Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
August 31, 2009
Will micropayments thrive in social networks? (Part 1 of 2)
This is the first of a two-part series on micropayments and social networks.
One of the most recent, and indeed interesting, phenomena is the entrance of social networks into the micropayments arena. Micropayments, generally defined as small-dollar transactions of $25 or less, are inherently inefficient. Converting them into electronic payments from the traditional cash market is costly, since fees such as interchange can consume a large percentage, if not all, of the transaction.
However, things have been changing recently as the environment for small payments has grown more hospitable. Credit card companies have introduced contactless payment devices to address the costs associated with unattended purchases such as parking meters and vending machines. The emergence of online payment network contenders such as PayPal, Amazon, Google, and others has fueled the growth of online micropayment transactions, as has the growth in online media sales, such as the 99-cent songs on Apple’s iTunes.
Several social networks have gained popularity recently as trusted sites for the exchange of information, digital media, and communication. This popularity and trust can help foster the network effect necessary for establishing an effective payment system. However, developing a new payment system is a risky venture, and many micropayment provider start-ups are not successful.
While some social network sites are exploring the opportunities to offer payment services, they are also permitting outside payment providers to place their applications on the social network platforms. These payment providers are able to leverage the social network platforms providing online payment solutions and monetizing digital currency.
The demand for digital currency via social networks and the ability to monetize transactions in virtual economies are garnering attention from venture capitalists—and they’ve captured our attention, for the moment. The remainder of this blog as well as next week’s will examine a few examples of the emerging micropayment service providers that we found. Keep in mind, our list is by no means an endorsement or an exhaustive list.
First, consider Twitter, a social networking site that lets users give short updates to other users about what they are doing. Twitter has, in essence, created an ecosystem in which third-party service providers are leveraging it to enable micropayments. A recent person-to-person (P2P) start-up called Twitpay allows Twitter users to send payments to other Twitter users—that is, as long as they both have PayPal accounts. As a third-party application that merely uses the Twitter platform, Twitpay has no formal ties to Twitter, aside from the similar name.
The user fills in the payment instructions and presses the “tweet” link at https://twitpay.me. The application delivers the payment to the recipient’s Twitter Twitpay account. The recipient pays the cost of the transaction, which currently consists of PayPal’s commercial transaction fee of 2.9 percent of plus 30 cents. A user also can replenish his Twitpay account using PayPal.
Another third-party application that recently started using the Twitter platform is Twollars, a vehicle for charitable giving in small-dollar denominations that allows Twitter account holders to donate to a charity or cause of their choice. Twollars was conceived in January 2009 as a way for people on Twitter to thank one another for sharing digital content and giving advice and information. Symbolic currency on “twollars” can be converted by charities into real currencies, such as dollars and euros, for example, again via PayPal. The Twollars Web site contends that Twollars can only be converted into real currency through donations to good causes. Charities can start campaigns on Twitter to raise funds. Any Twitter user starts with 50 Twollars. The Twitter platform allows even the smallest charity to reach a large audience. The site even allows businesses to reward customers with Twollars to be used for a charitable cause of their choice.
Next week in Part 2, we look at Facebook as well as other players in this emerging market such as Spare Change, Zong, and BOKU.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum at the Atlanta Fed
August 24, 2009
Forum launches “Payments Spotlight” podcast series
Since February 2009, the Retail Payments Risk Forum has regularly posted to the Portals and Rails blog interesting and thought-provoking topics related to retail payments risk issues. This online forum provides a dynamic platform to spark conversation and foster ideas about these topics. In an effort to further expand the dialogue, we are excited to announce the launch of the Payments Spotlight podcast series this month.
Payments Spotlight will be posted regularly on the Federal Reserve Bank of Atlanta’s Web site. The podcast will feature recorded interviews with leading experts in the payments industry on relevant issues. The first installment features a conversation with Woody Tyner, payments strategist at BB&T Bank in North Carolina. In his comments, Mr. Tyner provides an insightful perspective that is definitely worth a listen on how the payments industry can balance innovation and risk management.
We hope that you will not only check out this installment but also tune in on a regular basis as we feature other leading thinkers and practitioners representing a wide array of perspectives. You can listen to the Payments Spotlight podcast using any computer audio software that will play MP3 files. To subscribe to the podcast series directly, go to the Atlanta Fed podcast page, click on the "subscribe" button next to Payments Spotlight, and follow the instructions for adding the series to your aggregator. You can also follow the series by staying tuned to Portals and Rails, where we will post information about new podcasts as they become available.
Let us know what you think, and please submit any suggestions you have for future podcast topics.
By Jennifer Grier, senior payments risk analyst at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Forum launches “Payments Spotlight” podcast series:
August 17, 2009
Oliver: Funding of risk initiatives faces risky times
This week, we have a special guest blogger: Richard Oliver, an executive vice president with the Federal Reserve Bank of Atlanta. Oliver was a pioneer in electronic payments, working on a Fed system project with the U.S. Treasury to develop direct deposit. He was also instrumental in the Atlanta Fed becoming the second automated clearinghouse (ACH) operation in the United States. Since 1998 he has served as retail payments product manager for the Federal Reserve System. In this capacity, he has responsibility for managing the Fed's check and ACH businesses nationwide.
As we look forward to a slow but steady emergence of the banking industry from the current financial firestorm, the question arises as to how investments in the payment system will fare. More specifically, will banks and other payment system players secure funding for initiatives critical to mitigating payment fraud and risk?
Experiences gained from previous economic crises have reshaped individual and corporate attitudes and practices. Certainly, the folks who experienced the Great Depression turned into a generation of savers, conservative spenders, and cautious borrowers. Recent discussions with payment leaders have given rise to the possibility that conservative spending habits may be with us for some time. These habits may be manifested in restricted, prioritized spending on payment initiatives in general and fraud and risk mitigation efforts more specifically.
Given the already narrowing margins in retail payment profits, coupled with enterprisewide scrutiny of expenses across business silos, it is likely that payment organizations will have to prioritize spending in ways not typical of the last decade of innovation and constant change. These limitations will create choices concerning which investments are mandatory and which are discretionary. Investments in initiatives directed at data security and fraud detection might take a back seat to investments in relieving the pent-up demand for maintenance and enhancements of core payment and settlement systems or investments in exciting new technology.
In an ideal world, focused and well-reasoned business case analysis would dictate the priority of spending. My personal experience, however, has revealed that investments in fraud reduction, data security, etc., face an uphill battle when competing for scarce dollars. This phenomenon stems from three major factors.
First, there is always a perception that risk/fraud expenditures are discretionary. It remains to be seen if the staggering cost of poor risk management that led to the financial crisis, coupled with the everyday visibility of fraud schemes, will help shed the discretionary label. Discretion, by the way, not only involves expenditures on new artificial intelligence software or high-tech encryption devices; it also involves more subtle decisions about the number of staff authorized to monitor systems, notify customers of breaches, and research problems. After all, the risks involved in past lending and investment practice that were at the heart of the financial crisis largely involved "payment" of obligations and not "payments."
Second, to do effective business case analysis, good data must be present. It is not at all clear whether banks and other payment providers have transparent and reliable systems in place to detect, measure, and categorize fraud in a way that allows its financial impacts to be estimated. Certainly, banks have historically been reluctant to share such data externally. Further, do banks have in place systems that can collect and allocate fraud management costs in such a way as to complete a meaningful cost-benefit analysis? Without good data, business case analysis becomes an art, not a science. Clearly, for bad actors fraud is their core business; there is no business case to explore and no budget committee to satisfy. In fact, their pursuits are recession proof.
Finally, investments are about the future, not the past. My personal experience in this area is that the past is a poor predictor of the future. In that light, how does an organization forecast likely trends in fraud losses? Is the past a good predictor of the future? Can recent trends such as the reduction of unauthorized activity in the ACH network reasonably be extrapolated, or will the fraudsters simply move to another payment channel where controls are weaker? More importantly, will new technology help bad actors commit fraud more easily or help banks do a better job of detecting and preventing fraud? Should the business case for the future depend on average industry trend data or should it protect against "the big one," the major incident that culminates in a $100 million–$200 million loss? Answers to these questions will ultimately separate the prepared from the unprepared.
Regardless of the answers to these perpetually difficult questions, most of which will stem from core experiences and individual philosophies, one thing is certain in the wake of our recent experience: Reputation is more important than ever. Positive reputations are difficult to build, hard to maintain, easy to lose, and even harder to reclaim. The value placed on reputation must be carefully considered by senior decision makers in setting the course for the future.
August 10, 2009
Collaboration to address payments risks and fraud
In the world of payments, all players share an interest in seeing that risks are detected and mitigated quickly and effectively. However, when threats emerge, is it everyone for themselves? How does the variety of interests and goals among all the players converge? In a private marketplace mixed with government actors, how can we work better together?
Participants at a 2008 conference hosted by the Retail Payments Risk Forum discussed these issues and described the challenges and potential solutions. A year later, the findings of this forum are worth revisiting.
Real or perceived information-sharing limitations among financial institutions, regulators, law enforcement, and others can substantially impede addressing retail payments risks on a timely and effective basis. Examples include inconsistent or incomplete payments data, varying success levels of intra- and interagency collaborations, varied and overlapping jurisdictions, an incomplete network of memoranda of understanding (MOUs), privacy restrictions, perceived barriers beyond legal restrictions, competitive interests, costs, and trust. Suggestions for improvement in this area focused on:
- collection, consistency, and commonality of payments data, better understanding of its utility, and analysis tools. While data needs vary, a first step would be to focus on data elements of shared interest. A working group could facilitate ongoing payments data compilation and analysis efforts;
- formal and informal dialogue among various agencies and others, including simple measures such as shared contact lists;
- development of a “matrix” of various roles/responsibilities/information sources for shared use to facilitate more timely location of information and expertise available; and
- a more systematic, organized mechanism for information sharing, perhaps by establishing “brokers” for relevant information such as payments data.
Policing bad actors
Many noted that communication about bad actors is often ad hoc and that information is too widely dispersed to be useful and timely. Individual agency efforts, published enforcement actions, SAR filings, interbank collaborations, and industry self-regulatory efforts, while all worthwhile, have not fully promoted effective information gathering and sharing among all the parties who can have an impact. Suggestions for improvement in this area included:
- better understanding of risks across payment channels, both for front-end access point(s) and back-end processing, to mitigate fraudster arbitrage of vulnerabilities;
- publishing enforcement actions and related settlements more effectively as a deterrent;
- establishing a central “negative list” or “watch list” of bad actors;
- extending registration requirements for third parties participating in payments networks beyond existing targeted voluntary efforts;
- strengthening and clarifying regulatory guidance, such as that for counterfeit checks and consumer account statements;
- better educating consumers and banks regarding common issues;
- a more direct means of compensating victims;
- mining specific activity reports and other existing agency databases such as consumer complaints data; and
- potential new SEC codes within ACH to better track risks.
Participants identified collaborative efforts to help detect and/or mitigate retail payments risk issues and identified benefits and gaps. Examples included bank regulatory groups (intra- and interagency), national and regional law enforcement partnerships, interstate collaboration, federal-state working collaborations, joint investigative task forces, examination- or case-driven ad hoc efforts, and industry data-sharing efforts. Potential avenues for improved collaborative action included:
- a law enforcement/regulatory payments fraud working group;
- a virtual collaborative forum via Web sites, e-mail lists, or regular phone calls;
- greater attention paid to requests for comments on proposed NACHA rules;
- examiner and law enforcement training opportunities;
- participation in and/or support for industry database sharing efforts;
- engagement with industry groups to improve best practices;
- a Web-based resource for consumers supported by all (“fraud.gov”);
- implementation of further MOUs among agencies; and
- efforts to identify fraud patterns across agencies, such as the federal government’s Eliminating Improper Payments Initiative.
Substantive areas of concern
Participants were asked to describe substantive retail payments risk issues that keep them up at night. Some common themes emerged, including:
- strengthening the oversight of third-party payments processors and others not covered by the Bank Service Company Act;
- quantifying and better managing the misuse of remotely created checks;
- understanding and mitigating risks associated with “cross-channel” fraud;
- “Know Your Customers’ Customer” due diligence, compliance, and associated risks and potential liabilities for fraud detection/mitigation purposes;
- establishing a common means of redress for consumers regardless of the payment channel; and
- improving the clarity of consumer account statements by instituting standards and reducing jargon.
Progress has been made on a number of these ideas in the past year, including the formation of new working groups and other collaborations. The Retail Payments Risk Forum continues to explore opportunities and implement solutions to help foster collaborative action to address these and other industry concerns. Your input in the form of comments to Portals and Rails on these or other topics is welcomed!
By Clifford S. Stanford, assistant vice president and director of the Retail Payments Risk Forum at the Atlanta Fed.
TrackBack URL for this entry:
Listed below are links to blogs that reference Collaboration to address payments risks and fraud:
August 3, 2009
Accounting for ACH losses: What are the right numbers to crunch?
From talking with a number of industry players, it has become increasingly clear that there is both a healthy desire for ACH origination loss data to help understand risks and also business practices that limit the extent to which data to benchmark ACH losses are available in the first place. The challenge is to reconcile these two conflicting objectives.
Many banks today treat ACH origination as credit underwriting, particularly for business customers. Given this, one way banks may account for losses as a result of ACH origination is as credit losses against loan loss reserves or other similar accounts. This method is entirely appropriate as a risk management practice given the potential for losses the ACH originating bank may incur as a result of unauthorized debit items that are returned by the receiver through its bank. The originating bank, having already credited its customer’s account, may find itself unable to collect the returned item and thus may incur a loss.
NACHA does publish aggregate trend data on what is probably the best metric it has available—unauthorized returns as a percentage of all ACH debits in the network. While this is a good starting point, it is not a fully accurate picture of the actual losses banks may incur as a result of ACH origination (whether for debits or credits). While the trend of unauthorized debit returns is instructive, it does not explain the dollar losses to banks.
Further, while it is likely that most banks track or have the ability to track their losses from ACH origination, there is no standard regulatory or other financial reporting for banks to report ACH loss information. Such losses may be attributable to fraud or not, but the extent of these losses in terms of aggregate dollars and velocity is likely to be a more robust data point for analysis of ACH fraud and ACH origination risks than the data available today. Improved data on banks’ ACH loss experience would go a long way to explain the true extent of ACH origination risk within the network overall and may promote banks’ ability to benchmark their own losses in an effective way. It also would enable both the network and individual banks to better tailor their risk management efforts. Most importantly, having more data could help dispel any mistaken assumptions about how much financial loss banks are experiencing from operational and fraud risks in ACH origination activities.
By Clifford S. Stanford, assistant vice president and director of the Retail Payments Risk Forum at the Atlanta Fed.
- The Range of Un-Friendly Fraud
- Payments Webinar October 10: Cash in the 21st Century
- "Insuring" Ransomware Will Continue to Flourish
- Designing Disclosures to Be Read
- Is There a Generation Gap in Cash Use?
- What the Most Convenient Food Tells Us about Payments
- Is Friction in Payments Always Bad?
- Why Should You Care about PSD2?
- At the Intersection of FinTech and Financial Inclusion
- A Call to Action on Friendly Card Fraud and Loss?
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- account takeovers
- ATM fraud
- bank supervision
- banking regulations
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- credit cards
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- financial technology
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- online retail
- Payment Services Directive
- payments fraud
- payments innovation
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- skills gap
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workforce development
- workplace fraud