Take On Payments

July 25, 2016


Cash: Reports of Its Pending Death Are Greatly Exaggerated

I usually chuckle when I read an article forecasting the impending elimination of cash from the U.S. payments system. It seems the frequency of these articles is steadily increasing, and I wonder why. What do these people have against cash? Yes, I can somewhat understand the argument about trying to abolish the penny when it costs more to produce it (1.7 cents) than its face value. Canada, New Zealand and Australia have done so, and their citizens' lives don't seem too dramatically altered.

There is no question that consumers continue to embrace card-based payments as an alternative to cash and checks, none more so than the millennials. Critics of cash portray it as a payment method with a number of negatives including harm to personal safety (robbery) and its being expensive to acquire or process. Yet research by the Federal Reserve through its 2013 Consumer Payment Choice Survey project shows that 89 percent of the population continues to have at least some cash, and the number of currency notes that the public holds continues to grow. Additionally, while prepaid cards have made an impact on the un- and under-banked, cash is still an essential form of payment for them.

But as the 1964 Bob Dylan song goes, "the times they are a-changin'." The survey demonstrated the potential increasing influence on the future of cash that millennials might have, as more than 60 percent of those surveyed as "cash-adverse" (they never hold or spend cash) fall into the millennial age range. But will this behavior persist as they grow older and build their financial resources? The survey results provided some conflicting data for this group that hopefully will be resolved in the next survey to be conducted in the fall. For example, while they claim to not hold or use cash, nearly one-fourth indicated that cash was their preferred payment method.

The anonymous nature of cash is often cited by governmental and law enforcement officials as a reason for using it for illegal business transactions or tax avoidance. But perhaps most importantly, cash has almost universal acceptance and, in times of natural disasters, may be the only payment method that can be used for the purchase of goods and services. The reality is that cash is the payment method used by two-thirds of consumers for transactions under $10. While vending machines and parking meters are being enhanced to accept card and mobile payments, and the prepaid gift card has eliminated a lot of $20 bills in birthday cards, it's extremely difficult for me to consider a world without cash. And I believe history is on my side. Although many new payment methods have been introduced, I don't know of any that have been eliminated over the last two hundred years. So I take reassurance as I open my physical wallet and there among my various debit and credit cards, my $23 in cash sits waiting to be spent. I suspect that cash will continue to exist for centuries after my own obituary has been written.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

July 25, 2016 in currency | Permalink | Comments (0)

July 18, 2016


The 411 on Banning the RCC

Are you proficient in recognizing phone scams? One that I've frequently experienced is when the caller tells me I've won a cruise and all I have to do is pay the taxes. To help combat phone fraud, the Federal Trade Commission (FTC) amended the Telemarketing Sales Rule. Part of the amendment prohibits payment types commonly used in deceptive and abusive telemarketing practices. Effective June 13, 2016, telemarketers can't ask for payment by cash-to-cash money transfers, PINs from cash reload cards, or bank account information, which would allow them to create a remotely created check (RCC). Fraudsters prefer RCCs because reversals are more difficult, notes the FTC. In particular, RCCs sail quickly through the clearing and settlement process making for easy collection by fraudsters and clunky adjustment processes for financial institutions.

Financial institutions (FIs) are the gatekeepers to payment systems and, with the amendment to the rule, have a new risk for what their customers do. FIs have always had the compliance risk of understanding their customer's business. As an FI, how would you know if you had a telemarketing customer already on board or one attempting to apply today? Further, how would you know if a current customer is accepting payment via RCC, since RCCs look like traditional checks? If you have third-party processors as customers, these questions become more difficult. Then, the risk is to identify if your customer's customer is a telemarketer processing banned payments through your bank.

Most agreements between FIs and business customers typically include a clause binding their customers to process payments in compliance with applicable laws of the United States. What additional steps should FIs take to manage the risks that apply to different industries and different payment types?

There are limited ways to identify RCCs because such items are cleared like traditional checks. Effective November 2015, the standards for the MICR (magnetic ink character recognition) line were changed to include a "6" in a certain position in the line to indicate an RCC. This is a standard and not a requirement. But if the 6 is used, that is one way to identify an RCC. If the standard is not used, nothing uniquely identifies an item as an RCC unless one examines the signature block on the check, since RCCs have no signature. An FI or a processor may not have the ability to look at every item included in every deposit, but could have random testing in place to attempt to identify the illegal use of RCCs.

Another indicator of deceptive practices by a business customer is anomalies in return rates. A large number of adjustments may signal that abuses are taking place. An RCC is often confused with an ACH entry and some telemarketers may convert their RCCs to ACH to spread out alarming return rates.

It will be all hands on deck to stop abusive RCC practices, but the FTC has charted the course with its new rulemaking.

Photo of Jessica Trundley By Jessica J. Trundley, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

July 18, 2016 in KYC, phone fraud, remotely created checks | Permalink | Comments (0)

July 11, 2016


Surviving the Emerging Payments Providers

Predictions abound that emerging companies will dominate the remittance and person-to-person (P2P) payments space and financial institutions will be relegated to being a bystander. While I am not sold on their eventual dominance, I do think that emerging companies are creating positive changes. These changes have included new business models for financial institutions and traditional remittance providers who are able to offer their existing and prospective customers new, efficient payment choices. And as recently released financial and transaction figures show, some traditional players embracing change are poised to remain in their leadership positions.

I recently saw a speaker who said that one particular emerging digital remittance provider is the largest digital remittance business in the United States. However, I think the honor of the largest digital remittance transfer provider goes to a long-term remittance incumbent, Western Union. Though payments volume data are not available, revenue data do provide us with some insight into the size of these providers. According to Western Union's 2015 annual report, its digital money transfer services generated $274 million in revenues in 2015. As a point of comparison, three emerging companies (Xoom, Worldremit, and TransferWise) had combined revenues of $230 million. Though Western Union's online service represents only 6.3 percent of its consumer-to-consumer revenues, the segment grew by 26 percent in 2015.

In June, Chase announced changes to its digital P2P solution that will allow Chase customers to send and receive money in real time through ClearXchange with customers of Bank of America, U.S. Bank, and several other financial institutions. Chase's digital P2P solution has been a feature on the Chase mobile application and online banking website for several years now and was used in 2015 to send $20 billion in P2P payments. As a point of reference, the wildly popular emerging mobile and online P2P provider, Venmo, reported $1 billion in transfers during the month of January, up 250 percent from the prior January. With the additional reach of ClearXchange participants, Chase customers will now be able to digitally send and receive payments to 65 percent of the digital banking population in the United States, placing it in a position to experience significant growth to its digital solution.

With both remittances and P2P payments, online and mobile channels are seizing share from traditional channels. Even though the in-person agent model in remittances and P2P payments via cash and checks will remain a viable solution for many consumers, today's growth is being driven by digital models.

No doubt emerging players are threatening traditional companies for remittance and P2P dollars. However, financial institutions and established money transmitters are evolving, and based on the numbers, remain valuable payments providers. Given this environment, financial institutions and traditional remittance providers that don't evolve to embrace the digital remittance and P2P economy are at serious risk of losing share. And the threat isn't just coming from emerging companies. In fact, you can call me a traditionalist, but I think evolving traditional financial institutions and remittance providers are positioning themselves to remain the dominant providers of P2P and remittance payments.

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

July 11, 2016 in banks and banking, emerging payments, financial services | Permalink | Comments (0)

June 27, 2016


Between a Rock and a Hard Place?

Customer education encouraging safe payments practices has always been viewed by staff at the Retail Payments Risk Forum as a vital element in mitigating payments-related fraud. We have stressed this need time and time again in our posts as well as our numerous speaking engagements at payments-related conferences and events.

Financial institutions (FIs) have generally been identified as the group that should bear this responsibility as they own the account relationship, but with more intermediaries in the payments process, I think that others should also be involved. The advent of mobile banking and payments has introduced even more challenges since the financial institution doesn't get involved in the acquisition of the mobile device as that is normally handled by the mobile network sales representatives. My personal experience with these sales representatives is that once the device sale is done, they are more interested in selling me accessories or upgrading my data plan than they are teaching me about selecting and setting strong passwords or preventing malware and viruses from finding their way into my phone.

When I raise this issue with others, all too often I hear a pessimistic chorus that getting consumers to adopt strong security practices will always be a losing battle for FIs. They say that consumers will always choose convenience over security—that is, until they fall victim to fraud. And forget about any other player in the ecosystem taking on the education responsibility because if they have no liability for fraud losses, why direct funds to education when they could be deployed elsewhere?

The impact of fraud on a consumer's relationship with his or her financial institution has never been greater. We read every day about the increasing economic importance of the Gen Y or millennial segment. With an estimated 80 million people, they represent the largest segment of our country's bankable population. A late 2015 study by FICO on millennial banking habits revealed that 29 percent of respondents indicated that they would close all their accounts with a financial institution if one of those accounts experienced fraud. To make matters worse, one quarter of the survey participants indicated they would write a negative post on social media about their financial institution if they experienced a fraud incident.

So are financial institutions in a no-win situation? A ray of hope emerges from the same FICO study, which states that 41 percent of the millennials surveyed indicated that they recommended their FI to friends, colleagues, or family members after a positively handled fraud incident. Studies have consistently shown that payment security is a key concern of all customers, not just millennials. So although it may not seem fair that financial institutions have to shoulder most of the security education effort, the impact of not doing so could be significant. Perhaps it is time for a coordinated payments industry campaign to encourage consumers to adopt safer and more secure banking practices.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

June 27, 2016 in banks and banking, financial services, payments, risk | Permalink | Comments (0)

June 20, 2016


There's an App for That!

Few would question that mobile phones have had a considerable influence in our everyday activities. They provide a level of convenience and connectivity that also generates benefits to our personal safety and the security of our banking accounts and other assets. The Pew Research Center estimates that almost two-thirds of adults in the United States own a smartphone and 15 percent use them as their primary online access device either because they do not have broadband access at their home or have few other online options.

In recent blogs, I highlighted some key findings from the Federal Reserve Board of Governors' recently released Consumers and Mobile Financial Services 2016 report. The report includes a section of questions that probe how consumers use their mobile phones in financial decision making. Within the past year, 62 percent of mobile banking users with smartphones responded that they checked their balance before they made a large purchase. The power of that information is demonstrated in that for those who checked their balance or available credit, half didn't make a purchase as a result of having that information.

Forty-five percent of smartphone owners use their phone for comparison shopping at retail stores. Forty-one percent reported they use their phones to obtain product information while shopping at retail stores, and 28 percent use a barcode scanning application for price comparisons.

Though smartphone owners value the convenience phones bring to financial decision making, security and safety are primary concerns. A little more than half of the mobile banking users take advantage of the feature of receiving some type of alert from their financial institution. The most common alert cited was for a low balance, but 36 percent reported they also receive fraud alerts.

Later this year, a number of the Federal Reserve districts, including the Sixth District, will be conducting a survey of the financial institutions in their districts about the mobile banking and mobile payments services they offer. The Sixth District participated in this effort in 2014; you can find the results here. It will be interesting to see the changes that have taken place over the last two years, especially in light of the launch of the various mobile wallets, so stay tuned.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

June 20, 2016 in banks and banking, mobile banking, mobile payments | Permalink | Comments (0)

June 13, 2016


What Is GPR Feeding On? Part 2 of 2

In part 1, I shared several studies on the appetite for general-purpose reloadable (GPR) prepaid cards. It turns out there is little public data covering the fraud portion of the industry. I look forward to results from the Federal Reserve's 2016 Payments Study, which added a number of questions related to GPR card fraud.

Last week, LexisNexis® released a fraud study titled Issuers Confront Application Fraud and Account Takeover in a Post-EMV U.S. The study reports that issuers annually lose $10.9 billion to card fraud overall, with 4 percent attributed to all types of prepaid cards (not just GPR), 25 percent to debit cards, and 71 percent to credit cards. The study examines what types of fraud schemes are responsible for losses, but the data is aggregated and not broken down by card type. We will look at these results and I will describe how fraudsters could use prepaid to perpetrate that type of fraud.

Lost/stolen cards: 28 percent of total card fraud

GPR card information can be lost or stolen in a variety of ways—as can happen with all payment card instruments. When the fraudster acquires the account numbers, he or she can then sell, clone, or counterfeit new cards to make fraudulent purchases. The most common schemes include:

  • Skimming magnetic stripes via compromised ATM or POS terminals
  • Cyberattacks/data breaches
  • Simply lost or stolen cards

"Lost or stolen" also include information obtained from extortion by coercive measures and deceptive marketing. Fraudsters trick consumers into loading funds on a prepaid card and then handing over the account information. Some prepaid issuers have included warnings about this type of crime on their packaging. Some recent schemes include:

  • Pretending to represent a creditor or utility and convincing victims they are overdue on bills and must immediately make a payment using a prepaid card
  • Money-winning schemes (I always win cruises) whereby a consumer must pay taxes on the winnings with a prepaid card

Account takeover: 20 percent

These schemes typically involve business bank accounts. However, a blog by Kreb’s on Security describes a well-known case involving prepaid. Cybercriminals allegedly breached a number of payment processors over a two-year period. They acquired account information and changed account balances and daily withdrawal limits. The criminals then used the breached payment card information to clone cards to use at ATMs all over the world and withdrew nearly $55 million in cash.

Application fraud: 20 percent

Ultimately, this scheme involves the criminal opening a GPR account under a stolen or false ID, using stolen funds to open the account. Schemes that fit into this category are:

  • Filing fraudulent tax returns and sending refunds to prepaid accounts. (I recently blogged on this.)
  • Buying prepaid cards with stolen or counterfeit cards, a growing scheme that essentially creates free money out of stolen funds

Counterfeit cards: 16 percent

Counterfeiting usually occurs in conjunction with other fraud schemes. Counterfeit cards (and even lost or stolen cards) can be sold, often at a discount to the purchaser, potentially making their way into the hands of law-abiding citizens through wholesale websites.

Maybe fraudsters stock their pantry with prepaid cards, but are these common schemes unique to GPR cards or prepaid accounts? Although it's easier to open a prepaid account with little direct human contact, couldn't we substitute debit card or credit line accounts in any of these fraud schemes? Every type of monetary instrument experiences fraud but the prepaid industry has worked diligently to address these common areas. The vast majority of prepaid customers are legitimate users that have chosen this type of product for economic or payment preference reasons.

Photo of Jessica Trundley By Jessica J. Trundley, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

June 13, 2016 in cards, debit cards, fraud, identity theft | Permalink | Comments (0)

June 6, 2016


Mobile Security and Privacy

In an earlier post, I provided some of the top-line findings from the Federal Reserve Board of Governors' recently released Consumers and Mobile Financial Services 2016 report. Safety and risk continue to be cited by consumers as significant barriers to their adoption of mobile banking and other new payment technology. Many consumers either don't believe that the mobile banking channel is safe or they don't understand the security features that are part of the mobile technology. The research effort probed these issues in greater detail to better understand consumer perspectives.

One of the first questions in this area asked how safe a person's personal information is when using mobile banking. As the table shows, while there has been steady positive movement over the last three years in getting many consumers to feel their personal information is safe, there remains a great challenge. A decrease of only two percentage points (42 percent in 2015 compared to a high of 44 percent in 2014) in those who believe their personal information is "somewhat unsafe" or "very unsafe" doesn't signify much advancement in the safety education efforts for these folks.

Q. How safe do you believe people's personal information is when they use mobile banking?

table-one

In a separate survey question, a slightly higher percentage of respondents (46 percent) believed that their personal information was "very unsafe" or "somewhat unsafe" when conducting a mobile point-of-service transaction at a store.

With 15 percent of the respondents indicating they "don't know," the survey illustrates the need for additional education about the security aspects of mobile banking and payment technology. The research showed that among those with mobile phones and bank accounts, mobile banking users had more confidence in the security of mobile banking transactions than non-users. Only 3 percent of mobile banking users thought that their personal information was "very unsafe" when they use mobile banking, compared to 28 percent for non-users.

When mobile phone users were probed about their specific security concerns about using their mobile phone for banking or payments, their most common response was that they were concerned about all of the listed security risks. For those who chose one specific reason, they most frequently cited fears about the phone being hacked or the data being intercepted, followed by concerns about their phone being lost or stolen.

On a positive note, consumers appear to be adopting more secure mobile phone practices. The percentage of smartphone users who password-protect their phone increased to 70 percent in 2015 from 61 percent in 2013. One-third of the smartphone owners were using antimalware software or applications to protect their phone, and a similar share used an app or service to help them locate, remotely access, erase, or disable their phone in the event it is lost or stolen.

Additionally, consumers are recognizing the need for improved authentication with their banking service provider. Seventy-four percent of smartphone owners indicated they either "strongly agree" or "agree" that they would be willing to undergo additional authentication steps when they were logging in to their mobile banking service.

Other important findings are contained in the research report, so be sure to give it a good read.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

June 6, 2016 in malware, mobile banking, mobile payments | Permalink | Comments (0)

May 31, 2016


What Is GPR Feeding On? Part 1 of 2

I recently gave a presentation titled "Where We Are Going, We Won't Need Checking Accounts" at the NACHA Payments Conference in Phoenix. This session focused on the increasing use of alternative financial accounts such as general purpose reloadable (GPR) cards in place of traditional bank accounts. After the presentation, I overheard an attendee comment, "I don't even understand why a product like prepaid exists, when the majority of its use is attributed to those seeking anonymity to conduct fraud." While I will cover common prepaid fraud schemes in the next installment, first I think it is important to consider why prepaid products like the GPR card deserves a seat at the payments table.

I'll start with an egalitarian comparison. Consumers have the right to choose a leather or Velcro wallet and then store their cash in that wallet. In today's digital world, shouldn't a consumer also have the right to acquire a GPR card, e-wallet, or other account to store money electronically? If a consumer receives or spends money illegally in any form, then the justice system should enforce the law. Funds stored in a GPR account or a demand deposit account (DDA) is e-money, a representation of cash in your wallet. The GPR card is an access device to the stored money, functioning like the beloved debit card to the DDA.

In June 2015, the Pew Charitable Trusts published Banking On Prepaid, a report of the motivations and views of prepaid card users. The study concludes that the main reasons for prepaid card use for both banked and unbanked users are to avoid overdraft fees, debt, and check cashing fees. In addition, most GPR users are attracted to the budgeting and savings tools provided by these types of accounts. The report also found that most GPR users don't aim to be anonymous: 74 percent of unbanked GPR cardholders registered their cards, and 52 percent of banked cardholders registered. The primary benefit to registering is that the cardholder gets consumer protections like limited liability and, in many cases, insurance from the Federal Deposit Insurance Corporation.

Susan Herbst-Murphy and Greg Weed, in their 2015 paper "Millennials with Money Revisited," collected data that challenges preconceptions of GPR cards as a product for low-income and unbanked customers. These researchers identify a "power user" group of young, banked, middle- to upper-income levels as well as a "hybrid" user group that combines GPR accounts with traditional bank accounts and other alternative financial services. They suggest we look to the power users to understand why and how the product is being used.

Clearly, there is a market with a strong appetite for this financial product.

Stay tuned for the next installment, when we examine the GPR market for bad apples.

Photo of Jessica Trundley By Jessica J. Trundley, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

May 31, 2016 in prepaid | Permalink | Comments (0)

May 23, 2016


What Would Happen If the Lights Went Out for a Long, Long Time?

In 1859, a massive geomagnetic solar storm known as the Carrington Event caused extensive damage to telegraph systems and other nascent electrical devices worldwide. Telegraph lines sparked and telegraph operators could send and receive messages without the use of electric batteries. The Northern Lights lit up the sky in all of North America. Though not widely reported, on July 23, 2012 a massive cloud of solar material similar in magnitude to the Carrington storm erupted off the sun's surface, radiating out at 7.5 million miles per hour. Fortunately the impact of the solar storm missed Earth by nine days because of the Earth's orbit position.

One report estimates that a Carrington-level storm today could result in power outages affecting as many as 20–40 million Americans for a duration ranging from 16 days to two years at an economic cost of up to 2.5 trillion dollars. A research paper in Space Weather estimated the odds of a Carrington-level storm at about 12 percent over the next 10 years. Early warning of such a storm is possible since satellites can detect impending storms and have the potential to provide a minimum one-day warning before it hits Earth.

So what would happen if the lights went out in much of the United States because of such a cataclysmic event? One could anticipate serious disruption of electronic payments such as ACH, cards, and wire transfers in the affected areas and beyond. What would one do to facilitate commerce in such an emergency? Well, cash and, to a lesser degree, checks could come to the fore. Use of checks would be problematic given the electronification of checks, high risk of fraud, and overdrawn accounts if banking systems are not up and running. Cash would have fewer problems if it were on hand to distribute to the affected population. Perhaps cash accompanied by ration books could be used to mitigate hoarding.

For a low-probability extreme-impact event that results in cash becoming the only way, among existing payment instruments, for commerce to take place, what contingency plans are in place to ensure that consumers and businesses can obtain cash? Since the contingency systems we have in place to handle a future Hurricane Katrina or Hurricane Sandy are likely not sufficient for an extreme event of nationwide scale, some of the issues that need to be resolved include:

  • How does one ensure that sufficient cash is on hand during an emergency?
  • How is cash going to be distributed and accounted for along the supply chain with ATMs and bank offices and their core systems inoperable due to no electricity?

Addressing these questions and others involves a monumental effort, and I don't have a ready answer. Fortunately, cash solves the problem for small-scale, low-value payments during a long-term power outage. That is, during the immediate, in-person exchange, it is an instrument that doesn't require electricity, communication networks, or computers.

This and other major calamities have always made me concerned about the push in some quarters for a full transition to electronic payments at the expense of payments less reliant on electricity and our communication networks. As an engineer by training, it is in my nature to wonder what can go awry if failsafe systems aren't in place when the unexpected happens.

With the possibility of a catastrophic event in our lifetime, would you rather have cash in hand or a card/mobile app? As for me, I'm going to the bank to cash out my accounts and then on to the hardware store to buy a gas-powered electric generator. Just kidding, though I think serious consideration and appreciation is needed for the contingency aspects of cash when things invariably go awry.

Photo of Steven Cordray  By Steven Cordray, payments risk expert in the Retail  Payments Risk  Forum at the Atlanta Fed

May 23, 2016 in ACH, cards, checks, payments | Permalink | Comments (0)

May 16, 2016


Improving Customer Authentication: Is the PIN Past Its Prime?

The Financial Fraud Action UK recently released its Year-End 2015 Fraud Update. This report, filled with fraud-related figures from a fully EMV(chip)-migrated country, provides insight into what the future of fraud in the United States might look like as we are approximately eight months into our EMV journey. And if indeed the United Kingdom’s experience is a harbinger of things to come in the United States, then I think there will be disappointment for anyone who thought EMV by itself would be a magic bullet. After I spent time studying this report, it became evident that customer authentication is the latest low-hanging fruit and fraudsters are having a feast.

Fraud losses on payment cards in the United Kingdom (£567.5m) are approaching pre-EMV migration levels, and fraud loss rates have increased above 8 basis points (0.08%), hitting a level last seen in 2009. Diving deeper, we find that:

  • As expected, card-not-present (CNP) fraud losses represent a majority of card fraud losses (70 percent). Interestingly though, ecommerce spend volume grew faster than ecommerce fraud losses in 2015, suggesting that the industry made headway in its efforts to mitigate ecommerce fraud.
  • Lost and stolen card fraud (remember, the United Kingdom is a PIN environment) increased more than 24 percent in 2015, reaching levels last seen in 2006. The report highlights distraction thefts through cameras or simply shoulder surfing as methods of fraudulently obtaining PINs.
  • Card ID theft fraud losses, defined as losses from spend on fraudulently opened or obtained cards through stolen personal information, increased by 28 percent and are now approaching counterfeit card levels.
  • A bit of good news is that counterfeit card fraud losses remain well below pre-EMV levels and fell even further in 2015—perhaps, as the report suggests, driven partly by the increased acceptance of EMV cards in the United States.
  • Beyond cards, remote banking fraud losses (losses from Internet, telephone, and mobile banking) increased by more than 134 percent during the last two years, totaling nearly £169 million.

EMV is performing exactly as expected and doing a phenomenal job of authenticating payment cards in the card-present environment. Why are fraud losses increasing in a mature EMV environment? Because customer authentication remains a challenge, as is evident by rising fraud losses from lost and stolen cards, card applications with stolen identities, and remote banking.

Whether on the front end of authenticating the user during the account opening process or the back end of authenticating the user at the time of payment, authentication measures are coming up short, and these measures include PINs and passwords. Replacing passwords has been an ongoing conversation and likely may continue to be a conversation piece rather than a prolific action item. Yet there is a growing push for the use of PINs coupled with EMV cards here in the United States. While PIN authentication is an improvement over signature authentication, it, too, has its flaws. With improvements and advancements in new technologies such as biometrics, perhaps it's time for the industry to advance beyond PINs. Because of the current signature-laden EMV environment in the U.S., the timing is perfect.

By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

May 16, 2016 in chip-and-pin, EMV, fraud | Permalink | Comments (0)

Google Search



Recent Posts


August 2016


Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      

Archives


Categories


Powered by TypePad