Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
March 27, 2009
2008: A year of thought on retail payments risk and fraud
Looking back, 2008 saw an array of Federal Reserve Bank–sponsored conferences and events focused on retail payments risk and fraud issues, as well as a number of highly relevant papers. It's worth compiling and highlighting a few of those Federal Reserve efforts (at the risk of leaving some out!). I think all these developments reflect a renewed interest in public-private partnerships both in the Fed and in the industry, interest that will promote collaborative efforts to address common issues.
First, here are links to three conference summaries and related papers resulting from Reserve Bank–hosted events in 2008:
- April 2008 – Philadelphia Fed Payment Cards Center: "Maintaining a Safe Environment for Payment Cards: Examining Evolving Threats Posed by Fraud"
- June 2008 – Chicago Fed Payments Studies: "Payments Fraud: Perception Versus Reality"
- October 2008 – Atlanta Fed Retail Payments Risk Forum: "Retail Payments Risk and Fraud: Detection and Mitigation"
In addition to the results of these conferences, there were a number of papers published last year from Fed staff that I would also highlight to our readers on relevant issues:
- Braun, et al., "Understanding Risk Management in Emerging Retail Payments"
- Gerdes, "Recent Payment Trends in the United States"
- Jacob and Summers, "Assessing the landscape of payments fraud"
- Weiner, "The Federal Reserve's Role in Retail Payments: Adapting to a New Environment"
By Clifford S. Stanford, assistant vice president and director of the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference 2008: A year of thought on retail payments risk and fraud:
March 19, 2009
Can information sharing reduce fraud?
I was doing some research recently to see what I could find on the legal impediments to information sharing among law enforcement agencies and bank regulators when I ran across a report published by the U.S. Government Accountability Office (GAO) in March 2001 titled "Financial Services Regulators: Better Information Sharing Could Reduce Fraud." The paper identified some benefits as well as barriers to sharing information and proposed a recommendation for moving forward. While little has changed since the GAO first issued that report, there still remains much to be gained in addressing these issues.
One of the things we hear from the financial services industry, law enforcement, and bank regulators is that we need to collaborate by sharing information to better detect and mitigate fraud in retail payments. Most of the law enforcement representatives we talk to say that payments fraud is on the rise as global and domestic fraud rings alike are gaining access to consumer data for identity theft and financial transactions. According to these representatives, the bottom line is that fraudsters are talking to one another and sharing information over a number of channels including the Internet, chat rooms, and even within the prison system. With this information in mind, perhaps now is the time to rethink the way we share information to prevent and mitigate fraud and risk in retail payments.
Databases for sharing information are decentralized among separate bank regulators
Decentralization of information by bank regulators is one of the barriers noted in the GAO report. Because the systems and databases that maintain records on individuals and businesses, consumer complaints, and disciplinary actions are decentralized among the separate regulators within the banking industry, an investigation of a rogue actor realistically could involve separate inquiries of the different bank regulators.
Most information sharing is limited to public information
The GAO report also concluded that while financial regulators agreed about the benefits of sharing regulatory and criminal data, there were concerns about how to do that without creating confidentiality, liability, and privacy issues as well as the potential for inappropriate use of information. Regulators expressed concern about the potential for premature disclosure of information obtained through regulatory activities or criminal investigations.
Once they are final, formal enforcement actions taken against banks, as well as cease and desist orders and civil money penalties, are all public documents that identify individuals and entities responsible for criminal, civil, and otherwise unsafe and unsound banking practices. However, the lag time between the identification of the risky or fraudulent practice and issuance of the formal action can be considerable and does not make information available for other victims or potential targets.
Information sharing is still in separate silos at the institution level
One caveat to the potential benefits derived from an industry-wide information sharing mechanism is the fact that data are often isolated among disparate silos within a financial services company. Enterprise-wide risk management is often designed to aggregate information from separate lines of business, each often equipped with its own fraud prevention process and data collection. The successful business model going forward might enable the sharing of information across a bank's payment products and channels to prevent a fraudster from hitting the same institution multiple times.
Private industry efforts are emerging to collaborate
There are a number of private industry initiatives in play, such as third party–sponsored consortiums for financial institutions to share information among one another. These services are provided at a cost that some financial institution participants are unwilling or unable to bear. The cost for information serves as a barrier in this sense, potentially driving the fraudsters to the weaker links in the system that cannot afford to participate in the cost of building a data-sharing mechanism.
Financial modernization efforts have resulted in more electronic transactions of payments and information. While nontechnological means of fraudulently obtaning confidential consumer information remain prevalent (dumpster diving, etc), the use of the Internet and chat rooms makes it increasingly easy for rogue actors to communicate and share information to perpetrate fraud. Social networks are growing in popularity as consumers are increasingly comfortable in sharing information over the Internet. This technologically inspired trend was not entirely envisioned when the laws and rules designed to protect rights to privacy were crafted. Changing the legal boundaries established among regulatory and law enforcement agencies may be necessary to enable truly effective detection and mitigation of fraud, but this practice can't happen overnight.
What steps can we take to break down the barriers to information sharing? How do we balance one party's "need to know" with another's need to safeguard sensitive information? How do we determine what data are most universally useful in our mutual efforts to predict and recognize fraudulent activity and identify the bad actors? We would like to hear from you, so please let us know your thoughts.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Can information sharing reduce fraud?:
March 10, 2009
B2B: Will checks ever really go away?
While check writing in the aggregate is on the decline, one last bastion may remain in the business-to-business (B2B) arena. While consumers are adopting electronic payments at an increasing rate, most B2B payments continue to be made by check—roughly 74 percent, according to a 2007 survey conducted by the Association of Financial Professionals (AFP). This study found that the average business surveyed makes 65 percent of its B2B payments to suppliers by check, with 18 percent by automated clearinghouse (ACH) credit and 11 percent by wire transfer. With the myriad payment choices available to suit a variety of user preferences for both consumers and businesses, why has the migration to electronic payments by businesses lagged that of consumers?
The adoption of electronic payments by consumers has exceeded analysts' projections in recent years as a result of a confluence of a number of different variables, namely convenience, security, and efficiency, which have provided the necessary incentives for adoption. The Internet has emerged as an increasingly trusted payments and product distribution channel as well, facilitating the initiation of electronic payments via both card networks and the ACH. While the same benefits of electronic commerce are desirable to the B2B payments segment, the complexity of the B2B payments landscape along with technology constraints for smaller business partners contribute to a less rapid adoption than seen in the consumer-to-business segment. What are the major B2B barriers to adoption, and how are they being addressed?
The problem with cards
Cards are an expensive proposition for payments between trusted and known business partners, particularly for large value payments. While they offer advantages such as financial management and control, they also impose a hefty interchange fee of roughly 2 percent of the transaction. If you know and trust your customer, you are probably more inclined to write a check, which has no transaction fee. This scenario is likely to be particularly true during times of economic downturn such as we are now experiencing.
ACH and wire transfers
Wire transfers are important for payments that are high dollar and require immediate settlement. Their high cost limits their use, however. Also, wire transfers tend to be used by larger versus smaller business organizations. The ACH is growing more popular for larger organizations for payments between major trading partners but is used more to receive than to make payments. It is also important to note that NACHA rules currently prohibit the conversion of business checks in the ACH. While the ACH format permits the transmission of payments and remittance data, there are a number of other alternative methods to deliver remittance information.
Obstacle: no standard remittance information
One clear obstacle to the migration from paper to electronic payments is the lack of standardization in the way remittance information is sent with the payment. Because of variations in data formats, trading partners may not be able to send or receive automated remittance information with electronic payments, inhibiting the automation of accounts receivable systems. Smaller organizations typically lack full integration between electronic payment and accounting systems, as their incentives to invest in the enabling technology are likely to differ from their large corporate counterparts.
Since electronic payments are typically faster than checks, an accounts receivable function might embrace an electronic payment in order to reduce the time to collect receivables, in direct contrast to an accounts payable function. Sophistication and size generally correlate to willingness to invest in the technology to adopt electronic payments.
Moving from checks to electronic payments can reduce fraud
In the AFP's 2008 Payments Fraud and Control Survey organizations of all sizes reported more attempted or actual payments fraud in 2007 from checks than from other payment methods. However, the report also notes that the majority of survey respondents did not actually suffer financial loss from the fraudulent activitity, suggesting that effective use of risk mitigants to control fraud once it is identified.
|Payment Methods Subject to More Payments Fraud in 2007 Compared to 2006|
(Percent of Organizations Subject to Greater Amount of Attempted or Actual Payments Fraud)
|* receive only||Source: 2008 AFP Payments Fraud|
and Control Survey
B2B future is likely electronic
While the pace of migration to B2B electronic payments may not accelerate in today's distressed financial environment, eventually the obstacles to the electronification of B2B will be resolved. For now, the bottom line is that businesses want to send payments in the most cost-effective way possible, and no one payment type may suit every payment need. Just as consumers will continue to avail themselves to the full spectrum of payment alternatives, depending upon what is cheapest, trusted, and most convenient, so too will businesses choose payment options that makes the most business sense.
Electronic payments are growing in the B2B space, but not by leaps and bounds, even in recent times when the economic outlook was favorable and financial institutions were readily investing in payments technology. While the future of B2B payments will likely be electronic versus paper-based, there is no clear evidence to show whether businesses will choose one electronic option to the exclusivity of another. For now, checks continue to represent a good value proposition to businesses, particularly when they can be imaged during the collection process to avoid transportation costs.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference B2B: Will checks ever really go away?:
- The Range of Un-Friendly Fraud
- Payments Webinar October 10: Cash in the 21st Century
- "Insuring" Ransomware Will Continue to Flourish
- Designing Disclosures to Be Read
- Is There a Generation Gap in Cash Use?
- What the Most Convenient Food Tells Us about Payments
- Is Friction in Payments Always Bad?
- Why Should You Care about PSD2?
- At the Intersection of FinTech and Financial Inclusion
- A Call to Action on Friendly Card Fraud and Loss?
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- account takeovers
- ATM fraud
- bank supervision
- banking regulations
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- credit cards
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- financial technology
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- online retail
- Payment Services Directive
- payments fraud
- payments innovation
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- skills gap
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workforce development
- workplace fraud