Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
August 1, 2016
FFIEC Weighs In On Mobile Channel Risks
In late April, the Federal Financial Institutions Examination Council (FFIEC) released new guidance regarding mobile banking and mobile payments risk management strategies. Titled "Appendix E: Mobile Financial Services," the document becomes part of the FFIEC's Information Technology Examination Handbook. While the handbook is for examiners to use to "determine the inherent risk and adequacy of controls at an institution or third party providing MFS" (for mobile financial services), it can also be a useful tool for financial institutions to better understand the expectations that examiners will have when conducting an exam of an institution's MFS offering.
Consistent with examiners' focus on third-party relationships for the last several years, the document points out that MFS often involves engagement with third parties and that the responsibilities of the parties in those relationships must be clearly documented and their compliance closely managed. Other key areas the document reviews include:
- Mobile application development, maintenance, security, and attack threats
- Enrollment controls to authenticate the customer's identity and the payment credentials they are adding to a mobile wallet
- Authentication and authorization, emphasizing that financial institutions should not use mobile payment applications that rely on single-factor methods of authentication.
- Customer education efforts to support the adoption of strong security practices in the usage of their mobile devices
The document also identifies and reviews strategic, operational, compliance, and reputation risk issues for the various elements of a financial institution's MFS offering. The final section of the document outlines an examiner's work plan for reviewing an MFS program with seven key objectives. I believe that it would be time well spent for the institution's MFS team to assume the role of examiner and use the work plan as a checklist to help effectively identify and manage the risks associated with an MFS program.
By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
April 18, 2016
"I want to be alone; I just want to be alone"
This was spoken forlornly by the Russian ballerina Grusinskaya in the 1932 film Grand Hotel by the famously reclusive screen star Greta Garbo. This movie line causes me to occasionally wonder why we all can't just be left alone. Narrowed to payments, why does paying anonymously have to indicate you are hiding something nefarious?
Some of you may be asking why it would be necessary to hide anything. I offer the following examples of cases when someone would want to pay anonymously, either electronically or with cash.
- Make an anonymous contribution to a charitable or political organization to avoid being hounded later for further contributions.
- Make a large anonymous charitable contribution to avoid attention or the appearance of self-aggrandizement.
- Recompense someone in need who may or may not be known personally with no expectation or wish to be repaid.
- Pay anonymously at a merchant to avoid being tracked for unwelcome solicitations and offers.
- Make a purchase for a legal but socially-frowned-upon good or service.
- Shield payments from scrutiny for medical procedures or pharmacy purchases that are stigmatized.
- Personally, use an anonymous form of payment to avoid letting my wife find out what she will be getting as a gift. (Don't worry; my spouse never reads my blogs so she doesn't know she needs to dig deeper to figure out what she is getting.)
Some of these cases can be handled easily with the anonymity of cash. As cash becomes less frequently used or accepted or perhaps even unsafe or impractical, what do we have as an alternative form of payment? Money orders such as those offered by the U.S. Postal Service are an option. The postal service places a cap of $1,000 on what can be paid for in cash. Nonreloadable prepaid cards such as gift cards offer some opportunity as long as the amount is below a certain threshold. Distributed networks like bitcoin offer some promise but may come with greater oversight and regulations in the future. Some emerging payment providers claim to offer services tailored for anonymous payments. Still, though, the future for a truly anonymous, ubiquitous payment alternative like cash doesn't look promising, given the current regulatory climate.
I acknowledge that one needs to find a proper balance between vigorously tackling financial fraud, money laundering, and terrorist financing and the need that I think most of us share for regulators and others to keep out of our personal business unless a compelling reason justifies such an intrusion. Consequently, we should be scrupulous about privacy but offer the investigatory tools when payments are used for nefarious purposes to identify the activities and the people involved. In many ways, this balancing act dovetails with the highly charged debate going on between the value of encryption and the needs of law enforcement and intelligence agencies to have the investigatory tools to read encrypted data. As Greta Garbo famously said and perhaps inadvertently foretold, some of us just want to be left alone.
By Steven Cordray, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
November 23, 2015
Bitcoin's Bright Side
My kids' anticipation for the holiday season is at an all-time high because of the upcoming release of the new Star Wars movie. They are fans of Yoda, Chewbacca, and Luke, but are obsessed with the "Dark Side" and its band of characters, most notably Darth Vader. There is something about the mystery of the "dark side" that draws people in. Perhaps that is one reason that so much of the media coverage and discussion of Bitcoin has been focused on its being the preferred payment instrument for criminal enterprises.
Because the Bitcoin protocol does allow for a level of anonymity that is attractive to criminals, the Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) Act compliance risks are heightened for transactions with bitcoin. Over the past several years, companies have emerged within the Bitcoin ecosystem seeking to make it more accessible to obtain and easier to use for legitimate payments. But how do they manage the BSA/AML compliance risks?
To minimize these risks, companies in the Bitcoin ecosystem are adopting policies, practices, and procedures that leverage the transparency but also minimize risks associated with the level of anonymity Bitcoin offers. These practices are intended to make Bitcoin a safer payment system, while also enhancing the ability of financial institutions, which might otherwise be cautious about the BSA/AML risks, to bank Bitcoin-related companies successfully.
The Retail Payments Risk Forum took a deep dive into the types of companies entering the Bitcoin ecosystem, assessing the regulatory landscape and identifying measures that these companies can take to fulfill regulatory obligations and minimize BSA/AML regulatory compliance risks. Among one of the measures identified in a paper available on the Atlanta Fed's website, Bitcoin-related companies should have a BSA/AML compliance program in place that is led by a dedicated compliance officer with support from a staff of professionals.
Just as in the Star Wars movies, which depict the ongoing struggle between the good guys—the Rebels—and the Dark Side, Bitcoin will continue to have a tug of war between the good forces and the bad. While the criminal element will continue to force attention to the risks of Bitcoin, it will be up to the new entrants into the Bitcoin ecosystem to mitigate these risks if Bitcoin is to enter the mainstream. Details on managing BSA/AML risks associated with Bitcoin can be found in the paper.
By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
November 2, 2015
Will NACHA's Same-Day ACH Rules Change Be an Exception-Only Service, At Least in the Short Term?
In May 2015, the 40-plus voting members of NACHA contingently approved mandating the acceptance of domestic same-day ACH payments by receiving banks. The voting members approved a three-phase development lasting 18 months. The first phase, starting in September 2016, is limited to credit pushes, followed one year later by debit pulls in the second phase. All payments are subject to a $25,000 maximum. By the final phase in March 2018, receiving banks will be required to make credit payments available to the receiving account holder by 5 p.m. local time to the receiving bank. Funds availability in the earlier phases is by the receiving bank's end-of-processing day. The service offers both a morning and afternoon processing window. A same-day return-only service is offered at the end of the business day. Lastly, originating banks are obligated to pay a 5.2 cent fee for every payment to recover costs to receiving banks.
Last month, the Federal Reserve Board of Governors removed the contingent part of the above approval by allowing the participation of FedACH, which serves as an ACH operator on behalf of the Reserve Banks. Approval followed a review of comments submitted by the public, of which a preponderance of the responses was favorable to FedACH participating in the service.
This was not the first time NACHA tried to mandate same-day ACH. Back in August 2012, a ballot initiative to mandate acceptance failed to receive a supermajority required for passage. Failure was due to a variety of reasons, and it was difficult to discern one overriding reason.
I think that most observers would agree that the earlier rollout of the Fed's proprietary opt-in, same-day service in August 2010 and April 2013 set the groundwork for mandating same-day.
As with any collaborative organization like NACHA, compromises were needed to garner sufficient votes for passage. The compromises included:
- Same-day payment eligibility rules change due to a multi-phase development cycle requiring one-and-half years to complete from start to finish.
- Providing certainty to the receiver that funds availability will be expedited on the day of settlement as part of the final phase, rather than earlier, which only requires posting by the receiving bank's end-of-processing day. The bank's end-of-processing day can be as late as the morning of the following business day.
- Delaying a debit service by one year after the rollout of the phase one credit service will, to the potential surprise of the payment originator, delay settlement of debits one business day later than would occur for credits.
- Any payment amount over $25,000 will settle one business day later than the payment originator may have expected if the payment originator is not aware of the payment cap.
Given these compromises, what do you think financial institutions can do to accelerate broader adoption of same-day?
By Steven Cordray, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
August 24, 2015
Payroll Cards at Interstate Speed
State lines happen fast in New England, which is where I call home. In this part of the country, it's not uncommon for people living in one state to commute for employment to a neighboring state. One could pay property tax enjoying the motto "Live free or die" (New Hampshire) while paying income tax to the Bay State (Massachusetts). Employees may not take much notice of state employment law, but employers almost certainly do. I'm thinking that minimum wage, tax rates, and corporation law would be key factors for an employer to consider, but do payroll card laws also fit into the evaluation?
Payroll cards are prepaid cards onto which an employer loads wages. They offer an alternative to paychecks or direct deposits, and are subject to a different sort of regulation. Outside of a federal law prohibiting an employer from mandating the exclusive use of a payroll card, states are generally free to develop their own legislation governing payroll cards. In Maine, for example, employers can offer payroll cards if they give their employees free access to full pay. Connecticut goes one step further, requiring employers to provide certain disclosures and prohibiting overdrafts and certain fees. Massachusetts does not have any law for or against payroll cards. Somewhere in the middle is Vermont, which allows payroll cards with certain disclosures as long as employees receive three free transactions monthly. Proposed New York legislation would go so far as to require employees to sign a written consent form—printed with a large, 12-point font—to be retained for six years following the cessation of the employment relationship.
And that's only in my home of New England. Out of 50 possibilities, I've mentioned only fragments of only five state laws. Outside of this area, payroll-card-related legislation is being introduced or pending in 12 states.
Regulation E has covered payroll cards since 2006. Regulation E includes (i) protection to employees so they do not have to receive wages via electronic funds transfers with a particular institution; (ii) access to statements, balances, and transaction histories; (iii) clear and conspicuous disclosures; and (iv) error resolution and limited liability. In January 2016, we expect the final version of the Consumer Financial Protection Bureau's Rule on Prepaid to be published.
Because payroll cards are already covered under Regulation E, only two significant issues are applicable in the pending rule. First, credit and overdraft services, while not prohibited, will be subject to compulsory use provisions and Regulation Z's definitions of credit and periodic statement requirements. Second, disclosures will carry a bold print warning, "You do not have to accept this payroll card. Ask your employer about other ways to get your wages."
What federal regulation doesn't touch is the type and amount of fees assessed on payroll cards. Regulation E provides only that fees are disclosed. Certain industry stakeholders such as National Branded Prepaid Card Association, Consumer Action, MasterCard, and the Center for Financial Services Innovation have worked to develop industry standards. Simply speaking, most agree that cardholders should have access to full wages each pay period without cost and that they should be able to perform basic functions without incurring unreasonable fees.
Best practices give the industry the ability to fill gaps and stay nimble to changing technology, fraud schemes, and consumer needs. The CFPB even says in their proposed rules, "Employees may not always be aware of the ways in which they may receive their wages, because States may have differing and evolving requirements." Does state-by-state regulation ultimately fill the gaps needed, especially in a system that crosses state lines so often?
And in case you didn't know it, National Payroll Card Week starts September 7, a day that also happens to be Labor Day.
By Jessica J. Trundley, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
January 12, 2015
Forming a More Perfect Union (for Faster Payments)
Thus far, conversations about the basic idea of moving ahead with near-real-time payments in the United States have been positive. However, the thorny business of "walking the talk" hasn't begun. When the time comes to do so, I expect less comity.
The degree of fragmentation in the United States—within both the public and the private sector—is significant. Consider the public side first. To avoid listing each entity that has a stake in payments services, let me sum it up by saying that if we had a box of Alpha-Bits, we'd run out of letters long before we put together the acronyms of all the agencies and organizations. On the private side, fragmentation starts with merchants and banks but includes mobile and third-party providers as well. These groups are vital to the success of any effort to improve payments, but they don't move in lockstep. In the end, for a faster scheme to work, the public and private sides have to work through their respective issues—and then come together.
Whether we're considering the public or the private side of things, some of the trickiest questions look like this:
- What will faster payments cost and who will pay?
- Will certain interests lose from the success of faster payments in the United States while others win?
- Can we build a faster system quickly and flexibly enough before the next wave of technological advancement makes the current vision obsolete?
- What are the rules, and who will administer and manage them?
While you ponder those questions, consider this excerpt from the United Kingdom's Payment Systems Regulator consultation paper (November 2014):
The Payment Systems Regulator (PSR)…will become fully operational in April 2015. The PSR is a subsidiary of the Financial Conduct Authority (FCA), but it is an independent economic regulator, with its own objectives and governance.
- UK payment networks that operate for the benefit of all users including consumers
- a UK payments industry that promotes and develops new and existing payment networks
- UK payment networks that facilitate competition by permitting open access to participants or potential participants on reasonable commercial terms and
- UK payment systems that are stable, reliable and efficient.
In setting up the Payment Systems Regulator, the Government highlighted four aims for UK payment systems:
The Government's assessment was that there were problems in each of the first three of these areas, and that the best way to tackle these was to create a payment system regulator. The Government noted particular areas of concern, including ownership, innovation and access to payment systems…. [W]e believe that our regulatory package will address the underlying issues and concerns that led the Government to setting us up. However, should our proposals fail to do this, we will…consider further use of our competition and regulatory powers to take action as appropriate.
That's one way governance issues could be resolved here. Another way is revealed through a study of the evolution of the ATM networks. Consider that landscape circa 1980s and then contrast it to today. I can't do justice to that history in a single post but suffice it to say that the issues faster payments currently face look similar to those the ATM industry faced. Back then, the market figured things out. Such a course may be slower than a mandate, and there will be failures and angst. Will the United States need a PSR to direct us to faster payments, or will the market figure it out?
By Julius Weyman, vice president, Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Forming a More Perfect Union (for Faster Payments):
May 12, 2014
The Art of Balancing Innovation and Regulation
Several factors have converged in recent years to add complexity to the regulatory oversight of retail payments. These elements include new regulation and oversight along with technology advances that have created new payment types. The challenge for regulators in an environment with an abundance of innovation is to align that innovation with appropriate regulation to ensure consumer protection, data security, and fraud mitigation, and to retain consumer confidence in payments.
The 2008 financial crisis led to an increased focus within the regulatory framework on retail payment risk factors. One new regulation was the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank). Dodd-Frank led to many changes—including the creation of a regulatory agency, the Consumer Financial Protection Bureau (CFPB), to focus exclusively on consumer protection. Since the CFPB was created, two of the payments types it has identified as deserving of its oversight are remittances and prepaid cards.
At the same time, evolving technology continues to change the nature of how consumers make payments—moving from the physical to the virtual—and has increased consumers' expectations for speed, control, information, and transparency. Options available for consumers to make payments and for businesses and financial institutions to participate in offering payment services have multiplied as Internet and mobile evolved, cloud-based solutions progressed, and virtual currencies expanded.
Technological advances have led to a retail payments system that is more transparent than ever before, in which all types of entities, from start-up companies to financial institutions, are able to innovate. Nonbank entities are flourishing in retail payments, challenging the historic role of financial institutions as primary payment participants by offering payments products and services in an ever-more complex payments landscape.
While some participants complain that there is too much regulation of payments practices, others call for more or different regulation when problems arise. Still others call for change because they believe the playing field is not level for all participants. Sometimes regulation can be a catalyst for innovation by legitimizing a payments practice after clarifying requirements for all participants. Whatever your perspective, it is a complex undertaking to attain the delicate balance between innovation and oversight.
By Deborah Shaw, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference The Art of Balancing Innovation and Regulation :
December 23, 2013
Here We Go: Number 10!
As the year draws to a close, the Portals and Rails team would like to share its own Top 10 list of major payment-related events that took place in the United States this year.
- The Consumer Financial Protection Bureau finalized Dodd-Frank 1073 money transfer rules.
- The payments industry experienced increased regulatory scrutiny of third-party processors and high-risk business customers.
- Major global ATM cash-out fraud attacks—including many U.S. ATMs—totaled $45 million.
- FTC issued a proposal to ban telemarketers from using remotely created checks and payment orders.
- Debit networks sought a compromise on an EMV interface—while there is little movement on the issuance of EMV cards.
- The newly designed $100 bill with additional security features was released.
- Several major data breaches occurred, and identity theft occurrences skyrocketed.
- Cyber Monday online sales were up 17 percent, with phones and tablets representing almost a third of the total.
- Virtual currencies received increased public, legislative, and regulatory awareness after the U.S. Department of Justice took action to close down virtual currency operators Liberty Reserve and Silk Road.
- U.S. District Court Judge Richard Leon threw out Regulation II debit card interchange fees and routing rules.
And as we head into 2014, here are a few payments-related topics we will be following closely:
- As regulators continue to monitor developments in the virtual currency market, will the usage of virtual currency as a legitimate medium of exchange expand among the merchant community?
- Will 2014 finally be the “Year of the Mobile Payment” as stakeholders have yearned for over the last several years? What progress will be made in addressing the awareness, security, and education aspects of mobile payments?
- With online and mobile commerce showing no signs of slowing down, what authentication solutions will be most widely adopted to prevent a rising tide of card-not-present fraud?
- How will merchants and card issuers deal with EMV implementation?
- What effects will the regulatory attention on third parties and high-risk businesses have on the due diligence practices of financial institutions?
Wishing you all happy holidays and a fraud-free 2014!
By David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Here We Go: Number 10!:
July 29, 2013
Suspicious Activity Reports: What the Numbers Show
Initially intended to help law enforcement identify individuals and organizations involved in money laundering and terrorist financing, Suspicious Activity Report (SAR) filings are also used to help detect activities related to consumer fraud and identity theft. Depository institutions (DIs) and money services businesses (MSBs) together file about 98 percent of all SARs submitted annually to the Financial Crimes Enforcement Network (FinCEN). Industry groups are constantly working to educate SAR filers about the various types of activities that they should document so these activities can be properly tracked. FinCEN recently updated its statistics to include SAR activity in 2012, and the summary volumes are shown in the chart below. The Retail Payments Risk Forum believes that an ongoing educational effort of customers, as well as DI employees, is a vital element in recognizing and mitigating fraud in our payments system. As part of that effort, I think there would be benefit in examining the shifts among the different SAR activities and gain an understanding as to possible reasons for these shifts.
As the above chart shows, the number of SARs filed by DIs has risen steadily over the last two years. SARs from MSBs, on the other hand, dropped 14 percent from 2011 after seeing an average annual increase of 15 percent over the previous two years. So why the ups and downs?
From a pure numbers standpoint, the answer to the question lies in the details of the activities that can trigger a SAR. In the case of SAR filings from DIs, for example, 2012 saw a dramatic increase in identity theft and check fraud filings, while mortgage loan fraud SARs dropped. This shift is explained by the increased diligence being placed on mortgage loans and the alarming growth of identity theft and check fraud incidents. By contrast, SAR filings from MSBs showed a substantial decrease in the category where the person reduced the amount of money order or traveler's check purchase to avoid having to complete a funds transfer record (but still generating a SAR). One wonders whether this reduction represents progress in the fight against money laundering and terrorist financing, or have the individuals engaged in these illegal activities changed their money handling tactics by performing lower dollar value transactions to avoid suspicion and identification?
Every federal judicial district has a SAR review team. This team of regulators and federal and local law enforcement reviews SARs to determine whether they need to initiate new investigations or supplement the filings to existing cases. The efforts of these teams illustrates how more comprehensive reporting, improved data analysis, and stronger monitoring capabilities can help detect and address fraud and abuse within our payments system. FinCEN publishes a semiannual report—Trends, Tips & Issues—that provides a summary of key findings from the teams' reviews of SARs. These reports let involved parties know how they can use the information to provide greater protection to potential victims of fraud. We encourage you to read copies of FinCEN's reports to better understand current fraud trends so you can educate your employees and customers.
By David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Suspicious Activity Reports: What the Numbers Show:
September 17, 2012
Change Is the Only Constant: Section 1073 Set to Take Effect
If you are reading this post, then no doubt you are familiar with the passage of the Dodd-Frank Act, specifically Section 1073, which is the basis for the new rule pertaining to consumer-originated funds transfers from the United States to consumers or businesses in foreign countries. I recently attended a meeting where representatives from the remittance transfer industry discussed the responsibilities, complexities, and challenges of complying with the remittance transfer rule by the inaugural date of February 7, 2013. Not surprisingly, complying with the rule is a massive undertaking—when you consider that the remittance transfer business is, by definition, a business with a global reach.
One premise behind the rule was to create more transparency in remittance costs and thereby encourage competition in the market, to the ultimate benefit of the consumer. Today’s procedures for sending money abroad are basic. Locate one of more than a half-million domestic locations—in addition to many financial institutions, almost every gas station, drug store, and grocery store offer this service—complete a remittance form, hand money and form to a clerk, and wait a few minutes for confirmation. The funds are then made available to the receiver. A recent report published by the World Bank concluded that the United States currently maintains an average total cost to send a remittance below the global average (6.93 percent of the remittance amount versus 9.3 percent), thanks to the high volume and intense competition among the current large number of products and services available in the United States.
However, unknown to both parties at the time of origination is the exact dollar amount that the recipient will receive, because of hidden fees, taxes, and other costs not necessarily apparent. The rule will replace this "unknown" with a required hard copy receipt outlining, in any language used to market, advertise, or solicit business, all fees, commissions, taxes, the exact dollar amount netted to the receiver, and the time that the funds will be available for pickup. (There are other specifics, but no need to reiterate the entire law in this short blog!) A common pain point yet to be resolved in the compliance effort revolves around the ability of the sending entity to provide accurate receiving-end tax information. As an example, some countries have multiple and changing tax rates for different regions or a variable-fee structure on the receiving end based on the receiver’s status and relationship with the receiving entity. These tax and fee issues suitably demonstrate how achieving compliance will require cooperation from foreign entities in more than 213 country corridors, not under a remittance transfer provider’s control or subject to U.S. jurisdiction. Many in attendance suggested that a central database of tax information may be a way to address the conundrum. Whether provided by a third party in the industry or a government entity, a central database would provide consistent data and minimize research and upkeep costs for all transmitters.
In addition to cooperation, education for all players will be instrumental. Consumers should be made aware of their new right to cancel any transaction within 30 minutes of submitting and that they have contact information on their receipt in the event of any errors. At the same time, all remittance providers, including agents, need to be trained and educated to ensure compliance with this new rule.
With system changes required to produce the disclosures, will remittance providers reduce the number of channels used for remittances until they can modify their systems? With the number of contractual agreements required, will providers reduce the number of countries served or products offered? And given the cost, will remittance providers raise prices? And will U.S. consumers find alternative ways to send money? Only time will tell as the deadline for complying approaches.
The rule may eliminate some existing players from the game, as protection never comes without a price. At the same time, pioneering and innovative competitors might provide new channels and more products that will benefit consumers. Like anything that forces us to reinvent ourselves, change brings with it new threats and challenges, but the opportunities can be vast and rich. With a little imagination and a lot of hard work, the rewards can be enormous.
Remember, "The only thing that is constant is change" – Heraclitus
By Michelle Castell, senior payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Change Is the Only Constant: Section 1073 Set to Take Effect:
- EMV Comments That Make Me Cringe
- Taking a Quantum Leap into Payment Security
- Looming Questions with the Rollout of NACHA's Mandated Same-Day ACH Rules Change
- AdmiNISTering Passwords: New Conventional Wisdom
- Mobile Banking and Payments—What's Changed?
- Risk Mitigation Isn't Just for Banks
- The Simple Consider Three but Four is the Key
- As with Nuclear Disarmament, So with ACH: Trust, but Verify
- The Personal Cost of Fraud
- When Fraud Hits Home: Questioning Today’s Authentication Methods
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud