognition will dominate as the most-used biometrics although voice recognition will serve as a key method in certain environments such as call centers. The Risk Forum believes that the technology will continue to face critical adoption challenges due to concerns about privacy, security, and safety, but educational programs will lower this resistance.
Photo of Mary Kepler
Mary Kepler
Photo of Steven Cordray
Steven Cordray
Photo of Doug King
Doug King
Photo of David Lott
Dave Lott
Photo of Jessica Trundley</span>
</div>
Jessica Trundley
Photo of Julius Weyman
Julius Weyman

February 22, 2016 in cybercrime, data security, EMV, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

February 16, 2016


Changing How We Pay Online in 2016

Over the past few years, I've done the majority of my Christmas shopping online through my laptop or mobile device. This year, I did 100 percent of my shopping online due to an accident that left me mostly immobile. Though shopping online was certainly easier for me than trying to get out in the hustle and bustle of the December shopping madness, the payment experience for some of my transactions was as painful as my leg injury.

I have been hearing for years how the mobile phone is going to replace my wallet, and one reason is that our phones are increasingly with us while our wallets are not. Yet I never leave my house or office without my wallet unless I forget it. In fact, I forget my mobile phone more often than my wallet, but apparently I'm an exception. However, I realized that when I'm home, I am rarely with my wallet. Out of habit, I leave my wallet sitting on a shelf in the closet. This habit never created issues for me until recently.

Except for websites that have my card on file, I am almost always required to enter my card information (account number, expiration date, and maybe the card security code). The expiration or CVV2 are still required even for some of my card-on-file transactions. While it's always been something of a hassle to go get my card information from my closet, I never gave much thought to the friction of the experience—that is, until my left leg was temporarily rendered useless and making it to my wallet in the closet became difficult. When my wife wasn't around to get my wallet, my cart abandonment rate pushed 100 percent.

Then I discovered how easy it is to use online digital wallets. And I tried a lot of them—PayPal, American Express Checkout (actually more of a platform than a wallet), Visa Checkout, and MasterCard's MasterPass, to name a few. While each wallet has its pros and cons and merchant acceptance varies by wallet, I gained a greater appreciation for these transactions because of how easy it was not needing to physically have my card to enter the requested information for each transaction beyond the initial wallet setup. And I liked not having my card on file with a merchant. By the end of the shopping season, I had become a big fan of digital wallets.

Removing friction from the consumer experience is just one reason why many believe that mobile proximity payments will flourish. I never agreed with that reason (this was in a pre-EMV world though!) but it is a big reason why I believe online commerce will experience a significant transformation in 2016 with both merchant and consumer adoption of digital wallets taking off this year.

By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

February 16, 2016 in mobile banking, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

January 19, 2016


Mobile Wallets: Is This the Year?

In our 2015 year-end retrospective post, we commented on the slow pace of adoption of mobile payments despite the introduction of several major mobile wallets. While some consumer research continues to point to widespread consumer usage of mobile wallets in the coming years, we have seen similar projections from past research fail to materialize.

So what have been the major barriers to adopting mobile wallets? And for those who have adopted them, what functions are the most important? As I have noted before, I am a firm believer in former Intel CEO Andrew Grove's 10X rule: a new technology experience must be at least 10 times better than the previous method to achieve widespread consumer adoption and usage. A number of different elements—speed, cost, convenience, personalized experience, ease of use, and so on—can all contribute to achieve that 10X factor. Another critical element is the consumer's trust in the security of the wallet to ensure that payment credentials and transaction information will not be compromised in some way. The market research and strategy firm Chadwick Martin Bailey (CMB) conducted mobile wallet research in March–April 2015 on a nationally representative sample of smartphone owners and specifically asked mobile wallet nonusers what were their particular security concerns. As the chart shows, identity theft and the interception of personal information during the transaction were the top two reasons given.

Chart-1

The tokenization of payment credentials goes a long way to providing a higher level of security, but a major educational effort is required to relay this knowledge to consumers to increase their level of confidence. The CMB study found that 58 percent of nonusers would be somewhat or extremely likely to use a wallet if tokenization of their payment account information were performed.

But is it enough to convince consumers that mobile payments are more secure to significantly speed up adoption and usage? Mobile wallet proponents have been saying for years that the mobile wallet must deliver more than just a payment function, that it should include incorporate loyalty, couponing, identification, or other functions.

So if the desired end state is known, why is it taking so long for the mobile wallet providers to achieve that winning solution? The retailer consortium MCX is going into its fourth year of development and has just recently begun a pilot program of its CurrentC wallet in the Columbus, Ohio, market. Two of MCX's owners and major U.S. retailers, Walmart and Target, have announced in the last couple of months their plans to develop and operate their own mobile wallet. While these companies still profess their support of the MCX program, have they concluded that a common mobile wallet solution among competing retailers doesn't meet all their specific needs? Or is it a desire to offer their customers a wider choice of shopping experience options and differentiate their experience? Or is it another reason altogether? Only time will tell.

So do you believe that 2016 will be the year of the mobile wallet? Let us know what you think.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

January 19, 2016 in consumer fraud, contactless, identity theft, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

January 4, 2016


The Year In Review

2015 marked the end of the era for my favorite late-night talk show host. In his 33 years of bringing laughter to late-night audiences, David Letterman is perhaps best known for his nightly Top 10 list. During the last several years, the Risk Forum's last blog for the year has included our own list of top 10 payments events. Our efforts clearly didn't match Letterman's entertaining Top 10s, and we have decided to retire our Top 10 blog in favor of a year-end review blog.

2015 can easily be characterized as "The Year of Deals." We witnessed two established payment processors, Worldpay and First Data, become publicly traded entities, with IPOs during the year. Following these IPOs, Square became the first "Unicorn"—a tech start-up with a valuation in excess of $1 billion—to test the public markets with its IPO. Beyond the IPOs, there were ample other noteworthy deals in 2015, including Ebay spinning off PayPal as its own entity; Visa acquiring its former subsidiary, Visa Europe; Global Payments' acquisition of Heartland; and a host of mergers such as the one between Early Warning and ClearXchange. On the venture capital and private equity side, indications suggest that 2015 will top 2014's nearly $10 billion investment in financial technology in the United States with payments-related investments leading the way.

Near and dear to the Risk Forum, notable risk-related stories will also make 2015 memorable. The long-anticipated initial EMV liability shift took place on October 1 with mixed reviews from different participants in the payments ecosystem. Data breaches that included the compromise of payment credentials and personally identifiable information seemed to be an almost-weekly event during the year. In response to the increasing incidence of data breaches and anticipated increase in card-not-present fraud, the buzz surrounding tokenization, which began in earnest with the launch of Apple Pay in 2014, intensified within the payments industry.

Mobile proximity payments might be the most frequent payment topic over the past five years, and 2015 was no different. While many have labeled each year over the last five as the "Year of Mobile Payments," mobile still has a way to go before the Risk Forum is willing to give this title to any year, including 2015. However, momentum for mobile proximity payments remained positive with the launch of Apple Pay rivals Samsung Pay and Android Pay. We witnessed a well-known and early established mobile wallet, SoftCard (originally branded as Isis), exit the playing field after being acquired by Google. The Merchant Customer Exchange (MCX), a consortium of retailers, launched a pilot of its mobile wallet—CurrentC—and has also partnered with Chase and its Chase Pay service with entrée to 94 million cards; and two large Financial Institutions, Chase and Capital One, both announced new mobile wallet initiatives. In December, Walmart and Target announced their own mobile payment applications. While mobile proximity payment usage remains minimal, it is becoming increasingly clear that consumers are using their mobile phones to shop online. According to holiday shopping figures from Black Friday through Cyber Monday 2015, mobile shopping accounted for approximately one-third of total e-commerce sales.

Finally, in 2015, the payment industry witnessed the launch of a comprehensive, collaborative effort to improve the speed and security of payments in the United States. In January, the Federal Reserve issued its long-anticipated Strategies for Improving the U.S. Payment System followed by the formation of two task forces, Faster Payments and Secure Payments, seeking to turn these strategies into actionable payment improvements. Related to improving the speed of payments, NACHA membership approved a same-day ACH service after a similar measure failed to gain approval in 2012.

As those in the payments industry have come to expect excitement and innovation, 2015 did not disappoint. And while it's certainly fun to look back, we must always keep looking ahead. Perhaps the most famous late-night talk show host, Johnny Carson, understood this best with his beloved great seer, soothsayer, and sage Carnac the Magnificent persona. Be on the lookout for our upcoming blog where the Risk Forum will channel our inner Carnac with some predictions and expectations for payments in 2016.

By the Retail Payments Risk Forum at the Atlanta Fed

January 4, 2016 in cybercrime, data security, mobile payments, payments study | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

August 31, 2015


A Swing and a Miss

"Keep your eyes on the ball." I'm guessing my son heard those words at least 20 times a game this past baseball season. If you can't follow the ball, then your chances of a successful plate appearance are pretty slim.

Departing from the usual risk-related prose and taking a signal from the blog's name Take On Payments, I want to offer my thoughts on mobile payments. This topic floods my payments news feeds and is the subject du jour at nearly every payments-related event. Mobile payments can mean many things to many people, but one of the hottest areas is mobile at the point of sale (POS), also known as proximity payments—that is, what Apple Pay, Starbucks, and Samsung Pay among others all offer.

And this is where I think the payments industry is taking its eyes off the ball. Why do consumers want to use mobile phones to replace cash or cards at the POS? A key barrier cited by consumers who have not adopted mobile proximity payments is their satisfaction with current payment methods. So what is the best way to get consumers to use their mobile devices to replace cash or cards at the POS?

The mobile phone has significantly changed the way people interact. It's almost comical to me that the device has retained the word phone. While there will always be people who want to hear a voice or interact directly with another person, the mobile device is turning us into a society that prefers messaging over speaking and interacting through the device rather than face to face. (My nieces text each other while sitting in the same room!) Furthermore, we have come to expect information to be readily available to us whenever and wherever we desire it. People don't like waiting, and the mobile device has intensified this impatience. To understand consumer behavior in light of this mobile revolution, we don't have to look any further than the reduction of bank branches and staffing coupled with the rise of mobile banking solutions.

Yet the proximity payment solutions don't address consumer behavior with their mobile devices. I understand merchants valuing the ability of proximity payments to provide loyalty programs and targeted offers, but do these extra services really address consumers' core needs and wants? It seems to have worked for Starbucks in a closed-loop environment but has yet to be replicated in an open-loop environment. (Closed loop means that the payment is usable only at a provider's place of business, as for the Starbucks app. Open loop means the payment, like Apple Pay, is usable anywhere that has the infrastructure to read the app.)

By keeping the focus on the consumer, it seems to me that the mobile payments industry can work on reducing the physical interaction of payments and current wait times associated with the payment process. Uber, Chipotle, and the Starbucks mobile app are evolving to address these consumer needs. These apps essentially remove the payment from the POS (some would say that they make the payment invisible) and allow for minimal personal interaction and waiting times.

Hence, I predict the growth of mobile payments will come not from the POS but rather through mobile in-app payments. That's where I'd be setting my sights on the mobile payments diamond. Perhaps this will create a healthy discussion (hopefully not a bench-clearing brawl), but I think mobile at the POS is a swing and a miss. What do you think?

Photo of Douglas A. King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed


August 31, 2015 in innovation, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

July 6, 2015


Growing, Growing, Gone!

As we've blogged before, check writing has been steadily declining as electronic payments have grown. For example, the number of checks written in 2012 was 21 billion, down from 27.8 billion in 2009, according to the 2013 Federal Reserve Payments Study. We may be writing fewer checks than ever, but more than anything, we want the convenience of depositing our checks with mobile devices. A 2013 survey by ath Power Consulting found that mobile remote deposit capture (mRDC) is the "most sought-after mobile banking feature" among consumers. And financial institutions are answering this demand. According to 2014 surveys from Federal Reserve Banks (the Dallas Fed's, for example), about 48 percent of responding institutions are currently offering mobile capture and another 41 percent are planning to offer it within the next two years.

With mRDC in such demand, solutions providers and financial institutions should be investing in risk management strategies. But if check writing is a declining business, will mRDC risk management investments end up on the disabled list? Financial institutions must look at the potential losses and how they occur, evaluate the means to minimize these, and carefully weigh these factors against the dwindling check industry.

The mRDC channel faces two primary loss challenges: fraudulent items and duplicate check presentment. A fraudulent item might be an altered, forged, or counterfeit check; it can also be an intentional duplicate presentment. The other challenge occurs when a customer unintentionally presents a deposited item a second time. Research and anecdotal evidence suggest many duplicate presentments result from customer errors. These represent a growing customer education need. Financial institutions must find room in the allocated lineup and spending cap for fraud and duplicate detection enhancements.

Handling duplicate check presentments landed an all-star position on the agenda at most payments operation conferences this past year. Duplicate check presentments mean returns and adjustments, which in turn mean time and money for the financial institutions. When duplicate presentment involves more than one bank of first deposit, losses are often sustained from misunderstanding holder-in-due-course rights and return-versus-adjustment processes. Financial institutions often need to reconstruct what happened, analyze the facts, and possibly consult legal counsel.

But rather than handling these risks with expensive roster moves, considering the declining use of checks, financial institutions can meet the threat at the origin, through customer education and enforcement policies. Financial institutions that offer mRDC can make disclosed stipulations. For example, they can require that the original check be destroyed after confirmation, or that checks have a specific restrictive endorsement that includes "for mobile deposit only." Ultimately, if a consumer deposits a check twice, financial institutions can charge a fee or suspend service. In general, customers want to avoid fines, so they tend to play within the rules when fines are looming. If training customers is a home run in mitigation, then the grand slam is having detection systems that support the stipulations and rules put into place.

Photo of Douglas A. King By Jessica J. Trundley, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

July 6, 2015 in checks, consumer protection, mobile banking, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

June 29, 2015


The More Things Change, the More They Stay the Same

As I write this blog on the screened porch of a North Alabama lake house, the cicadas are constantly buzzing in the background. I am fascinated by the life cycle of this species—namely, the emergence of the periodical cicadas from belowground every 13 to 17 years. This life cycle got me thinking how the world has changed since the last time the 17-year cicadas emerged. And while in this neck of the woods, some things have changed—new houses have been built and personal watercraft are now constantly buzzing on the lake—some things have remained the same. The nearest grocery store is still 30 minutes away and the iced tea is as sweet as it ever was. Is this mixed scenario really any different for payment card fraud?

Certainly a lot has changed in card payments during the last 17 or so years. We've witnessed the enormous growth of debit card transactions, the continued growth of credit card transactions, the emergence of the e-commerce and mobile payments channels, and the almost global adoption of the EMV (chip) card. As card payment usage has evolved, so has the fraud landscape. Lost and stolen card fraud fell out of vogue while counterfeit card fraud took off only to see stolen card fraud re-emerge when the issuance of EMV cards in most markets thwarted counterfeit card fraud. Point-of-sale (POS) fraud is occurring less often across the globe because of EMV and PIN verification, driving the fraudsters to the Internet to commit card-not-present (CNP) fraud.

But what hasn't changed is the global rate of fraud. An article in the August 2013 Nilson Report estimated that the annual cost of card fraud worldwide in 2012 was 5.2 cents for every $100 spent, resulting in $11.27 billion in losses. This figure compares to Nilson's estimate of fraud losses in 1998, which ran approximately 4.8 cents for every $100 spent and resulted in a little less than $2 billion of fraud. Perhaps a fraud rate in the 5 basis points range is the industry-wide acceptable rate, but with billions of dollars being invested to mitigate fraud, I would like to think that over time the rate would be reduced (though I must admit that I am not sure what the acceptable rate should be).

Maybe this speaks to the tenacity of the card fraudsters. As we in the Retail Payments Risk Forum have often stressed, once one door is fortified, the fraudsters find another door to enter. And if we could dive deeper within the figures, I am certain that is what we would find, according to various estimates of fraud and anecdotal evidence. For example, the emergence of EMV and the use of PIN verification instead of signature verification have reduced POS fraud. Today, CNP fraud rates are significantly higher than POS fraud rates and many industry risk efforts are focused on mitigating CNP fraud.

When the cicadas reappear, undoubtedly the payment card usage and fraud landscape will look different. Perhaps mobile payments will have taken off and the use of biometrics as a method of verification will be commonplace. I feel confident that in 17 years the industry will make substantial strides in reducing e-commerce CNP fraud rates—but also that new areas of fraud will appear. Is the industry prepared to fight the next generation of fraud or will it just continue to Band-Aid the past? Should we expect a 5 basis points rate of fraud when the cicadas emerge in another 17 years? I'd like to think the rate will be lower. At a minimum, hopefully, it will remain as consistent as the sweet iced tea in this neck of the woods.

Photo of Douglas A. King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed


June 29, 2015 in cards, chip-and-pin, EMV, fraud, innovation, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

May 4, 2015


Keeping Up with the Criminals: Improving Customer Authentication

The interesting thing about authenticating customers for checks and PIN-based debit transactions is that the customer's authentication credentials are within the transaction media themselves—a signature, a PIN. But for the rest of the transaction types, authentication is more difficult. The payments industry has responded to this challenge in a few different ways, and may be turning increasingly to the use of biometrics—that is, the use of physical and behavioral characteristics to validate a person's identity.

Improving customer authentication in the payments industry has been a focal point for the Retail Payments Risk Forum since its formation. After all, authenticating the parties in a payment transaction efficiently and with a high level of confidence is critical to the ongoing safety and soundness of the U.S. payments system. We have intensified our focus over the last two years, including holding a forum on the topic in mid-2013. The Forum has also just released a working paper that explores the challenges and potential solutions of customer authentication.

The working paper examines the evolution of customer authentication methods from the early days of identifying someone visually to the present environment of using biometrics. The paper reviews each method regarding its process, advantages and disadvantages, and applicability to the payments environment.

Much of the paper looks at biometrics, an authentication method that has received increased attention over the last year—partly because smartphones keep getting smarter as folks keep adding new applications, and as manufacturers keep improving microphones, cameras, accelerometers, touch sensors, and more.

The table lays out six key characteristics that we can use to evaluate a biometric system for a particular application.

New_characteristics_table

The use of biometrics will be the subject of an upcoming forum hosted by the Retail Payments Research Forum later this fall, so stay tuned as we finalize the date and agenda. In the meantime, if you have any comments or questions about the working paper, please let us know.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

May 4, 2015 in authentication, biometrics, emerging payments, innovation, mobile banking, mobile payments, risk management | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01b8d10cb742970c

Listed below are links to blogs that reference Keeping Up with the Criminals: Improving Customer Authentication:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

Google Search



Recent Posts


May 2016


Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31        

Archives


Categories


Powered by TypePad