About


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Take On Payments

February 13, 2017


The Five-Star That Flops

For the most rabid college football fans, a major day just occurred—National Signing Day, the day when high school seniors sign scholarship papers to attend their colleges of choice. Not only have these seniors been evaluated by coaches, but also entire websites are devoted to their evaluation and ranking using a star-based system, with a five-star player being a top-rated, can't-miss player. Traditionally, much fanfare accompanies these players, and media and fans shower them with attention. Many times, these five-star players go on to accomplish great things at their respective schools, but sometimes they are "busts," failing to live up to lofty expectations and making minimal or no impact for their team. Unfortunately, my college team has had its fair share of five-star busts. Because of being let down, I no longer get caught up in recruiting rankings and I don't fret about the big recruit that got away. And in 2017, this is my new attitude when it comes to mobile payments at the point of sale, or POS.

I've been in the payments industry for a decade, and for over half of that time, I've been hearing and reading how mobile payments are going to change the POS experience. I've heard major announcements about new mobile payment wallets, from Apple Pay to Samsung Pay, and platforms, such as LevelUp, time and time again. I have overheard conversations with contemporaries and colleagues about the latest and greatest mobile solution that will forever change my experience at the POS.

But in 2017, I am not hearing any of this anymore because I am tuning it out. Oh, I am sure that I could attend a conference this year and within the first hour, someone would state that 2017 is the year of mobile payments. But after hearing about the next great mobile wallet or that this wallet will finally bring mobile payments to scale repeatedly, year after year (you get my tone by now), I am no longer getting caught up in the hype around using my phone instead of a card at the POS.

However, I will continue to get excited about mobile commerce opportunities. With more and more people shopping on their mobile phones and tablets, apps and in-browser platforms are making that experience so much better. When picking up a coffee on my way to the office or grabbing a chicken sandwich for lunch after ordering ahead on my mobile phone, I always wonder to myself, why are all those people standing in line? (I am a bit worried, and apparently rightfully so, that as more people use order-ahead features, that pick-up line might grow to be worse than the traditional ordering line.) During the Christmas season, I purchased many gifts on my mobile phone, and that experience was almost always simple and seamless—unlike in years past, when it was a bit cumbersome.

Using my phone to order ahead or shop online has truly simplified my life, unlike using my phone as a replacement to a card at the POS. With so much hype around mobile at the POS, I believe that many people only relate mobile payments to this use case, but it is so much broader. And I believe the mobile commerce piece is akin to the unheralded two-star recruit who goes on to lead his team to the national championship. What do you think 2017 entails for mobile and its place in payments and commerce?

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

February 13, 2017 in emerging payments, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

January 30, 2017


Pssst…Have You Heard about PSD2?

No, I'm not talking about the latest next-generation video gaming console. I am referring to the revised Directive on Payment Services (PSD2) that the European Parliament adopted in October 2015 and that will serve as the legal foundation for a single market for European Union (EU) payments. The original PSD was adopted in 2007 but, according to official statements, the Parliament found that an update was necessary to incorporate new types of payment services, improve consumer protection, strengthen payment transaction security, and increase competitiveness with an expected result of lower consumer fees in the payments processing market. PSD2 applies only to digital payments and must be in force in all EU countries by January 13, 2018.

The directive and subsequent implementation rules that the European Banking Authority* is developing make a number of major changes in the European banking landscape, including:

  • Opens up the regulated financial services system to merchants and processors who might initiate payments on their consumer customer's behalf as well as data aggregator firms. In particular, PSD2 will apply to any financial institutions already operating within the scope of the PSD but will also apply to third parties such as operators of e-commerce marketplaces, gift card and loyalty plans, bill payment service providers, public communication networks, account access services, mobile wallets, and those who receive payment by direct debit.
  • Requires financial institutions, upon the request of their customers, to allow these approved nonbank, third parties significant, but not unlimited, access to the customer's account and transaction data through APIs (application program interfaces). Many financial institutions see having to turn over customer data to potential competitors as a significant threat to the retention of their customer's business as well as concerns with data security.
  • Sets out two-factor customer authentication as an absolute minimum, with additional security such as one-time passwords required for higher-value transactions. The card issuer must actively authenticate all transactions above 10 euros. Critics of these provisions point out that the criminals will have fixed transaction amounts and authentication methodology information to modify their attacks.
  • Supplementing card interchange limits imposed in December 2015, prevents merchants from adding surcharges to payment card transactions. Under the original directive, each country established rules regarding surcharging on card payments. It has been a common practice of European merchants to levy a surcharge on payment card transactions to offset the interchange fee paid to issuers.

While such a comprehensive single package of regulations is unlikely to occur in the United States, various flavors of these items have been and continue to be discussed. Do you favor such types of regulation here in the United States? I suspect the answer depends on your role in the payments ecosystem. I am interested in hearing from you.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed



_______________________________________

* Final rules are expected to be published in January 2017.


January 30, 2017 in emerging payments, mobile payments, payments, payments risk, payments systems, regulations, regulators, risk | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

January 9, 2017


The Year in Review

As we move into 2017, the Take on Payments team would like to share its perspectives of major payment-related events and issues that took place in the United States in 2016, in no particular order of importance.

Cybersecurity Moves to Forefront—While cyber protection is certainly not new, the increased frequency and sophistication of cyber threats in 2016 accelerated the need for financial services enterprises, businesses, and governmental agencies to step up their external and internal defenses with more staff and better protection and detection tools. The federal government released a Cybersecurity National Action Plan and established the Federal Chief Information Security Office position to oversee governmental agencies' management of cybersecurity and protection of critical infrastructure.

Same-Day ACH—Last September, NACHA's three-phase rules change took effect, mandating initially a credit-only same-day ACH service. It is uncertain this early whether NACHA will meet its expectations of same-day ACH garnering 1 percent of total ACH payment volume by October 2017. Anecdotally, we are hearing that some payments processors have been slow in supporting the service. Further clarity on the significance of same-day service will become evident with the addition of debit items in phase two, which takes effect this September.

Faster Payments—Maybe we're the only ones who see it this way, but in this country, "faster payments" looks like the Wild West—at least if you remember to say, "Howdy, pardner!" Word counts won't let us name or fully describe all of the various wagon trains racing for a faster payments land grab, but it seemed to start in October 2015 when The Clearing House announced it was teaming with FIS to deliver a real-time payment system for the United States. By March 2016, Jack Henry and Associates Inc. had joined the effort. Meanwhile, Early Warning completed its acquisition of clearXchange and announced a real-time offering in February. By August, this solution had been added to Fiserv's offerings. With Mastercard and Visa hovering around their own solutions and also attaching to any number of others, it seems like everybody is trying to make sure they don't get left behind.

Prepaid Card Account Rules—When it comes to compliance, "prepaid card" is now a misnomer based on the release of the Consumer Financial Protection Bureau's 2016 final ruling. The rule is access-device-agnostic, so the same requirements are applied to stored funds on a card, fob, or mobile phone app, to name a few. Prepaid accounts that are transactional and ready to use at a variety of merchants or ATMS, or for person-to-person, are now covered by Reg. E-Lite, and possibly Reg. Z, when overdraft or credit features apply. In industry speak, the rule applies to payroll cards, government benefit cards, PayPal-like accounts, and general-purpose reloadable cards—but not to gift cards, health or flexible savings accounts, corporate reimbursement cards, or disaster-relief-type accounts, for example.

Mobile Payments Move at Evolutionary, Not Revolutionary, Pace—While the Apple, Google, and Samsung Pay wallets continued to move forward with increasing financial institution and merchant participation, consumer usage remained anemic. With the retailer consortium wallet venture MCX going into hibernation, a number of major retailers announced or introduced closed-loop mobile wallet programs hoping to emulate the success of retailers such as Starbucks and Dunkin' Brands. The magic formula of payments, loyalty, and couponing interwoven into a single application remains elusive.

EMV Migration—The migration to chip cards and terminals in the United States continued with chip cards now representing approximately 70 percent of credit/debit cards in the United States. Merchant adoption of chip-enabled terminals stands just below 40 percent of the market. The ATM liability shift for Mastercard payment cards took effect October 21, with only an estimated 30 percent of non-FI-owned ATMs being EMV operational. Recognizing some of the unique challenges to the gasoline retailers, the brands pushed back the liability shift timetable for automated fuel dispensers three years, to October 2020. Chip card migration has clearly reduced counterfeit card fraud, but card-not-present (CNP) fraud has ballooned. Data for 2015 from the 2016 Federal Reserve Payments Study show card fraud by channel in the United States at 54 percent for in person and 46 percent for remote (or CNP). This is in contrast to comparable fraud data in other countries further along in EMV implementation, where remote fraud accounts for the majority of card fraud.

Distributed Ledger—Although venture capital funding in blockchain and distributed ledger startups significantly decreased in 2016 from 2015, interest remains high. Rather than investing in startups, financial institutions and established technology companies, such as IBM, shifted their funding focus to developing internal solutions and their technology focus from consumer-facing use cases such as Bitcoin to back-end clearing and settlement solutions and the execution of smart contracts.

Same Song, Same Verse—Some things just don't seem to change from year to year. Notifications of data breaches of financial institutions, businesses, and governmental agencies appear to have been as numerous as in previous years. The Fed's Consumer Payment Choices study continued to show that cash remains the most frequent payment method, especially for transactions under 10 dollars.

All of us at the Retail Payments Risk Forum wish all our Take On Payments readers a prosperous 2017.

Photo of Mary Kepler
Mary Kepler
Photo of Julius Weyman
Julius Weyman
Photo of Doug King
Doug King
Photo of David Lott
Dave Lott
Photo of Jessica Trundley</span>
</div>
Jessica Washington
Photo of Steven Cordray
Steven Cordray

 

January 9, 2017 in ACH, ATM fraud, cards, chip-and-pin, cybercrime, debit cards, emerging payments, EMV, fraud, mobile banking, mobile payments, P2P, prepaid, regulations | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

November 21, 2016


Are Mobile Phone Payments Secure?

A consistent and leading reason consumers give as to why they don't use their mobile phone to make payments is their concern about the phone's level of security. While many consumers don't believe that mobile payments are as safe as other payment methods, is that actually the case? For more than six years, the Federal Reserve Banks of Atlanta and Boston have been supporting the Mobile Payments Industry Workgroup (MPIW). The MPIW was created to facilitate the development of a vision for a mobile payments environment that will be effective, secure, and ubiquitous. This group has met frequently to address the issues of technology, standards, security, privacy, functionality, regulation, and adoption barriers. The various deliverables from past MPIW meetings focus on security and risk and can be found on the Federal Reserve Bank of Boston's website.

As this blog has noted numerous times over the last two years, the migration to chip cards for in-person POS payments will shift more fraud over to the card-not-present (CNP) market. With the introduction of numerous mobile wallets since 2014 that can be enabled on smartphones, the MPIW believed that an assessment should be made of the risk issues associated with commerce generated through the mobile phone—or m-commerce—whether through a browser or a specific wallet application. Over the last eight months, Fed representatives and mobile payment experts have been working on the development of a white paper, which was released on November 8. You can access the full report here.

The MPIW's report provides an assessment and the future position of mobile payments as a part of the overall e-commerce growth expected in the United States. It groups the various types of remote mobile payments into four use cases and dissects the transaction flow for each use case with a description of the potential risk attacks in each key function of the transaction. We believe the report provides the payments industry with a sound primer of mobile wallet transaction security issues. While there are attack points in the mobile phone channel just as there are in other payment channels, the mobile phone offers features that can make a mobile payment transaction much more secure than many people currently believe. The MPIW will continue to assess the mobile CNP payments environment and produce presentations and other materials intended to educate the industry and consumers.

You can find additional MPIW white papers and other publications on the MPIW web page.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

November 21, 2016 in mobile payments, payments risk | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

August 1, 2016


FFIEC Weighs In On Mobile Channel Risks

In late April, the Federal Financial Institutions Examination Council (FFIEC) released new guidance regarding mobile banking and mobile payments risk management strategies. Titled "Appendix E: Mobile Financial Services," the document becomes part of the FFIEC's Information Technology Examination Handbook. While the handbook is for examiners to use to "determine the inherent risk and adequacy of controls at an institution or third party providing MFS" (for mobile financial services), it can also be a useful tool for financial institutions to better understand the expectations that examiners will have when conducting an exam of an institution's MFS offering.

Consistent with examiners' focus on third-party relationships for the last several years, the document points out that MFS often involves engagement with third parties and that the responsibilities of the parties in those relationships must be clearly documented and their compliance closely managed. Other key areas the document reviews include:

  • Mobile application development, maintenance, security, and attack threats
  • Enrollment controls to authenticate the customer's identity and the payment credentials they are adding to a mobile wallet
  • Authentication and authorization, emphasizing that financial institutions should not use mobile payment applications that rely on single-factor methods of authentication.
  • Customer education efforts to support the adoption of strong security practices in the usage of their mobile devices

The document also identifies and reviews strategic, operational, compliance, and reputation risk issues for the various elements of a financial institution's MFS offering. The final section of the document outlines an examiner's work plan for reviewing an MFS program with seven key objectives. I believe that it would be time well spent for the institution's MFS team to assume the role of examiner and use the work plan as a checklist to help effectively identify and manage the risks associated with an MFS program.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

August 1, 2016 in bank supervision, banks and banking, financial services, mobile banking, mobile payments, regulations, regulators, third-party service provider | Permalink

Comments

Looking forward to welcoming David Lott to our upcoming Next Money Tampa Bay meetup.

David will be our keynote on Wednesday, Sept 21, 2016 6:00 ~ 8:00 PM

Tampa Bay Wave Venture Center
500 East Kennedy Boulevard 3rd FL
Tampa Florida 33602

All are welcome to attend RSVP at

https://www.meetup.com/NextMoneyTPA/events/233171815/

Posted by: Bruce Burke | August 6, 2016 at 05:22 PM

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

June 20, 2016


There's an App for That!

Few would question that mobile phones have had a considerable influence in our everyday activities. They provide a level of convenience and connectivity that also generates benefits to our personal safety and the security of our banking accounts and other assets. The Pew Research Center estimates that almost two-thirds of adults in the United States own a smartphone and 15 percent use them as their primary online access device either because they do not have broadband access at their home or have few other online options.

In recent blogs, I highlighted some key findings from the Federal Reserve Board of Governors' recently released Consumers and Mobile Financial Services 2016 report. The report includes a section of questions that probe how consumers use their mobile phones in financial decision making. Within the past year, 62 percent of mobile banking users with smartphones responded that they checked their balance before they made a large purchase. The power of that information is demonstrated in that for those who checked their balance or available credit, half didn't make a purchase as a result of having that information.

Forty-five percent of smartphone owners use their phone for comparison shopping at retail stores. Forty-one percent reported they use their phones to obtain product information while shopping at retail stores, and 28 percent use a barcode scanning application for price comparisons.

Though smartphone owners value the convenience phones bring to financial decision making, security and safety are primary concerns. A little more than half of the mobile banking users take advantage of the feature of receiving some type of alert from their financial institution. The most common alert cited was for a low balance, but 36 percent reported they also receive fraud alerts.

Later this year, a number of the Federal Reserve districts, including the Sixth District, will be conducting a survey of the financial institutions in their districts about the mobile banking and mobile payments services they offer. The Sixth District participated in this effort in 2014; you can find the results here. It will be interesting to see the changes that have taken place over the last two years, especially in light of the launch of the various mobile wallets, so stay tuned.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

June 20, 2016 in banks and banking, mobile banking, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

June 6, 2016


Mobile Security and Privacy

In an earlier post, I provided some of the top-line findings from the Federal Reserve Board of Governors' recently released Consumers and Mobile Financial Services 2016 report. Safety and risk continue to be cited by consumers as significant barriers to their adoption of mobile banking and other new payment technology. Many consumers either don't believe that the mobile banking channel is safe or they don't understand the security features that are part of the mobile technology. The research effort probed these issues in greater detail to better understand consumer perspectives.

One of the first questions in this area asked how safe a person's personal information is when using mobile banking. As the table shows, while there has been steady positive movement over the last three years in getting many consumers to feel their personal information is safe, there remains a great challenge. A decrease of only two percentage points (42 percent in 2015 compared to a high of 44 percent in 2014) in those who believe their personal information is "somewhat unsafe" or "very unsafe" doesn't signify much advancement in the safety education efforts for these folks.

Q. How safe do you believe people's personal information is when they use mobile banking?

table-one

In a separate survey question, a slightly higher percentage of respondents (46 percent) believed that their personal information was "very unsafe" or "somewhat unsafe" when conducting a mobile point-of-service transaction at a store.

With 15 percent of the respondents indicating they "don't know," the survey illustrates the need for additional education about the security aspects of mobile banking and payment technology. The research showed that among those with mobile phones and bank accounts, mobile banking users had more confidence in the security of mobile banking transactions than non-users. Only 3 percent of mobile banking users thought that their personal information was "very unsafe" when they use mobile banking, compared to 28 percent for non-users.

When mobile phone users were probed about their specific security concerns about using their mobile phone for banking or payments, their most common response was that they were concerned about all of the listed security risks. For those who chose one specific reason, they most frequently cited fears about the phone being hacked or the data being intercepted, followed by concerns about their phone being lost or stolen.

On a positive note, consumers appear to be adopting more secure mobile phone practices. The percentage of smartphone users who password-protect their phone increased to 70 percent in 2015 from 61 percent in 2013. One-third of the smartphone owners were using antimalware software or applications to protect their phone, and a similar share used an app or service to help them locate, remotely access, erase, or disable their phone in the event it is lost or stolen.

Additionally, consumers are recognizing the need for improved authentication with their banking service provider. Seventy-four percent of smartphone owners indicated they either "strongly agree" or "agree" that they would be willing to undergo additional authentication steps when they were logging in to their mobile banking service.

Other important findings are contained in the research report, so be sure to give it a good read.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

June 6, 2016 in malware, mobile banking, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

May 2, 2016


Mobile Financial Services Are Still Growing

The Federal Reserve Board's Division of Consumer and Community Affairs (DCCA) recently released its Consumers and Mobile Financial Services 2016 report. This annual research effort began in 2011 to measure the adoption and usage of mobile banking and payment activities by consumers and the use of mobile technology in making financial decisions. The latest survey was fielded in November 2015 with a respondent base of 2,510 adults age 18 and over, of which 1,064 had participated in both the 2013 and 2014 surveys.

Key adoption and usage findings from the survey include:

  • The major barriers to mobile payment adoption remain the same as in previous studies—satisfaction with current methods of payment and concerns about security.
  • Convenience is the most common reason given by the respondents for adopting mobile banking.
  • Perhaps reflecting a positive effect of mobile phone security education, 70 percent of smartphone users indicated they password-protect their phone and 78 percent indicated they download applications only from their primary application store.
  • Mobile phone penetration has remained consistent over the last three years at 87 percent of the U.S. population, although smartphones now account for 77 percent of mobile phones versus 61 percent in 2013.
  • Ownership of smartphones is higher for Hispanics than for non-Hispanic whites in this survey.
  • Usage of mobile banking services by those with mobile phones increased to 43 percent from 33 percent in 2013. Smartphone owners showed a higher usage rate of mobile banking, at 53 percent, but this rate was essentially flat from 2014.
  • While usage of mobile banking has generally increased every year for each age group, younger consumers have consistently been the most likely users while the older segment has been the least likely, as the table shows:

chart-1

  • The most common mobile banking activity is checking an account balance or making a specific transaction, followed by transferring money between accounts and receiving an account alert.
  • Despite the strong usage of mobile banking, more than 80 percent of smartphone owners with a bank account visited a branch or used an ATM over the last 12 months, while only 29 percent called their banks.
  • Mobile payment activity still lags mobile banking activity. Only 24 percent of mobile phone owners had made a mobile payment over the last 12 months, compared to 43 percent of mobile phone owners with a bank account who used mobile banking. The study found that there is no clear relationship between mobile payment usage and income or education level. As in previous surveys, minorities make mobile payments at a higher rate than white, non-Hispanic consumers.

Additional findings from the survey as to security and privacy and the use of the phone in making financial decisions will be highlighted in future blogs. This survey provides valuable data in the ongoing evolution and adoption of mobile banking services and I hope you will read it in detail.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

May 2, 2016 in mobile banking, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 28, 2016


Continuing Education in Mobile Payments Security

Just over a year ago, I wrote a post raising the question of which stakeholder or stakeholders in the payments ecosystem had the responsibility for educating consumers regarding payments security. As new payment technologies such as mobile devices, wearables, and the Internet of things gain acceptance and increased usage, who is stepping up not only to teach consumers how to use the devices but also how to do so in a safe and secure manner?

Since it is generally financial institutions that have the greatest financial risk for payment transactions because of the protective liability legislation that exists in the United States, this responsibility has fallen largely to them. However, this educational effort has become increasingly difficult since consumers generally acquire these new products at retail outlets or mobile carrier stores, where the financial institution has no direct contact with the consumer.

The Consumer Federation of America (CFA) recently continued its ongoing efforts to provide educational information to consumers with the release of a guide to mobile payments. The guide is comprehensive, covering issues such as privacy, security of the mobile device, the dangers of malware, error resolution, and dispute procedures for mobile payments, and concludes with a humorous animated video that recaps some of the risks with mobile phones if they are not secured and used properly.

As an example, in its section on privacy, the guide offers the following tips:

  • Read the privacy policies of the companies whose services you are using to make mobile payments and the companies that you are paying.
  • If you don't like a company's privacy policy, take your business elsewhere.
  • Don't voluntarily provide information that is not necessary to use a product or service or make a payment.
  • Take advantage of the controls that you may be given over the collection and use of your personal information.
  • Since mobile payments, like all electronic payments, leave a trail, if there are transactions that you would prefer to make anonymously, pay with cash.

Kudos to the CFA for its work on this effort. I hope you will read the guide and spread the word about the availability of this valuable resource. It is through the combined efforts of the payments stakeholders that we can work to improve the knowledge level of all parties involved and promote secure usage.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

March 28, 2016 in consumer protection, innovation, mobile banking, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

February 22, 2016


2016 Payment Predictions

In our 2015 year-end review, we promised we would provide some predictions and expectations for payments in the United States during 2016. Predictions are usually pretty…unpredictable, so by waiting a couple of months to release ours, we're hoping they will end up being more accurate than usual. Disclaimer: These predictions are through the collective wisdom of the Retail Payments Risk Forum staff and do not reflect the opinions of the Federal Reserve System or the Board of Governors. So here we go in no particular order or probability of happening.

  • Cyberattacks will be the top threat to payments security: Cyberattacks and data breaches will be as robust as ever and will be the number one threat in the payments ecosystem. As retailers and financial service companies strengthen their defenses, the Risk Forum predicts that hackers will widen their focus.
  • This will be the year for mobile point-of-service (POS) payments…not!: Like the broken analog clock face that is correct twice a day, we believe that those forecasting 2016 as the "year of mobile payments" (as they did in 2013, 2014, and 2015) will be a little bit right, but will still be waiting for this optimistic prediction to be fully true. While the adoption pace of mobile payments is growing because of the increasing influence of millennials, the issues of limited merchant acceptance points, fragmentation, and consumer concerns over security and privacy will remain as substantial hurdles. Major educational efforts will be launched stressing the increased security provided by mobile payments through tokenization and biometrics.
  • EMV (chip card) POS migration will pick up the pace from 2015: The liability shift for POS took place October 1, 2015, and projections for both card and terminal capability missed their optimistic marks for a variety of reasons. Credit and debit card reissuance will continue during 2016 and should reach significant conversion levels by the end of the year. The Risk Forum expects the pace of merchant terminal conversions to pick up as certifications are completed and merchants targeted by counterfeit card fraudsters feel the sting of losses. However, we also think some merchant categories, such as restaurants, will continue to proceed at a tepid pace.
  • ACH same-day service will not be a huge hit: The Risk Forum forecasts that the roll-out of NACHA's mandated same-day ACH service in September will, at least initially, have modest adoption because corporate originators will have to update internal systems to support faster payments, the dollar cap of $25,000 per payment, and the imposition of the interbank fee. Consumer payment applications will have modest uptake due to competing payment alternatives.
  • EMV ATM liability shift will cause the number of ATMs to shrink: The implementation of chip card readers in ATMs will follow the same pattern as POS terminals did in 2015—the large ATM owners and operators will meet the October 2016 deadline but many of the small and mid-sized operators, especially those owned by nonfinancial institutions, will not and will be faced with absorbing the loss of transactions made with counterfeit cards—a fraud loss they haven't experienced in the past. Overall, the Risk Forum looks for the ATM base in the U.S. to contract by 10 to 15 percent because of financial institution mergers and the cost of EMV upgrades.
  • Mobile wallet space will continue to see turbulence: 2015 saw the launch or announcement of more mobile wallets by payment stakeholders such as Samsung, Google, Chase, Capital One, Walmart, and Target. Then add the retailer and credit union consortiums (MCX CurrentC and CU Wallet) that are struggling to emerge from uncertainty. How many wallets will the consumer be willing to load on a phone and which providers do they trust to keep their payments and banking credentials safe? We believe we'll see continued turbulence in this space during 2016, with some settling of the dust by next year.
  • Blockchain technology interest will accelerate: Cryptocurrencies will continue to exist in the "novelty" space, but we think large payments players will direct efforts to leveraging the distributed ledger technology for various uses and will proceed at an accelerated pace.
  • Biometric technology improves, but passwords remain supreme: Despite continued cries for intervention, the user ID and password will remain the primary authentication method that consumers use to access their various applications. Biometrics technology for payment and customer authentication applications will continue to improve while decreasing in price. Fingerprint, facial recognition, and eye/iris recognition will dominate as the most-used biometrics although voice recognition will serve as a key method in certain environments such as call centers. The Risk Forum believes that the technology will continue to face critical adoption challenges due to concerns about privacy, security, and safety, but educational programs will lower this resistance.
Photo of Mary Kepler
Mary Kepler
Photo of Steven Cordray
Steven Cordray
Photo of Doug King
Doug King
Photo of David Lott
Dave Lott
Photo of Jessica Trundley</span>
</div>
Jessica Trundley
Photo of Julius Weyman
Julius Weyman

February 22, 2016 in cybercrime, data security, EMV, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

Google Search



Recent Posts


February 2017


Sun Mon Tue Wed Thu Fri Sat
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28        

Archives


Categories


Powered by TypePad