About
Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
What's New
Federal Reserve Web Sites
Other Bank Regulatory Sites
Take On Payments
March 18, 2019
The Patriots of the Payments Landscape
Last February, the New England Patriots and their future first-ballot Hall of Fame quarterback, Tom Brady, won their sixth Super Bowl title since 2002. Over this 17-year period, they have played for the National Football League title nine times. In college football, a similar scenario has emerged, with two teams (the University of Alabama and Clemson University) winning seven out of the last 10 collegiate football national titles. It is proving to be very difficult to upend the dominant players in this sport, and many football fans and pundits believe that such domination makes the overall sport less interesting (especially if your favorite team isn’t Alabama, Clemson, or the Patriots). They think it’s bad for the sport and argue it would be better to see more variety in championship teams. As I think about that perspective, my mind drifts to a payments conversation that I am often a part of in both business and social settings: Where are payments going to be in the next three to five years?
While it would be much "more entertaining" in my social settings to be able to discuss some great shift in payments on the horizon, the fact is that right now payments is in a place similar to football’s. Card-based payments are sitting on top of the non-cash-based payments world and will be difficult to dethrone anytime soon. According to the Federal Reserve Payments Study 2016 (the last report that provided annual estimates for both automated clearinghouse (ACH) and check payments), card payments, by number of transactions, made up 72 percent of noncash payments. Now the latest figures from the payments study’s 2018 Annual Supplement report reveal that there were 123.5 billion card transactions in 2017, a figure representing robust growth of 10.1 percent from 2016. The report also highlights that, during this 2016–17 period, the number of network ACH payment transactions grew at an accelerated pace of 5.7 percent while large-institution check payments declined in number of transactions at an accelerated pace of 4.8 percent. The Federal Reserve is currently conducting its triennial payments study, which will provide updated national estimates on all noncash payments for 2018.
In the future, we might be dipping cards more often, tapping contactless cards, or even tapping our phones more, but it’s hard to envision a new payment channel making much headway in the next three to five years. Cards just have too big of a share and are experiencing accelerating growth. Consumers are not only accustomed to using them, but they also find that cards work very efficiently for them. And just like the football fans and pundits who talk or write about the need for different champions in the football world, payments professionals and pundits are enamored with writing about and discussing how blockchain, distributed ledger technology, faster payments, or some other brave, new technology are going to be the next frontier in payments. And you know, they might be right one day, but it’s not going to happen anytime soon, certainly not before Mr. Brady finds his way into the Hall of Fame.
By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
March 18, 2019 in credit cards , debit cards , emerging payments , fintech , innovation | Permalink | Comments ( 0)
March 11, 2019
Payments Webinar Explores a Fintech Talent Gap
Developments in financial technology (fintech), as welcome as they may be, are pressuring one of our most valuable resources: our workforce. Not only are there not enough candidates experienced in new fintech, but also there is a growing gap between the skills employers want and the skills that employed professionals have.
As fast as fintech is moving, it is important not to be hasty when making talent development decisions. Now is the time to be strategic and intentional in evaluating the ways to bridge the fintech talent gap. Most new banking technologies, especially those that are payments related (whether they’re offered by a traditional financial institution or a non-bank entity), require a new approach to software and cybersecurity. With this in mind, a fundamental feature of workforce development is aligning education and training programs with real business needs.
In the next episode of our Talk About Payments (TAP) webinar series, our panel will explore the underlying emerging technologies that are essential core knowledge for the payments and fintech workforce. We will also explore initiatives that are under way to bridge the fintech talent gap. Our panel will include:
- Jessica J. Washington, AAP, Payments Risk Expert, Federal Reserve Bank of Atlanta
- James Senn, Founding Director, Georgia Fintech Academy
- Allen Sautter, Information Security Officer, Federal Reserve Bank of Atlanta
We encourage financial institutions, merchants, fintechs, payments processors, law enforcement, academia, and other payments system stakeholders to participate. Participants will be able to submit questions during the webinar.
The webinar will take place on March 21, from 1 to 2 p.m. (ET). To participate in the webinar, you must register in advance (there is no charge). You can register here. Once you have registered, we will send you a confirmation email with the login and toll-free call-in information. You can direct questions concerning the webinar to David Lott at david.lott@atl.frb.org. We hope you will join us and be part of the discussion.
By Jessica Washington, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
March 11, 2019 in emerging payments , financial technology , fintech , payments innovation , skills gap , workforce development | Permalink | Comments ( 0)
March 4, 2019
The Importance of the Small
In Shakespeare's "A Midsummer Night's Dream," Helena said, "Though she be but little, she is fierce," in reference to the power of her romantic foe, Hermia. In today's pop culture, this quote can be found on T-shirts, coffee mugs, inspirational wall hangings, and social media memes touting women's power. But it has a broader meaning to me, one that says small voices are every bit as important as large ones.
In the payments industry, I think of the small voices as being the smaller financial institutions—which are crucial to the success of the Federal Reserve Payments Study, contributing a great deal to the study findings. The study, which estimates the number and value of noncash payments made by U.S. consumers and businesses as well as the data around payments fraud, is intended to inform policymakers, the industry, and the public about aggregate trends in the nation's payments system. Most recently, this work culminated in a benchmark report on U.S. payments fraud from 2012 to 2016.
One important component of the study is to collect data on checks, ACH, wire transfers, cards, cash withdrawals and deposits, third-party fraud, and related information from a nationally representative sample of commercial banks, savings institutions, and credit unions, from the largest to the smallest. So what exactly is meant by a "nationally representative sample"?
In a nutshell, for our estimates to be representative of national payment volumes, we have to account for all sources of volume. If we include only the largest institutions or leave out some segments, the estimates can be biased, either too large or too small. Even though much of payments volume is concentrated in the largest institutions, it is impossible to know how much so without having a good estimate for all segments of the banking population. Past surveys have shown that the segments can exhibit very different trends from study to study. For example, from 1995 to 2000, total checks at large commercial banks fell, while total checks at credit unions and savings institutions grew. (Read more about that in this report from the Federal Reserve Board of Governors.) Without the information from credit unions, the decline in checks would have appeared larger than it actually was.
Study participants are selected from among U.S. commercial banks, savings institutions, and credit unions. According to reports filed with the Federal Reserve in 2015, there were approximately 10,600 of these depository institutions (DI) in the United States that met the criteria (see the table). Using Call Report data filed with the Federal Reserve, a sample frame of slightly under 3,800 institutions was determined to be representative of the entire population of U.S. financial institutions. Each institution type is further grouped according to deposit size.
| Institution Type | Deposit Size (Maximum)* | No. of U.S. Institutions | No. Invited to Participate in Study |
|---|---|---|---|
| Commercial Banks |
50
|
50
|
|
|
$10,900,000,000
|
264
|
264
|
|
|
$ 799,500,000
|
247
|
237
|
|
|
$ 388,000,000
|
337
|
237
|
|
|
$ 232,000,000
|
618
|
308
|
|
|
$ 139,754,000
|
872
|
289
|
|
|
$ 83,909,000
|
1,190
|
444
|
|
|
$ 41,980,000
|
1,382
|
356
|
|
| Subtotal |
4,960
|
2,185
|
|
| Savings Institutions |
25
|
24
|
|
|
$ 1,650,000,000
|
48
|
48
|
|
|
$ 497,000,000
|
102
|
102
|
|
|
$ 195,000,000
|
132
|
104
|
|
|
$ 100,500,000
|
155
|
116
|
|
|
$ 46,300,000
|
292
|
96
|
|
| Subtotal |
754
|
490
|
|
| Credit Unions |
25
|
25
|
|
|
$ 730,000,000
|
47
|
46
|
|
|
$ 365,000,000
|
137
|
126
|
|
|
$ 185,000,000
|
174
|
143
|
|
|
$ 105,500,000
|
240
|
147
|
|
|
$ 58,000,000
|
399
|
167
|
|
|
$ 26,680,000
|
690
|
201
|
|
|
$11,190,000
|
3,144
|
242
|
|
| Subtotal |
4,856
|
1,097
|
|
| Total |
10,570
|
3,772
|
*For commercial banks and savings institutions, this is the sum of public checkable deposits (or checking account balances) and money market deposit accounts. For credit unions, this reflects public checkable deposits only.
Source: Table adapted from Geoffrey Gerdes and Xuemei Liu. "Improving Response Quality with Planned Missing Data: An Application to a Survey of Banks," in The Econometrics of Complex Survey Data: Theory and Applications (Advances in Econometrics, volume 39), ed. Kim P. Huynh, David T. Jacho-Chavez, and Gautam Tripathi. Available April 1, 2019.
As the table shows, financial institutions in each category with the lowest maximum deposit size comprise approximately 46 percent of the total number of U.S. institutions. Of this group, consisting of more than 4,800 DIs, just under 700 were invited to participate in the study, or approximately 18 percent of the total sample.
Take, for example, credit unions with a maximum deposit size of $11.2 million. In 2016, there were approximately 3,100 institutions in this category, and 242 were invited to participate in the study to represent that segment. Similarly, 96 savings institutions with a maximum deposit size of $46.3 million were selected to represent the overall segment of just under 300 institutions.
Grouping institutions in this way improves the quality of results, as the institutions within each category share many similar characteristics. The smaller institutions have a unique voice and experience that the larger DIs cannot represent. To develop a true and accurate national picture of the payments landscape, it is important that all voices be heard.
I hope your takeaway from this post is that the contributions of all financial institutions—large and small—are important to the accuracy and representativeness of the data that the Federal Reserve Payment Study reports. And although study participants may sometimes think their institutions are small fish in a big pond, their survey contributions serve as the voice of their peers, and in the collective, that whisper becomes a mighty voice.
By Nancy Donahue, project manager in the Retail Payments Risk Forum at the Atlanta Fed
March 4, 2019 in banks and banking , payments study | Permalink | Comments ( 0)
February 25, 2019
Fighting Discipline with Discipline
When I meet with law enforcement officers, they often describe the growing sophistication of criminal groups that commit large-scale fraud. Just like legitimate enterprises, these global organizations follow a disciplined process to reach their business goals. As a successful salesperson follows specific steps from prospecting to closing, successful criminal enterprises follow defined steps that improve their chances of successfully executing financial crimes.
Let's take a look at a disciplined, five-step process that criminals generally follow to successfully execute a business email compromise (BEC) attack. The process can also apply to other types of cybercrimes, such as account takeover.
- Identify targets. Fraudsters scan specific industries to identify firms to attack. While firms handling real estate closings and trusts remain primary targets of BEC attempts, other businesses, across multiple industries, that have large-value accounts payable have increasingly become targets.
- Gain access. Fraudsters attempt a variety of methods to gain entry to the business accounting or IT system. With BEC, the most common way in is to get an employee to open an email or click on a link containing malware that will result in the compromise of the employee's log-in credentials. Another method is to exploit a security gap in the company's IT access control system. Social engineering is also becoming more frequent.
- Establish a foothold. Upon gaining access to the business records of the company, the fraudsters are likely to create hidden paths to enter and exit the company's systems without detection.
- Conduct surveillance. More and more often, fraudsters take their time monitoring the activity and records of the company, sometimes for months. Doing so helps them better understand the company's controls related to authorizing large-dollar-value transactions and customer records maintenance. When they eventually conduct their misdeed, they stay within normal controls and therefore don't set off any additional oversight.
- Steal and retreat. When the criminals have gained the necessary knowledge—by conducting their thorough, sometimes lengthy surveillance—they make a funds transfer request. In a BEC, this is generally an email from a senior official of the company to the finance department conveying some sense of urgency. In most cases, the request refers to a valid invoice or customer account number in an attempt to appear legitimate. Of course, the criminal controls the account that would receive the funds. If the request succeeds, the criminal may make additional funds transfer attempts. When they're done, they try to erase any evidence of their intrusion.
These sophisticated criminals achieve their results with discipline, but you can successfully stop BEC and similar attacks by relying on your own discipline in several areas. BEC is totally preventable if a business combines employee education and testing with meticulous authorization control processes, audit oversight, and IT security techniques. Instill this discipline and you won't be a victim.
By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
February 25, 2019 in cybercrime , cybersecurity | Permalink | Comments ( 0)
Google Search
Recent Posts
- The Patriots of the Payments Landscape
- Payments Webinar Explores a Fintech Talent Gap
- The Importance of the Small
- Fighting Discipline with Discipline
- Acute Audit Appendicitis
- AI and Privacy: Achieving Coexistence
- So, How Often Do You Dip?
- A Cryptocurrency Primer
- Why Are Millennials So Risk-Averse?
- Hiding in Plain Sight
Archives
- March 2019
- February 2019
- January 2019
- December 2018
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
Categories
- account takeovers
- ACH
- ATM fraud
- authentication
- bank supervision
- banking regulations
- banks and banking
- biometrics
- card networks
- cards
- check fraud
- checks
- chip-and-pin
- collaboration
- consumer fraud
- consumer protection
- contactless
- credit cards
- crime
- cross-border wires
- currency
- cybercrime
- cybersecurity
- data security
- debit cards
- debt
- emerging payments
- EMV
- financial services
- financial technology
- fintech
- fraud
- identity theft
- innovation
- interchange
- KYC
- law enforcement
- malware
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- online retail
- P2P
- payments
- payments fraud
- payments innovation
- payments risk
- payments study
- payments systems
- phone fraud
- prepaid
- privacy
- regulations
- regulators
- remittances
- remotely created checks
- risk
- risk management
- Section 1073
- skills gap
- social networks
- telecom
- theft
- third-party service provider
- transmitters
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workforce development
- workplace fraud
