Take On Payments

About


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

June 20, 2016


There's an App for That!

Few would question that mobile phones have had a considerable influence in our everyday activities. They provide a level of convenience and connectivity that also generates benefits to our personal safety and the security of our banking accounts and other assets. The Pew Research Center estimates that almost two-thirds of adults in the United States own a smartphone and 15 percent use them as their primary online access device either because they do not have broadband access at their home or have few other online options.

In recent blogs, I highlighted some key findings from the Federal Reserve Board of Governors' recently released Consumers and Mobile Financial Services 2016 report. The report includes a section of questions that probe how consumers use their mobile phones in financial decision making. Within the past year, 62 percent of mobile banking users with smartphones responded that they checked their balance before they made a large purchase. The power of that information is demonstrated in that for those who checked their balance or available credit, half didn't make a purchase as a result of having that information.

Forty-five percent of smartphone owners use their phone for comparison shopping at retail stores. Forty-one percent reported they use their phones to obtain product information while shopping at retail stores, and 28 percent use a barcode scanning application for price comparisons.

Though smartphone owners value the convenience phones bring to financial decision making, security and safety are primary concerns. A little more than half of the mobile banking users take advantage of the feature of receiving some type of alert from their financial institution. The most common alert cited was for a low balance, but 36 percent reported they also receive fraud alerts.

Later this year, a number of the Federal Reserve districts, including the Sixth District, will be conducting a survey of the financial institutions in their districts about the mobile banking and mobile payments services they offer. The Sixth District participated in this effort in 2014; you can find the results here. It will be interesting to see the changes that have taken place over the last two years, especially in light of the launch of the various mobile wallets, so stay tuned.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

June 20, 2016 in banks and banking, mobile banking, mobile payments | Permalink | Comments (0)

June 13, 2016


What Is GPR Feeding On? Part 2 of 2

In part 1, I shared several studies on the appetite for general-purpose reloadable (GPR) prepaid cards. It turns out there is little public data covering the fraud portion of the industry. I look forward to results from the Federal Reserve's 2016 Payments Study, which added a number of questions related to GPR card fraud.

Last week, LexisNexis® released a fraud study titled Issuers Confront Application Fraud and Account Takeover in a Post-EMV U.S. The study reports that issuers annually lose $10.9 billion to card fraud overall, with 4 percent attributed to all types of prepaid cards (not just GPR), 25 percent to debit cards, and 71 percent to credit cards. The study examines what types of fraud schemes are responsible for losses, but the data is aggregated and not broken down by card type. We will look at these results and I will describe how fraudsters could use prepaid to perpetrate that type of fraud.

Lost/stolen cards: 28 percent of total card fraud

GPR card information can be lost or stolen in a variety of ways—as can happen with all payment card instruments. When the fraudster acquires the account numbers, he or she can then sell, clone, or counterfeit new cards to make fraudulent purchases. The most common schemes include:

  • Skimming magnetic stripes via compromised ATM or POS terminals
  • Cyberattacks/data breaches
  • Simply lost or stolen cards

"Lost or stolen" also include information obtained from extortion by coercive measures and deceptive marketing. Fraudsters trick consumers into loading funds on a prepaid card and then handing over the account information. Some prepaid issuers have included warnings about this type of crime on their packaging. Some recent schemes include:

  • Pretending to represent a creditor or utility and convincing victims they are overdue on bills and must immediately make a payment using a prepaid card
  • Money-winning schemes (I always win cruises) whereby a consumer must pay taxes on the winnings with a prepaid card

Account takeover: 20 percent

These schemes typically involve business bank accounts. However, a blog by Kreb’s on Security describes a well-known case involving prepaid. Cybercriminals allegedly breached a number of payment processors over a two-year period. They acquired account information and changed account balances and daily withdrawal limits. The criminals then used the breached payment card information to clone cards to use at ATMs all over the world and withdrew nearly $55 million in cash.

Application fraud: 20 percent

Ultimately, this scheme involves the criminal opening a GPR account under a stolen or false ID, using stolen funds to open the account. Schemes that fit into this category are:

  • Filing fraudulent tax returns and sending refunds to prepaid accounts. (I recently blogged on this.)
  • Buying prepaid cards with stolen or counterfeit cards, a growing scheme that essentially creates free money out of stolen funds

Counterfeit cards: 16 percent

Counterfeiting usually occurs in conjunction with other fraud schemes. Counterfeit cards (and even lost or stolen cards) can be sold, often at a discount to the purchaser, potentially making their way into the hands of law-abiding citizens through wholesale websites.

Maybe fraudsters stock their pantry with prepaid cards, but are these common schemes unique to GPR cards or prepaid accounts? Although it's easier to open a prepaid account with little direct human contact, couldn't we substitute debit card or credit line accounts in any of these fraud schemes? Every type of monetary instrument experiences fraud but the prepaid industry has worked diligently to address these common areas. The vast majority of prepaid customers are legitimate users that have chosen this type of product for economic or payment preference reasons.

Photo of Jessica Trundley By Jessica J. Trundley, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

June 13, 2016 in cards, debit cards, fraud, identity theft | Permalink | Comments (0)

June 6, 2016


Mobile Security and Privacy

In an earlier post, I provided some of the top-line findings from the Federal Reserve Board of Governors' recently released Consumers and Mobile Financial Services 2016 report. Safety and risk continue to be cited by consumers as significant barriers to their adoption of mobile banking and other new payment technology. Many consumers either don't believe that the mobile banking channel is safe or they don't understand the security features that are part of the mobile technology. The research effort probed these issues in greater detail to better understand consumer perspectives.

One of the first questions in this area asked how safe a person's personal information is when using mobile banking. As the table shows, while there has been steady positive movement over the last three years in getting many consumers to feel their personal information is safe, there remains a great challenge. A decrease of only two percentage points (42 percent in 2015 compared to a high of 44 percent in 2014) in those who believe their personal information is "somewhat unsafe" or "very unsafe" doesn't signify much advancement in the safety education efforts for these folks.

Q. How safe do you believe people's personal information is when they use mobile banking?

table-one

In a separate survey question, a slightly higher percentage of respondents (46 percent) believed that their personal information was "very unsafe" or "somewhat unsafe" when conducting a mobile point-of-service transaction at a store.

With 15 percent of the respondents indicating they "don't know," the survey illustrates the need for additional education about the security aspects of mobile banking and payment technology. The research showed that among those with mobile phones and bank accounts, mobile banking users had more confidence in the security of mobile banking transactions than non-users. Only 3 percent of mobile banking users thought that their personal information was "very unsafe" when they use mobile banking, compared to 28 percent for non-users.

When mobile phone users were probed about their specific security concerns about using their mobile phone for banking or payments, their most common response was that they were concerned about all of the listed security risks. For those who chose one specific reason, they most frequently cited fears about the phone being hacked or the data being intercepted, followed by concerns about their phone being lost or stolen.

On a positive note, consumers appear to be adopting more secure mobile phone practices. The percentage of smartphone users who password-protect their phone increased to 70 percent in 2015 from 61 percent in 2013. One-third of the smartphone owners were using antimalware software or applications to protect their phone, and a similar share used an app or service to help them locate, remotely access, erase, or disable their phone in the event it is lost or stolen.

Additionally, consumers are recognizing the need for improved authentication with their banking service provider. Seventy-four percent of smartphone owners indicated they either "strongly agree" or "agree" that they would be willing to undergo additional authentication steps when they were logging in to their mobile banking service.

Other important findings are contained in the research report, so be sure to give it a good read.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

June 6, 2016 in malware, mobile banking, mobile payments | Permalink | Comments (0)

May 31, 2016


What Is GPR Feeding On? Part 1 of 2

I recently gave a presentation titled "Where We Are Going, We Won't Need Checking Accounts" at the NACHA Payments Conference in Phoenix. This session focused on the increasing use of alternative financial accounts such as general purpose reloadable (GPR) cards in place of traditional bank accounts. After the presentation, I overheard an attendee comment, "I don't even understand why a product like prepaid exists, when the majority of its use is attributed to those seeking anonymity to conduct fraud." While I will cover common prepaid fraud schemes in the next installment, first I think it is important to consider why prepaid products like the GPR card deserves a seat at the payments table.

I'll start with an egalitarian comparison. Consumers have the right to choose a leather or Velcro wallet and then store their cash in that wallet. In today's digital world, shouldn't a consumer also have the right to acquire a GPR card, e-wallet, or other account to store money electronically? If a consumer receives or spends money illegally in any form, then the justice system should enforce the law. Funds stored in a GPR account or a demand deposit account (DDA) is e-money, a representation of cash in your wallet. The GPR card is an access device to the stored money, functioning like the beloved debit card to the DDA.

In June 2015, the Pew Charitable Trusts published Banking On Prepaid, a report of the motivations and views of prepaid card users. The study concludes that the main reasons for prepaid card use for both banked and unbanked users are to avoid overdraft fees, debt, and check cashing fees. In addition, most GPR users are attracted to the budgeting and savings tools provided by these types of accounts. The report also found that most GPR users don't aim to be anonymous: 74 percent of unbanked GPR cardholders registered their cards, and 52 percent of banked cardholders registered. The primary benefit to registering is that the cardholder gets consumer protections like limited liability and, in many cases, insurance from the Federal Deposit Insurance Corporation.

Susan Herbst-Murphy and Greg Weed, in their 2015 paper "Millennials with Money Revisited," collected data that challenges preconceptions of GPR cards as a product for low-income and unbanked customers. These researchers identify a "power user" group of young, banked, middle- to upper-income levels as well as a "hybrid" user group that combines GPR accounts with traditional bank accounts and other alternative financial services. They suggest we look to the power users to understand why and how the product is being used.

Clearly, there is a market with a strong appetite for this financial product.

Stay tuned for the next installment, when we examine the GPR market for bad apples.

Photo of Jessica Trundley By Jessica J. Trundley, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

May 31, 2016 in prepaid | Permalink | Comments (0)

May 23, 2016


What Would Happen If the Lights Went Out for a Long, Long Time?

In 1859, a massive geomagnetic solar storm known as the Carrington Event caused extensive damage to telegraph systems and other nascent electrical devices worldwide. Telegraph lines sparked and telegraph operators could send and receive messages without the use of electric batteries. The Northern Lights lit up the sky in all of North America. Though not widely reported, on July 23, 2012 a massive cloud of solar material similar in magnitude to the Carrington storm erupted off the sun's surface, radiating out at 7.5 million miles per hour. Fortunately the impact of the solar storm missed Earth by nine days because of the Earth's orbit position.

One report estimates that a Carrington-level storm today could result in power outages affecting as many as 20–40 million Americans for a duration ranging from 16 days to two years at an economic cost of up to 2.5 trillion dollars. A research paper in Space Weather estimated the odds of a Carrington-level storm at about 12 percent over the next 10 years. Early warning of such a storm is possible since satellites can detect impending storms and have the potential to provide a minimum one-day warning before it hits Earth.

So what would happen if the lights went out in much of the United States because of such a cataclysmic event? One could anticipate serious disruption of electronic payments such as ACH, cards, and wire transfers in the affected areas and beyond. What would one do to facilitate commerce in such an emergency? Well, cash and, to a lesser degree, checks could come to the fore. Use of checks would be problematic given the electronification of checks, high risk of fraud, and overdrawn accounts if banking systems are not up and running. Cash would have fewer problems if it were on hand to distribute to the affected population. Perhaps cash accompanied by ration books could be used to mitigate hoarding.

For a low-probability extreme-impact event that results in cash becoming the only way, among existing payment instruments, for commerce to take place, what contingency plans are in place to ensure that consumers and businesses can obtain cash? Since the contingency systems we have in place to handle a future Hurricane Katrina or Hurricane Sandy are likely not sufficient for an extreme event of nationwide scale, some of the issues that need to be resolved include:

  • How does one ensure that sufficient cash is on hand during an emergency?
  • How is cash going to be distributed and accounted for along the supply chain with ATMs and bank offices and their core systems inoperable due to no electricity?

Addressing these questions and others involves a monumental effort, and I don't have a ready answer. Fortunately, cash solves the problem for small-scale, low-value payments during a long-term power outage. That is, during the immediate, in-person exchange, it is an instrument that doesn't require electricity, communication networks, or computers.

This and other major calamities have always made me concerned about the push in some quarters for a full transition to electronic payments at the expense of payments less reliant on electricity and our communication networks. As an engineer by training, it is in my nature to wonder what can go awry if failsafe systems aren't in place when the unexpected happens.

With the possibility of a catastrophic event in our lifetime, would you rather have cash in hand or a card/mobile app? As for me, I'm going to the bank to cash out my accounts and then on to the hardware store to buy a gas-powered electric generator. Just kidding, though I think serious consideration and appreciation is needed for the contingency aspects of cash when things invariably go awry.

Photo of Steven Cordray  By Steven Cordray, payments risk expert in the Retail  Payments Risk  Forum at the Atlanta Fed

May 23, 2016 in ACH, cards, checks, payments | Permalink | Comments (0)

May 16, 2016


Improving Customer Authentication: Is the PIN Past Its Prime?

The Financial Fraud Action UK recently released its Year-End 2015 Fraud Update. This report, filled with fraud-related figures from a fully EMV(chip)-migrated country, provides insight into what the future of fraud in the United States might look like as we are approximately eight months into our EMV journey. And if indeed the United Kingdom’s experience is a harbinger of things to come in the United States, then I think there will be disappointment for anyone who thought EMV by itself would be a magic bullet. After I spent time studying this report, it became evident that customer authentication is the latest low-hanging fruit and fraudsters are having a feast.

Fraud losses on payment cards in the United Kingdom (£567.5m) are approaching pre-EMV migration levels, and fraud loss rates have increased above 8 basis points (0.08%), hitting a level last seen in 2009. Diving deeper, we find that:

  • As expected, card-not-present (CNP) fraud losses represent a majority of card fraud losses (70 percent). Interestingly though, ecommerce spend volume grew faster than ecommerce fraud losses in 2015, suggesting that the industry made headway in its efforts to mitigate ecommerce fraud.
  • Lost and stolen card fraud (remember, the United Kingdom is a PIN environment) increased more than 24 percent in 2015, reaching levels last seen in 2006. The report highlights distraction thefts through cameras or simply shoulder surfing as methods of fraudulently obtaining PINs.
  • Card ID theft fraud losses, defined as losses from spend on fraudulently opened or obtained cards through stolen personal information, increased by 28 percent and are now approaching counterfeit card levels.
  • A bit of good news is that counterfeit card fraud losses remain well below pre-EMV levels and fell even further in 2015—perhaps, as the report suggests, driven partly by the increased acceptance of EMV cards in the United States.
  • Beyond cards, remote banking fraud losses (losses from Internet, telephone, and mobile banking) increased by more than 134 percent during the last two years, totaling nearly £169 million.

EMV is performing exactly as expected and doing a phenomenal job of authenticating payment cards in the card-present environment. Why are fraud losses increasing in a mature EMV environment? Because customer authentication remains a challenge, as is evident by rising fraud losses from lost and stolen cards, card applications with stolen identities, and remote banking.

Whether on the front end of authenticating the user during the account opening process or the back end of authenticating the user at the time of payment, authentication measures are coming up short, and these measures include PINs and passwords. Replacing passwords has been an ongoing conversation and likely may continue to be a conversation piece rather than a prolific action item. Yet there is a growing push for the use of PINs coupled with EMV cards here in the United States. While PIN authentication is an improvement over signature authentication, it, too, has its flaws. With improvements and advancements in new technologies such as biometrics, perhaps it's time for the industry to advance beyond PINs. Because of the current signature-laden EMV environment in the U.S., the timing is perfect.

By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

May 16, 2016 in chip-and-pin, EMV, fraud | Permalink | Comments (0)

May 9, 2016


Follow the Money!

This catchphrase originated in the movie All the President’s Men. It is usually used in politics and means to follow the trail of corruption to the source. This catchphrase came to mind when I attended a panel discussion, “Cash Visibility & the Supply Chain: Tracking Your Cash,” at the NACHA Payments Conference last month in Phoenix. Besides the moderator from the Federal Reserve, the panel comprised a representative from GS1 US (the United States affiliate for the international standards body for supply chain management), a banker, and two big-box merchants.

Throughout the industry, cash handling is well-controlled and secure, but it can be inefficient and prone to error and duplicative work in the quest to minimize the ever-present potential for loss or theft. It is ironic that something as valuable and fungible as cash is tracked in some cases with less sophistication and efficiency than a package delivered to a consumer. State-of-the-art supply chain logistics that have long been in use for retail giants like Walmart and Target are just now being pursued among cash industry partners through the Cash Visibility initiative.

The idea behind this initiative is to apply the latest supply chain logistics to the collection, transport, reconciliation of deposits and orders, and distribution of cash among banks, cash processing facilities, merchants, and the Federal Reserve Banks. The Federal Reserve Banks are in the mix as the wholesale suppliers of cash to banks.

Depending on the type of big-box merchant, cash purchases at the point-of-sale can range from 10 to 25 percent or more of total payments. That's hundreds of billions of dollars in annual sales that need to be withdrawn and deposited at banks for retailers that deal in cash. The following is a representation of the proposed process for improving the wholesale and retail delivery of cash:

Future-cash-cycle-management-image
Source: GS1 US. Used with permission.

The panelists identified the following benefits once the system is widely adopted:

  • Faster resolution of discrepancies between origin and destination
  • Improved data accuracy with reductions of staff time, errors, and exceptions due to reduced manual data entry and paper records
  • Value-added information on status and value of cash in transit
  • Automated custody instead of manual paper-based systems that exist today

It was further noted that as the initiative gains traction, other improvements can be realized such as the depositor and receiver having real-time access to where cash is in transit and when it will arrive at its destination.

Various proof-of-concepts are being planned for later this year from the partners participating in this initiative. Partners include the Federal Reserve, financial institutions, armored carriers, retailers, and solution providers. One early finding at a cash processing facility where the concept was tested was an average reduction in staff time involved in cash handling from six hours to two hours. This web page offers more information on the initiative and how to get involved. Similar programs are under way in France and Germany.

Prior to the session, I would not have guessed there was any opportunity to advance the evolution of cash to a faster and more secure payment system.

Photo of Steven Cordray  By Steven Cordray, payments risk expert in the Retail Payments Risk  Forum at the Atlanta Fed

May 9, 2016 in currency | Permalink | Comments (0)

May 2, 2016


Mobile Financial Services Are Still Growing

The Federal Reserve Board's Division of Consumer and Community Affairs (DCCA) recently released its Consumers and Mobile Financial Services 2016 report. This annual research effort began in 2011 to measure the adoption and usage of mobile banking and payment activities by consumers and the use of mobile technology in making financial decisions. The latest survey was fielded in November 2015 with a respondent base of 2,510 adults age 18 and over, of which 1,064 had participated in both the 2013 and 2014 surveys.

Key adoption and usage findings from the survey include:

  • The major barriers to mobile payment adoption remain the same as in previous studies—satisfaction with current methods of payment and concerns about security.
  • Convenience is the most common reason given by the respondents for adopting mobile banking.
  • Perhaps reflecting a positive effect of mobile phone security education, 70 percent of smartphone users indicated they password-protect their phone and 78 percent indicated they download applications only from their primary application store.
  • Mobile phone penetration has remained consistent over the last three years at 87 percent of the U.S. population, although smartphones now account for 77 percent of mobile phones versus 61 percent in 2013.
  • Ownership of smartphones is higher for Hispanics than for non-Hispanic whites in this survey.
  • Usage of mobile banking services by those with mobile phones increased to 43 percent from 33 percent in 2013. Smartphone owners showed a higher usage rate of mobile banking, at 53 percent, but this rate was essentially flat from 2014.
  • While usage of mobile banking has generally increased every year for each age group, younger consumers have consistently been the most likely users while the older segment has been the least likely, as the table shows:

chart-1

  • The most common mobile banking activity is checking an account balance or making a specific transaction, followed by transferring money between accounts and receiving an account alert.
  • Despite the strong usage of mobile banking, more than 80 percent of smartphone owners with a bank account visited a branch or used an ATM over the last 12 months, while only 29 percent called their banks.
  • Mobile payment activity still lags mobile banking activity. Only 24 percent of mobile phone owners had made a mobile payment over the last 12 months, compared to 43 percent of mobile phone owners with a bank account who used mobile banking. The study found that there is no clear relationship between mobile payment usage and income or education level. As in previous surveys, minorities make mobile payments at a higher rate than white, non-Hispanic consumers.

Additional findings from the survey as to security and privacy and the use of the phone in making financial decisions will be highlighted in future blogs. This survey provides valuable data in the ongoing evolution and adoption of mobile banking services and I hope you will read it in detail.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

May 2, 2016 in mobile banking, mobile payments | Permalink | Comments (0)

April 25, 2016


Be Careful, Be Very Careful

Less than halfway through the spring season of banking and payments conferences, the dominant theme of cybercrime is ringing loud and clear. In the 2015 conferences, it was virtual currency, but this year, it is the threat of cyberattacks against individuals and business in both widespread and singular manners. At a payments conference last week, a representative of the Internet Crime Complaint Center (IC3) told the session audience about her center's work. The IC3 has served since 2000 as a conduit for the public to provide information to the FBI regarding suspected Internet-facilitated criminal activity. IC3 tracks and investigates hacking, money laundering, identity theft, advanced fee, and ransomware schemes. It also tracks and investigates efforts to steal intellectual property and trade secrets.

In its latest annual report, IC3 provides detailed statistics on Internet-related complaints and trends. In 2014, the center received almost 270,000 complaints, accounting for more than $800 million in losses. Average monthly complaints received were 22,452. Complaint volume peaked in July at 24,521; the month with the fewest was February, with 20,888.

I asked the IC3 representative about the top complaints the unit was currently seeing. She indicated that email compromise of targeted businesses was the primary complaint and the one that generally resulted in the highest financial loss per complaint. It is common for employees in accounting areas to be targeted. They receive spoofed emails instructing them to initiate wire transfers or to change invoice remittance payments to fraudulent parties and locations, often accounts at financial institutions located in eastern Europe or the Asian-Pacific region. Although representing less than 1 percent of the total complaints filed in 2014, the losses from business email compromise accounted for 28 percent of the total losses reported, and from January 2015 to January 2016 the loss rate increased 270 percent.

Advanced fee schemes involving home rentals or sales, automobile sales, dating services, and lottery/prize winnings are also common. As the name implies, the criminals gain the confidence of victims and demand upfront payment as a sign of good faith. Once they receive the first payment, they will often try for additional payments before disappearing.

Finally, intimidation or extortion schemes are becoming more prevalent. The criminal generally contacts the victims by phone, accuses them of being past due on tax payments or utility bills, and says if immediate payment is not made, their property will be confiscated or they will be arrested. Often the criminal has used social engineering or public records to obtain legitimate data to make their representation of the agency seem more legitimate.

The size and frequency of data breaches of financial institutions, retailers, health care and insurance companies, and government agencies have led some people to conclude that just about everyone's personal identification information has been compromised to some level. I believe it is sensible to be a bit distrustful and apprehensive about the legitimacy of offers or information you might receive through emails or websites, especially those with which you are unfamiliar. Many of the attempts are easy to spot but many others involve highly sophisticated techniques, so one should be extremely careful when on the Internet.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

April 25, 2016 in cybercrime, data security, fraud, identity theft | Permalink | Comments (0)

April 18, 2016


"I want to be alone; I just want to be alone"

This was spoken forlornly by the Russian ballerina Grusinskaya in the 1932 film Grand Hotel by the famously reclusive screen star Greta Garbo. This movie line causes me to occasionally wonder why we all can't just be left alone. Narrowed to payments, why does paying anonymously have to indicate you are hiding something nefarious?

Some of you may be asking why it would be necessary to hide anything. I offer the following examples of cases when someone would want to pay anonymously, either electronically or with cash.

  • Make an anonymous contribution to a charitable or political organization to avoid being hounded later for further contributions.
  • Make a large anonymous charitable contribution to avoid attention or the appearance of self-aggrandizement.
  • Recompense someone in need who may or may not be known personally with no expectation or wish to be repaid.
  • Pay anonymously at a merchant to avoid being tracked for unwelcome solicitations and offers.
  • Make a purchase for a legal but socially-frowned-upon good or service.
  • Shield payments from scrutiny for medical procedures or pharmacy purchases that are stigmatized.
  • Personally, use an anonymous form of payment to avoid letting my wife find out what she will be getting as a gift. (Don't worry; my spouse never reads my blogs so she doesn't know she needs to dig deeper to figure out what she is getting.)

Some of these cases can be handled easily with the anonymity of cash. As cash becomes less frequently used or accepted or perhaps even unsafe or impractical, what do we have as an alternative form of payment? Money orders such as those offered by the U.S. Postal Service are an option. The postal service places a cap of $1,000 on what can be paid for in cash. Nonreloadable prepaid cards such as gift cards offer some opportunity as long as the amount is below a certain threshold. Distributed networks like bitcoin offer some promise but may come with greater oversight and regulations in the future. Some emerging payment providers claim to offer services tailored for anonymous payments. Still, though, the future for a truly anonymous, ubiquitous payment alternative like cash doesn't look promising, given the current regulatory climate.

I acknowledge that one needs to find a proper balance between vigorously tackling financial fraud, money laundering, and terrorist financing and the need that I think most of us share for regulators and others to keep out of our personal business unless a compelling reason justifies such an intrusion. Consequently, we should be scrupulous about privacy but offer the investigatory tools when payments are used for nefarious purposes to identify the activities and the people involved. In many ways, this balancing act dovetails with the highly charged debate going on between the value of encryption and the needs of law enforcement and intelligence agencies to have the investigatory tools to read encrypted data. As Greta Garbo famously said and perhaps inadvertently foretold, some of us just want to be left alone.

Photo of Steven Cordray By Steven Cordray, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

April 18, 2016 in privacy, regulators | Permalink | Comments (2)

Google Search



Recent Posts


July 2016


Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31            

Archives


Categories


Powered by TypePad