Retail Payments Risk Forum
Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
Take On Payments
December 22, 2016
Why U.S. Card Fraud Is Now Present and Accounted For
Last year, I wrote a post called "Why Is the U.S. Card-Present Fraud Breakout Not Present?" in which I discussed the lack of publicly available information on the distribution of U.S. card fraud by type. I'm happy to report that more detailed data on card fraud in the United States is now present and accounted for in the Initial Data Release (IDR) of the 2016 Federal Reserve Payments Study.
As is common in other countries, card fraud can be categorized as follows across person-present and remote payment channels:
- Counterfeit card: Fraud is perpetrated using an altered or cloned card.
- Lost or stolen card: Fraud is undertaken using a lost or stolen card.
- Card issued but not received: A newly issued card in transit to a card holder is intercepted and used to commit fraud.
- Fraudulent application: A new card is issued based on a fake identity or on someone else's identity.
- Other: "Other" fraud includes account takeover and other types of fraud not covered above.
- Fraudulent use of account number: Fraud is perpetrated without using a physical card.
An extract from the fraud section of the IDR shows breakouts for card fraud by type across five countries.
As reflected in the numbers, the United States continues to be by roughly an order of magnitude a continuing and persistent target for card counterfeiters using stolen card data compared to other countries that have adopted much earlier counterfeiting controls using EMV (chip) cards. Use of chips makes in-person card fraud more difficult, because of built-in technology to thwart the creation of counterfeit chip cards. As adoption of chips for cards and terminals improves in the United States, fraud using stolen card data is likely to shift from person-present to remote channels as has already occurred in other developed countries. My colleague, Doug King, discusses these issues in detail in an interview conducted last year.
Look for other Take On Payments posts that highlight additional key findings from the 2016 payments study.
By Steven Cordray, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
January 4, 2016
The Year In Review
2015 marked the end of the era for my favorite late-night talk show host. In his 33 years of bringing laughter to late-night audiences, David Letterman is perhaps best known for his nightly Top 10 list. During the last several years, the Risk Forum's last blog for the year has included our own list of top 10 payments events. Our efforts clearly didn't match Letterman's entertaining Top 10s, and we have decided to retire our Top 10 blog in favor of a year-end review blog.
2015 can easily be characterized as "The Year of Deals." We witnessed two established payment processors, Worldpay and First Data, become publicly traded entities, with IPOs during the year. Following these IPOs, Square became the first "Unicorn"—a tech start-up with a valuation in excess of $1 billion—to test the public markets with its IPO. Beyond the IPOs, there were ample other noteworthy deals in 2015, including Ebay spinning off PayPal as its own entity; Visa acquiring its former subsidiary, Visa Europe; Global Payments' acquisition of Heartland; and a host of mergers such as the one between Early Warning and ClearXchange. On the venture capital and private equity side, indications suggest that 2015 will top 2014's nearly $10 billion investment in financial technology in the United States with payments-related investments leading the way.
Near and dear to the Risk Forum, notable risk-related stories will also make 2015 memorable. The long-anticipated initial EMV liability shift took place on October 1 with mixed reviews from different participants in the payments ecosystem. Data breaches that included the compromise of payment credentials and personally identifiable information seemed to be an almost-weekly event during the year. In response to the increasing incidence of data breaches and anticipated increase in card-not-present fraud, the buzz surrounding tokenization, which began in earnest with the launch of Apple Pay in 2014, intensified within the payments industry.
Mobile proximity payments might be the most frequent payment topic over the past five years, and 2015 was no different. While many have labeled each year over the last five as the "Year of Mobile Payments," mobile still has a way to go before the Risk Forum is willing to give this title to any year, including 2015. However, momentum for mobile proximity payments remained positive with the launch of Apple Pay rivals Samsung Pay and Android Pay. We witnessed a well-known and early established mobile wallet, SoftCard (originally branded as Isis), exit the playing field after being acquired by Google. The Merchant Customer Exchange (MCX), a consortium of retailers, launched a pilot of its mobile wallet—CurrentC—and has also partnered with Chase and its Chase Pay service with entrée to 94 million cards; and two large Financial Institutions, Chase and Capital One, both announced new mobile wallet initiatives. In December, Walmart and Target announced their own mobile payment applications. While mobile proximity payment usage remains minimal, it is becoming increasingly clear that consumers are using their mobile phones to shop online. According to holiday shopping figures from Black Friday through Cyber Monday 2015, mobile shopping accounted for approximately one-third of total e-commerce sales.
Finally, in 2015, the payment industry witnessed the launch of a comprehensive, collaborative effort to improve the speed and security of payments in the United States. In January, the Federal Reserve issued its long-anticipated Strategies for Improving the U.S. Payment System followed by the formation of two task forces, Faster Payments and Secure Payments, seeking to turn these strategies into actionable payment improvements. Related to improving the speed of payments, NACHA membership approved a same-day ACH service after a similar measure failed to gain approval in 2012.
As those in the payments industry have come to expect excitement and innovation, 2015 did not disappoint. And while it's certainly fun to look back, we must always keep looking ahead. Perhaps the most famous late-night talk show host, Johnny Carson, understood this best with his beloved great seer, soothsayer, and sage Carnac the Magnificent persona. Be on the lookout for our upcoming blog where the Risk Forum will channel our inner Carnac with some predictions and expectations for payments in 2016.
By the Retail Payments Risk Forum at the Atlanta Fed
December 21, 2015
Help Determine the Payment and Fraud Data You See Reported
Information is powerful and can help drive strategy and operational success. Help shape the information you have access to by improving on the survey instruments used in reporting 2015 payments and fraud data.
As has occurred every three years since 2001, the Federal Reserve System is again undertaking a triennial payments survey for noncash payments originated to or received from accounts based in the United States. At the core of this research, we will again be collecting data on the number and value of payments and associated fraud across a broad array of payment channels and applications. Summarized survey results will be shared broadly with survey respondents, the industry, and the public at the end of 2016. Detailed aggregated results are anticipated to be available sometime in the second quarter of 2017. As always, due to the confidential nature of the information being supplied, individual respondents’ data is used only to produce aggregate estimates.
In two previous blogs (here and here), I have documented the need for expanded fraud information for card payments. Stepping back from the specifics of card fraud, I would like to encourage readers to send comments on our prospective survey instruments that were recently posted in the Federal Register. A summary of our survey instruments compared to survey instruments used in the 2013 payments study is available here.
The upcoming study consists of three research efforts:
- Depository and Financial Institutions Payments Survey (DFIPS)
The prospective DFIPS survey (Federal Register Notice FR 3066a) is a national survey of institutions that offer transaction deposit accounts, prepaid card program accounts, and credit card accounts to consumers as well as business and government customers. Using a nationally representative stratified random sample of depository institutions, the survey gathers data about noncash payments, cash withdrawals, and deposits that post to customer accounts as well as third-party payment fraud that took place during 2015.
The DFIPS includes questions on the following topics:
- Check payments, deposits, and returns
- ACH payments and returns
- Wire transfers originated and received
- General-purpose debit and prepaid cards
- General-purpose credit cards
- Cash withdrawals, deposits, and terminals
- Alternative payment initiation methods
- Unauthorized third-party payment fraud
- Networks, Processors, and Issuers Payments Surveys (NPIPS)
The prospective NPIPS survey set (Federal Register Notice FR 3066b) targets organizations that facilitate payments. The survey set actually contains 19 different surveys, each one tailored to a particular payment channel or respondent type. Respondents answer only the surveys that apply to their organizations.
The NPIPS includes payment and fraud questions across the following classifications:
- General-purpose/private-label credit cards
- Debit cards
- General-purpose/private-label prepaid cards
- ATM cards
- Various payment form factors such as chip, no chip, and mobile
- Payment applications such as electronic benefit transfers, person-to-person payments, bill pay, transit payments, and more
- Check Sample Survey (CSS)
The CSS survey (Federal Register Notice FR 3066c) estimates the distribution of checks by categories such as payers, payees, and purposes. Survey data are based on a representative, random sample of checks written and processed by large commercial banks and, for the first time, may include additional checks processed by the Federal Reserve.
Please review these survey documents and provide your comments as to how they could be improved. You can make submittals through the Federal Register by clicking here. Comments are due by January 25, 2016.
By Steven Cordray, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
March 3, 2014
An Efficient Mobile P2P Payment: The Paper Check
Having had the chance to spend some time reviewing the 2013 Federal Reserve Payments Study, I was struck by the lasting power of the check in the consumer-to-consumer (or P2P) space. Although overall check usage has declined (checks written by businesses and by consumers to businesses have all declined significantly), check usage in the P2P space increased between 2006 and 2009 and was stable from 2009 to 2012. And this has occurred when the number of bank and nonbank mobile P2P payment solutions that have entered the marketplace or matured during the past few years.
As a parent of two young children, I have acquired ample experience in the P2P payments space—that is, in paying babysitters. As a self-proclaimed payments geek, I am always interested in learning how the babysitter prefers to be paid. Cash remains king with most, at least the high school-aged ones. We have one college-aged sitter who likes being paid through a nonbank P2P payment provider. And most recently, another college-aged sitter wanted to be paid by check, which really caught me off guard. She informed me that she uses her mobile banking app to process her checks through mobile remote deposit capture (RDC) and that she prefers having access to the funds through her debit card over cash. The amazing thing that has struck me from these weekly transactions is the efficiency of this P2P payment transaction.
If the babysitter makes the mobile deposit before 9 p.m. (ET), she has access to the funds the following day. If after 9 p.m. , the funds are available to her in two days. On my end, the transaction appears in my banking activity the morning following the deposit. Talk about efficient—fast and inexpensive (no fees paid by either of us)!
Obviously, the efficiency of this transaction would have been diminished were this not a face-to-face transaction. And maybe that is where the true value of online or mobile P2P payments comes into play. However, the resilient check and mobile RDC banking application worked really well in this face-to-face setting. According to a recent report, mobile RDC was offered by approximately 20 percent of U.S. banks in 2013, up from 7 percent at the end of 2012. As more financial institutions roll out the offering in the upcoming year, maybe it will be the case that the old paper check is here to stay and will flourish in the P2P payments space. And based on my experience, that might not be a bad thing!
By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference An Efficient Mobile P2P Payment: The Paper Check:
September 24, 2013
Using Analytics to Improve Credit Quality
With consumer credit products such as mortgages and payday loans occupying headlines, credit card portfolios have been quietly and steadily marching towards improvement in quality over the last three years, according to data released by the Fed’s Board of Governors. As the chart shows, seasonally adjusted charge-off rates are down to 3.9 percent, and delinquency rates are at 2.6 percent for the largest 100 commercial banks in the United States, the lowest rate since the Federal Reserve began tracking this statistic at the start of 1991.
But how have credit card issuers been able to improve the quality and profitability of their card portfolio since the severe economic impact felt by all during the recession? One of the many tools the Board identified—and one cited by portfolio managers—is the increasing use of analytics. Issuers collect and comb vast amounts of data from a variety of sources to ensure that cardholders are equipped to manage their balances.
A brief note about charge-offs: The charge-off rate is the percentage of credit card balances written off and charged against loss reserves, annualized and net of recoveries. Delinquent credit card debt comprises past due balances, 30 days or more, and still accruing interest in addition to balances in nonaccrual status.
Credit issuers use analytics for a variety of purposes, including establishing credit limits, monitoring ongoing credit quality, targeting marketing efforts, and detecting fraud. They perform analytics at the individual cardholder level—looking at credit history and purchasing patterns, for example—as well as at the customer segmentation level to identify correlations between certain data elements and indicators of potential changes in credit quality. The increased power of these analytical tools over the last decade is due primarily to the incredible advancements in data collection and analysis technology. These advances have provided issuers with the ability to run sophisticated "what if" models to determine how changes in various key attributes of cardholders or in the overall economic environment will affect the quality of their portfolio.
Clearly, many of the issuers have taken other proven steps to improve the credit quality of their portfolios: they’ve reduced credit lines and increased payment monitoring management for existing accounts during and after the recession. And they applied more stringent credit policies, making it more difficult for new applicants to be approved (or likelier to be approved at lower credit limits than they would have been before). These are all sound risk management techniques. But data analytics has been a very powerful additional tool, allowing issuers to make huge strides in ensuring ongoing credit quality.
How are you using increased technology capabilities to improve your risk management capabilities?
By David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Using Analytics to Improve Credit Quality:
- Don't Forget the Check
- Fraud Reduction at the IRS: Some Happy Returns
- Phone Scams and Phishing
- Asset Size Matters in Survey Responses
- Wouldn't It Be Nice to Tap and Pay?
- The Social Benefits of Biometrics
- The Five-Star That Flops
- ACH: No Trace Left Behind
- Pssst…Have You Heard about PSD2?
- Mobile Banking and Payments Survey Results
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud