Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
September 26, 2011
I can’t use my prepaid card for that now?
The focus of the Portals and Rails blog is usually related to fraud or operational risks to the payments system. Today's blog will take a look into a different type of risk, the risk of reduced functionality for general purpose reloadable (GPR) prepaid cards. An interesting development with GPR prepaid cards has risen out of the recent Regulation II (Reg II) ruling. Considering that 1.3 billion general purpose prepaid card transactions were conducted in 2009, according to the 2010 Federal Reserve Payments Study, changes affecting GPR prepaid cards could affect many people.
Reg II, which was instituted in response to the statute commonly referred to as the Durbin Amendment, has an unintended consequence. Consumers risk losing some payment functionality with prepaid cards, including the ability to have funds auto-drafted via ACH from GPR prepaid cards. The risks of unintended consequences such as this one has not gone unnoticed by the Federal Reserve Board. In fact, during the June 29 Open Board Meeting, Governor Duke expressed her concern on this topic and would eventually like the Board to "undertake a study to quantify the overall effect of this rule on consumers."
With the Reg II interchange cap set to go into effect on October 1, many institutions are implementing new checking account fees and debit card fees that will undoubtedly make checking accounts and debit cards costlier for consumers. However, outside of eliminating or reducing rewards, institutions will offer consumers the same benefits and functionality for debit cards as they did before Reg II. It does not appear that the same can be said for the functionality and convenience of GPR prepaid cards.
To be exempt from the interchange cap, a GPR prepaid card must be the only means for a consumer to access the funds on that card or the card issuer must qualify for the small-issuer exemption (assets of less than $10 billion). If the consumer can access funds on a GPR prepaid card issued by a large issuer (assets of $10B or more) with a check, ACH, wire, or other account transfer method, then the card is viewed as a "deposit account" and therefore not exempt from the Reg II interchange cap. It was critical that the regulation include this language concerning GPR prepaid cards to prevent the widespread evasion of the interchange cap by issuers labeling traditional debit cards and their underlying deposit accounts as prepaid cards.
Conceivably, a GPR prepaid card issuer could be exempt from the Reg II interchange cap by eliminating payment functionality beyond the purchasing function of the prepaid card. Under this scenario, consumers would no longer be able to use their GPR prepaid cards to auto-draft funds via ACH from the card to pay recurring bills, such as utility bills.
According to recent comments by the CEO of Green Dot, the largest GPR prepaid card program manager, "all Green Dot managed programs, including our Walmart MoneyCard program, will be exempt from interchange restrictions under the Durbin interchange amendment and therefore, our programs will not be subject to lower interchange." A recent article in the American Banker noted that Green Dot would need to either remove features of its cards or switch bank issuers (neither of Green Dot's current issuers can qualify as small) for its cards to be exempt from the interchange cap.
Implications for GPR prepaid card users
With Green Dot cards set to be exempt from the Reg II interchange cap, many GPR prepaid card users should prepare for the loss of the direct debit functionality of their cards. And with the loss of this payment option, prepaid card users that currently use their cards' direct debit functionality to pay bills will now be more at risk of making late payments and having to pay the accompanying late fees. Furthermore, because many recurring billers, including utility companies, often charge a fee for card-based payments, GPR prepaid card users can expect to pay a service fee for paying some of these bills. To avoid these service fees for card-based payments, GPR prepaid card users may be forced to make cash payments in person, which can be both inconvenient for the consumer and costly for the biller.
A final thought
Perhaps the most surprising information from the Green Dot announcement is the fact that the WalMart Money Card will also be exempt from the interchange cap. With merchants being some of the biggest proponents of the Reg II interchange cap, it's interesting to learn that a merchant cobranded prepaid card will be stripped of a feature that provides consumers with a free, safe, and convenient way to pay bills all in the name of earning the higher interchange and presumably maintaining low costs for consumers. Given the utility of GPR prepaid cards for the un- and underbanked population, will removing electronic payment functionality from the cards further disenfranchise these consumers from banks? Or would increasing consumers' cost for the product to maintain its current functionality lead this segment away from electronic payments and back to cash?
By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference I can’t use my prepaid card for that now?:
September 19, 2011
The prepaid market: Growth and sophistication mean more risk
FinCEN has released its final rule on prepaid products, and a key feature expands the Bank Secrecy Act (BSA) compliance obligations to include providers and sellers of certain types of prepaid access devices. In March, we discussed FinCEN's proposed rule on prepaid products. The rule was drafted with the intent to address potential money laundering risks in prepaid access devices.
The final rule, released July 29, also replaces the term "stored value" with "prepaid access." The purpose of changing the nomenclature was to cast a broader net by covering not only prepaid access devices like cards, but also emerging prepaid access devices such as key fobs and mobile phones. The new definition is broad enough to cover any type of device that can serve as a portal to funds that have been paid for in advance and are retrievable and transferable.
Prepaid access devices are available in a wide variety of formats. Some types of prepaid access devices come in the typical card format, while others can exist in virtual form, such as an electronic serial number.
Growth of prepaid access
There is good reason for FinCEN's interest in prepaid products. Growth in consumer adoption and increased government activity (payout of government benefits, including unemployment and social security, among others) have accelerated the acceptance rate of prepaid products in recent years. Mercator Advisory Group predicts in its Seventh Annual Prepaid Market Forecast that the total dollars loaded onto prepaid cards may climb to $672 billion by 2013.
The Office of the Comptroller of the Currency (OCC) has also responded to the growth and sophistication of the prepaid market by releasing guidance to national banks that offer prepaid products with advanced functionality. The guidance advises national banks to develop comprehensive risk management policies and procedures to guard against potential fraud. The OCC expressed that prepaid products offering features such as international funds transfers, card-to-card transfers, and Internet transfers can potentially expose banks to a variety of risks that may not be in line with the banks' business strategies or risk appetites.
Newly regulated entities: Sellers and providers of prepaid access
Providers of prepaid access are now required to comply with the Bank Secrecy Act's regulations related to Money Services Business (MSB). Some of those requirements entail maintaining adequate anti-money laundering programs. The type of BSA program will depend on the risk appetite, size, customer base, and geography of the sellers and providers.
Under the new rule, prepaid access providers must retain transaction-specific records generated in the ordinary course of business for five years. The records collected must be easily accessible upon request from FinCEN or other law enforcement. Both providers and sellers of prepaid access are subject to Suspicious Activity Reporting (SAR) and Currency Transaction Reporting (CTR), but only providers are required to register with FinCEN once every two years.
Prepaid products exempted
For the first time, closed loop prepaid products are regulated if more than $2,000 can be loaded on the device on a given day. FinCEN acknowledged that although closed loop prepaid access is generally considered an unattractive, inefficient, and unlikely means of moving large sums of illicit money, law enforcement cautioned FinCEN that closed loop prepaid access in large dollar amounts can be vulnerable to criminal enterprises intending to launder funds. This partial exemption for closed loop prepaid access addresses law enforcement's money laundering concerns regarding a limited segment of closed loop prepaid access market, while still exempting the retail sale of closed loop prepaid of $2,000 or less.
Also regulated for the first time is low-value ($1,000 or less/day) open loop prepaid access, if it can be used internationally, transferred between or among other persons (P2P), or reloaded by a nonbank. The restrictions placed on the open loop prepaid access are based on the device's functionality and not on what it can be used to purchase.
Exempt from most of the new rule are prepaid access devices that FinCEN determined posed a decreased risk of money laundering, terrorist financing, and other criminal activities. Those devices include prepaid access to funds for payroll, government benefits, and incentives, so long as the funds cannot be used internationally, do not have P2P capabilities, and cannot be reloaded by a nonbank.
The rule's effective date is September 27, 2011. However, compliance for registration of MSBs does not take effect until January 29, 2012.
By Ana Cavazos-Wright, senior payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference The prepaid market: Growth and sophistication mean more risk:
September 12, 2011
Retail Payments Risk Forum publishes discussion paper on peer-to-peer payments
Peer-to-peer (P2P) payment products are some of the most innovative developments from the payments industry in the past decade. Consumers have never had so many payment choices. Alongside a host of recent entrants like PayPal and CashEdge, longstanding industry players like Fiserv, Visa, and MasterCard all offer P2P products. Additionally, three major banks have announced a collaborative P2P initiative called ClearXchange.
Despite this range of innovative offerings, however, the industry lacks a standard understanding of how the various P2P payments in the market work. Further, consumers and businesses are also confused by the many options, and a lack of familiarity may be a source of the inertia that keeps consumers relying on cash and checks for most P2P payments.
The Retail Payments Risk Forum recently published a working paper on P2P payments as a resource for regulators, consumers, and the payments industry in general. The paper offers a framework to organize a discussion of P2P payments and evaluate the associated risks. This framework should help bankers and regulators better manage the risk exposure of different P2P products currently in the market. The framework categorizes transactions by counterparties, access channel, funds load and receipt instruments, and settlement network. Any P2P payment can be mapped across this lifecycle into categories that are mutually exclusive and comprehensively exhaustive.
Consumers send P2P payments by first initiating the transaction through an access channel. Traditionally limited to face-to-face, mail, or bank branches, today you can send payments at a kiosk, online, or even with your mobile phone. The payment funds are loaded and received through an instrument like cash, a bank account, credit card, or prepaid balance. In the background, the funds clear and settle over traditional networks, including ACH, wire, and card networks.
The paper goes on to detail specific P2P payments with case studies indicating how a provider fits across the payment lifecycle. Two of the covered providers have been mentioned in this blog before: Western Union and CashEdge's PopMoney.
In a Western Union P2P transaction, both counterparties are consumers. The sender can initiate a payment at an agent location, a kiosk, or online, or by using their mobile phone in some limited markets. The sender can fund the transaction using cash or a credit, debit, or prepaid card. Senders can also use their account and routing numbers to fund transactions made online or by mobile. Western Union has been proactive in expanding the access channels and funding instruments available to remittances senders. The transaction clears by ACH in countries where the network is available, and by wire in other geographies. Finally, the recipient can receive the funds as cash, or can direct them to their bank account using account and routing numbers.
Consumers can use CashEdge's Popmoney to send a payment to another consumer or to a small business, and can access the service through online or mobile banking. The payment is funded from the sender's bank account using the account and routing number, and the recipient receives funds into their bank account the same way. CashEdge recently partnered with MoneyGram, an international money transmitter, and some recipients may be able to pick up their payment in cash at MoneyGram agents around the globe. Transactions are usually settled via ACH, although recent partnerships with EFT networks enable card network settlement as a speedier option in some cases.
The working paper concludes by discussing some of the risks of P2P payments. P2P payments may seem new and unprecedented from the industry and media buzz surrounding them, but, as described above, most P2P payments actually rely on traditional networks and banking channels. Therefore, the risks posed by P2P payments are not original, but rather map to the risks of the underlying payment type. The risk profile of each P2P product must be evaluated across the specific use case, access channel, and settlement network, a specific risk profile. A one-size-fits-all risk management plan cannot work for such a diverse market. Finally, in evaluating the risk of P2P payments, consumers, banks, and third parties should make comparisons to the status quo of cash and check transactions. Many times new products will offer benefits in terms of efficiency and innovation that may outweigh their greater risk, and in some cases the risk of new products may be lower than that of the status quo.
By Jennifer C. Windh, a payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed
September 6, 2011
Using data mining to catch suspected financial wrongdoers
The seemingly inconsequential disclosure of a phone number or ZIP code to a store clerk can ultimately end up far away from where it was first shared, especially if it is used for data mining purposes. Data mining is the use of computer-based analytic tools that sift through large collections of data searching for patterns based on statistical techniques. Often times, data records containing personal identifiers are compiled from many sources and transferred to third parties for data analysis.
The information collected and stored in large databases can be used to detect suspicious spending patterns or to uncover improper spending of federal relief funds. Often, the results of the analysis lead to the detection of overall trends or patterns that reveal unusual activity and other specific parameters. While some data mining techniques are used to help with national security, others are in place to help combat financial fraud.
The Federal Agency Data Mining Reporting Act requires federal agencies to submit reports periodically to Congress informing them of their data mining activities. For instance, two bureaus of the Department of the Treasury regularly engage in data mining activities: the Internal Revenue Service (IRS) and the Financial Crimes and Enforcement Network (FinCEN). The IRS mines financial data to predict which individual tax returns have the greatest potential for fraud and which corporations are most likely to make improper use of tax shelters. FinCEN focuses its data mining on money laundering activities and other financial crimes.
Both agencies use similar data mining technologies that include a database that reviews aggregate Bank Secrecy Act (BSA) forms and information. However, because BSA reports—such as the Suspicious Activity Report and Currency Transaction Reports—do not on their own reveal potential underlying criminal activity, FinCEN, for instance, may also query other law enforcement databases for further data on suspicious trends or patterns indicative of anomalous or illicit activities.
Data mining limitations
While data mining can reveal helpful patterns and trends, it has inherent limitations. For example, data mining cannot identify the underlying cause of the identified patterns and trends. The user must determine the significance of the data collected and must be able to draw relevant and accurate inferences.
A significant drawback to using commercial data is the possibility that the data contain errors or is of poor quality—it may be duplicative, for example, or dated. The accuracy, timeliness, and completeness of the data and analysis of the data are important. Drawing erroneous or adverse inferences about any individual can quickly become problematic. According to the Treasury's data mining report, FinCEN uses checks and balances in its data mining and analysis to ensure that the data is used only by authorized agencies and for statutorily authorized purposes.
Interpreting the data
Large aggregated collections of information are valuable intelligence resources. It is important to understand how and why access to such information is valuable. Sophisticated information retrieval techniques such as data mining allow users to search extremely large collections of data for trends and patterns and to zero in on particular transactions of interest. The information collected can also help law enforcement agencies identify emerging financial criminal trends. However, it is prudent to keep in mind that the initial data gathered many times only serves as lead information, and it may not be that until further analytical and investigative steps are taken that the information can ultimately work to help catch financial wrongdoers.
By Ana Cavazos-Wright, senior payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed
- Looking for Partners in Safer Payments
- The Range of Un-Friendly Fraud
- Payments Webinar October 10: Cash in the 21st Century
- "Insuring" Ransomware Will Continue to Flourish
- Designing Disclosures to Be Read
- Is There a Generation Gap in Cash Use?
- What the Most Convenient Food Tells Us about Payments
- Is Friction in Payments Always Bad?
- Why Should You Care about PSD2?
- At the Intersection of FinTech and Financial Inclusion
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- account takeovers
- ATM fraud
- bank supervision
- banking regulations
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- credit cards
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- financial technology
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- online retail
- Payment Services Directive
- payments fraud
- payments innovation
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- skills gap
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workforce development
- workplace fraud