Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
June 17, 2019
Performing and Paying in the Gig Economy
Bobby Short at the Café Carlyle in New York City. Hank Williams at Nashville's Grand Ole Opry. A trumpet player in the pit, a pianist at a bar. All these musicians have been gigging—that is, they've performed live for pay. The term gig is thought to be shorthand for engagement and has been around since the early years of the 20th century.
Nowadays, it seems that a lot more workers—not just musicians—gig. In the gig economy, independent workers perform short-term jobs for companies or individuals. Many of us presume that most of those jobs are somehow enabled by technology. Now some counterintuitive data about the gig economy comes from the Federal Reserve's Survey of Household Economics and Decisionmaking (SHED).
The SHED finds that three in 10 U.S. adults did some gig work at least once in the month prior to the survey. The survey defines gigging as selling goods online or renting out property, as well as providing personal services like yard work or ride sharing. Among gig activities, child- and elder-care, cleaning, and property maintenance were most common. Half of gig workers indicated they spent five hours or less on gig work in the month prior.
One finding that surprised me: the gig economy is an offline economy. Compared to the 30 percent of adults who did some gig work, just 3 percent of adults used a website or mobile app to find that work. Said another way, that means that just one in 10 gig workers engage in what this paper from the Boston Fed calls "internet platform-based work."
My immediate reaction: how can that be? I took 15 ride shares in April, one every other day. Surely there are more Uber and Lyft drivers out there. My second thought: my mom gets rides, too. When Mom wants a ride, she makes a call on her landline phone to a gig worker for a local agency that helps seniors live independently. As the SHED report puts it, "Most of [gig] activities predate the internet." Driving, housekeeping, babysitting, and lawn maintenance all have been around for a long time.
And, in fact, the SHED estimate of internet platform-based work is higher than some others, because the work is not limited to providing services. It includes, as noted above, selling stuff via online marketplaces. In comparison, the Contingent Worker Supplement from the U.S. Bureau of Labor Statistics (BLS) finds that in May 2017, 1 percent of workers engaged in "electronically mediated work," defined as "short jobs or tasks that workers find through websites or mobile apps that both connect them with customers and arrange payment for the tasks." (Note that the SHED estimate is a share of adults and the BLS is a share of workers ["employed persons," defined here].)
Like the gigs, some ways to pay for gig work predate the internet. My mom pays her driver directly on the same day with paper. And, in fact, the 2017 Survey of Consumer Payment Choice found that 70 percent of person-to-person (P2P) payments were made with cash or checks.
I pay the ride-share app with a fingerprint through an intermediary. The driver, paid indirectly by me, gets an ACH credit to a bank account or a prepaid card load. Many get paid the same day or right after the ride. About half of those I speak with don't mind the 50 cent fee to get paid sooner.
Two ways to arrange a ride. Two ways to pay. Both relevant in the 21st century.
By Claire Greene, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
June 10, 2019
The ABCs of Elder Financial Exploitation
In 2011, the World Health Organization designated June 15 as World Elder Abuse Awareness Day. So each year, a number of organizations supporting the elderly run educational campaigns throughout the month of June aimed at increasing awareness of elder abuse. This crime has a number of different forms: physical, emotional, or sexual abuse, neglect and abandonment, and financial exploitation.
We covered the growing impact of elder financial abuse in terms of numbers in a post last August. That growth is being driven by a double whammy: the surge in the senior population and the proliferation of available exploitation attack channels, thanks to the internet. Because none of this is likely to slow down for some time, education is critical. As the Retail Payments Risk Forum has stressed before, education is an important element in curbing fraud, and this area is no exception.
Here are some of the more common financial scams targeting the elderly:
- Charity: The victim receives a request, usually over the telephone or in a public place, for donations for natural disaster relief or other good causes, but the funds are not used for such purposes.
- Sweepstakes/lottery: The victim receives a letter, email, or telephone call with the news that they have won a lottery or cash sweepstakes—but they have to pay a tax or administrative fee in advance.
- Home repairs: Someone tells the victim that some aspect of their property needs repair—for example, the driveway, roof shingles, or gutters—and it can be done inexpensively since there is a "crew already in the area." The victim must pay by cash or check in advance, but the crew never appears to do the work.
- Romance: The fraudster, often posing under a false identity, makes romantic overtures and eventually asks the victim to send money so he or she can travel to meet them.
- Tax: The victim receives a phone call from the fraudster claiming to be an IRS agent pursuing back taxes and unless the victim sends funds immediately, they will be subject to arrest. A variant of this scam involves the perpetrator posing as a police officer pursuing unpaid traffic tickets or other infractions.
- Virus: A "technical support" company calls the victim, claiming that a virus has infected the victim’s computer. For the payment of a "modest fee," the company can download software that can kill the virus and protect the computer against future attacks. Often, the software downloaded actually contains some form of malware that may allow the criminal to compromise the banking credentials of the victim.
- Other advance fee fraud: The fraudster requests money to help a relative in jail or stranded on the roadside. The situations are completely false but might contain some element of truth as the scammer may have found information on social media providing a name or that the named individual is out of town.
- Identity theft: The criminal communicates with the victim through social media, telephone, or email to obtain bank account or other information allowing them to attempt a wide variety of fraudulent activities including credit applications, unauthorized account transactions, and more.
- Investments: The victim is convinced to purchase an annuity or some other investment with a supposed lucrative payback.
Sadly, most elder financial abuse is committed by family or other people who are trusted with care of the elderly, which makes the crime more difficult to detect. Such abuses range from the transfer of property or securities to the theft of liquid assets through check writing or ATM withdrawals.
While researching this issue, I was heartened to learn that various organizations are developing or improving software products to help spot potential financial exploitation or to provide training materials. The American Association of Retired Persons recently launched a pilot program for financial institutions called BankSafe. It is a free online training program with educational material presented in different formats, including video games, distributed by the Independent Community Bankers of America and the Credit Union National Association, and, directly, by some financial institutions. In addition, a recent Dow Jones Institutional News article highlighted some fintech products designed to alert trustees of unusual or suspicious activity.
If you know of any valuable programs or organizational efforts to increase awareness of elder financial abuse, please let us know.
By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
June 3, 2019
Hitting the Brakes on the Cashless Society
"Reverse ATMs" is a term I learned from reading my colleague Oz Shy's new working paper, "Cashless Stores and Cash Users." At venues that don't accept cash at the register, the patron puts cash into the reverse ATM and a loaded prepaid card comes out. Mercedes-Benz Stadium in Atlanta, for example, is one of the latest venues to adopt this practice.
Speaking of "reverse," I'm sure you know that some states and municipalities are seeking to reverse what may—or may not—be a trend toward brick-and-mortar retailers not accepting cash. Refusing to accept cash has been illegal in Massachusetts, where I live, since 1978. More recent developments:
- Philadelphia will ban cashless stores beginning in July.
- In March, New Jersey outlawed cashless restaurants and stores.
- In May, the San Francisco Board of Supervisors voted to require brick-and-mortar businesses to accept cash.
- Also in May, Representative David Cicilline (D-RI) introduced the Cash Buyer Discrimination Act, which would require businesses all across the United States to accept cash.
These and other proposed laws are predicated on the idea that people without access to payment cards or digital payments are harmed when they cannot make purchases using their payment instrument of choice: cash. Oz's paper adds to the conversation by examining the choices consumers make at the point of sale, depending on their access to different ways to pay.
Using data from the 2017 Diary of Consumer Payment Choice, Oz found that consumers who own different mixes of payment instruments use cash with different intensity to make in-person purchases:
- Diary respondents who own neither a credit card nor a nonprepaid debit card made almost 9 in 10 of their in-person payments with cash, on average. The median share of cash purchases was 100 percent.
- Diary respondents who own at least one credit card and one nonprepaid debit card make about one-third of their in-person payments with cash, on average. The median share was 20 percent.
Oz goes on to calculate the cost to the cash payers who do not have credit or nonprepaid debit cards of switching from cash to a prepaid card. He finds that, all things being equal, for some consumers, using cash would have to cost twice as much as using a prepaid card for the cash users to be indifferent to switching. Oz's conclusion: "A complete transition to cashless stores imposes a measureable burden on consumers who do not have credit or [nonprepaid] debit cards." For perspective, 8.5 percent of respondents with household income below the U.S. median ($61,000) did not have a credit card or nonprepaid debit card in 2017, according to the diary.
As this research shows, cash is important to some consumers. The cashless society could be on a collision course with reality.
May 20, 2019
Could Federal Privacy Law Happen in 2019?
Some payments people have suggested that this could be the year for mobile payments to take off. My take? Nah. I gave up on that thought several years ago, as I've made clear in some of my previous posts. I'm actually wondering if this will be the year that federal privacy legislation is enacted in the United States. The effects of the European Union's General Data Protection Regulation (GDPR) that took effect a year ago (see this Take on Payments post) are being felt in the United States and across the globe. The GDPR essentially has created a global standard for how companies should protect citizens' personal data and the rights of everyone to understand what data is being collected as well as how to opt out of this collection. While technically the GDPR applies only to EU citizens, even when traveling outside the European Union, most businesses have taken a cautious approach and are treating every transaction—financial or informational—that they process as something that could be covered under the GDPR.
A tangible impact of the GDPR in the United States is that the state of California has passed a data privacy law known as the California Consumer Privacy Act of 2018 (CCPA) that is partly patterned after the GDPR. The CCPA gives California residents five basic rights related to data privacy:
- The right to know what personal information a business has collected about them, where it was obtained, how it is being used, and whether it is being disclosed or sold to other parties and, if so, to whom it is being disclosed or sold
- The right to access that personal information free of charge up to two times within a 12-month period
- The right to opt out of allowing a business to sell their personal information to third parties
- The right to have a business delete their personal information, except for information that is required to effect a transaction or comply with other regulatory requirements.
- The right to receive equal service and pricing from a business, even if they have exercised their privacy rights under the CCPA.
According to the National Conference of State Legislatures (NCSL) 17 states have mandated that their governmental websites and access portals state privacy policies and procedures. Additionally, other states have privacy laws related to privacy, such as children's online privacy, the monitoring of employee email, and e-reader policies.
Take On Payments has previously discussed the numerous efforts to introduce federal legislation regarding privacy and data breach notification with little traction. So why do I think change is in the air? The growing trend of states implementing privacy legislation is putting pressure on Congress to take action in order to have a consistent national policy and process that businesses operating across state lines can understand and follow.
What do you think?
By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
-payments">Retail Payments Risk Forum at the Atlanta Fed
- Performing and Paying in the Gig Economy
- The ABCs of Elder Financial Exploitation
- Hitting the Brakes on the Cashless Society
- Could Federal Privacy Law Happen in 2019?
- What Can We Learn about Fraud from the United Kingdom?
- Business Email Compromise Moves Mainstream
- Next-Gen Security
- The Prepaid Rule: All Jokes Aside
- For Customer Education, Map Out the Long Journey
- Insuring Against Cyber Loss
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- December 2018
- November 2018
- October 2018
- September 2018
- account takeovers
- ATM fraud
- bank supervision
- banking regulations
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- credit cards
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- financial technology
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- online retail
- payments fraud
- payments innovation
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- skills gap
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workforce development
- workplace fraud