Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
June 25, 2012
An interview with a risk expert: The costs of complying with Dodd-Frank 1073
This week's post features an interview with Devon Marsh, senior vice president and treasury management risk manager at Wells Fargo Bank, N.A. We asked Devon for his thoughts on recent amendments to Regulation E as a result of Section 1073 of the Dodd-Frank Act.
P&R: Devon, what is the interest of Dodd-Frank 1073 to a risk manager?
Devon Marsh: I'm interested for a couple of reasons. First, it imposes a compliance obligation—and a steep one. The second reason I'm interested, and the reason that concerns me more than our ability to comply, is that this rule poses risk to consumers and financial institutions.
P&R: How can a rule aimed at consumer protection pose a risk to consumers?
Marsh: There is a risk that familiar services may become harder to find if some remittance providers such as banks can no longer afford the new compliance costs imposed by 1073. Remittance services are vital to some consumers, and they are at risk of having fewer providers from which to choose.
P&R: The new rule is designed to improve consumer protections in remittance transfers. What are some of the specific challenges that remittance providers will face?
Marsh: The new rule requires very detailed disclosures with a lot more information, so that consumers on both sides of the remittance transaction can better understand how fees reduce the payment transfer. The problem that arises is that remittance providers may not know the exact amount of all the fees. For example, they may not know the tax rates on a given day in a small municipality in another country. In certain countries, tax rates change depending on the day or the total volume of remittances over a period of time. You can't disclose what you can't possibly know.
The new error resolution process defined by the rule is another example where providers will be challenged to comply. In the new rule, remittance providers are responsible not only for their own mistakes, but for errors committed by consumers. If a consumer happens to enter the wrong beneficiary account number, for example, the remittance provider must cover any loss associated with the transaction, even though the consumer error was out of its control.
Because remittance providers are now responsible for consumer error, the rule may create the risk of intentional fraud, whereby a criminal could send a remittance to an accomplice who collects the money. Then the person sending the funds could claim that the funds never reached the intended beneficiary, saying they provided the wrong account number. In such a situation, it would be exceedingly difficult for a remittance provider to prove that an error did not take place, and even more difficult to recover funds.
If fraud losses increase for remittances, the price of remittances will increase. The risk of fraud loss, added to the cost of compliance on the front end, may prove too great for some providers to bear, so they may exit the business. Consequently, consumers could have fewer options for sending remittances, and higher costs for the service due to fraud losses.
P&R: What can remittance providers do to address the challenges in this rule?
Marsh: Given the tight time frame, it looks like remittance providers can't do much to change the rule. Hopefully, more dialogue with regulators and policymakers can influence understanding and lead to new industry perspectives on how remittance providers will deal with compliance challenges imposed by 1073. If not, the consumer may have fewer choices and higher prices than they have today.
TrackBack URL for this entry:
Listed below are links to blogs that reference An interview with a risk expert: The costs of complying with Dodd-Frank 1073:
June 18, 2012
MintChip: Sounds like ice cream, but it's actually money
A common topic of conversation in payments for many years has been the notion of a cashless society. Although it is hard to imagine a truly cashless society, it is easy to envision what Ron Shevlin, an analyst with the Aite Group, recently referred to as a "less-cash society." Established alternatives to cash, such as credit, debit, and prepaid cards, have been steadily replacing cash payments for years. However, there still remain individuals who prefer cash to other payment means for a variety of reasons, including the anonymity cash provides.
As an alternative to cash payments, new digital currencies have been conceived. While these digital currencies allow for anonymity like cash, they have traditionally not been backed by an asset or a central back. At least up until now. In April, the Royal Canadian Mint (The Mint) announced the development of MintChip, a digital currency backed by the Canadian dollar. The Mint is currently accepting MintChip payment applications from software developers.
Prior to the MintChip announcement, The Mint made headlines as the Canadian government announced in March the elimination of the penny. The Mint produced its last penny on May 4 with the goal of removing the penny from circulation by the fall of this year. So within several months, the Canadian Mint quits producing the penny while developing a new digital currency.
I believe that The Mint is sensing a true opportunity with MintChip in light of a threat to its traditional business as the world moves to a less-cash society. Faced with the threat of a loss of production in coins, the Mint is attempting to capitalize on the demand for a digital currency to make micropayments for goods and services in both the online and physical world. And while MintChip might not provide as much anonymity as other digital currencies, such as BitCoin and Liberty Reserve (which we looked at in an October 2011 post), its backing by the Canadian dollar might make it a more viable alternative to cash and coins.
It will be interesting to watch the developments of MintChip over the next several months as The Mint will select the best applications submitted by outside developers. Should MintChip gain traction in Canada, it is feasible that The Mint will port this concept to other countries where it currently manages the production of coins. (Over time, Canada has made coins for almost two dozen countries, including the Bahamas, Bermuda, Cayman Islands, Iran, and Venezuela.)
The global opportunity in the digital currency space is enormous: there were six billion mobile subscriptions across the globe at the end of 2011, according to the International Telecommunication Union. If MintChip proves to be successful, would the United States Mint attempt to follow suit? And what, if any, would be the regulatory challenges and implications of a digital currency produced by the United States Mint and backed by the U.S. dollar?
By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference MintChip: Sounds like ice cream, but it's actually money:
June 11, 2012
A human firewall? Tips to keep information secure
As we've discussed on Portals and Rails in the past, PIN cardholder verification offered by ATM and debit cards has proven superior in preventing fraudulent transactions compared to signature cardholder verification. And while a PIN is a solid fraud deterrent, it is by no means 100 percent effective in reducing fraud. As we are in the midst of ATM and Debit Card Safety Awareness Month, it is important for consumers to understand their responsibility in the fight against cardholder fraud.
Financial institutions and the ATM and debit card networks have robust fraud detection and prevention systems and measures in place. However, cardholders need to view themselves as "human firewalls" of sensitive data, including ATM and debit card information and PINs. While fraudsters have become highly sophisticated at obtaining this data, weak PIN selection and security by cardholders makes it easier for fraudsters to commit their crimes.
In today's prolific social media world, weak PINs do not just include simple numbers such as "1111" and "1234." With more information than ever about us online, a birth date, address number, or even an anniversary date could prove to be an easily guessed PIN. According to a study by a Cambridge University Computer Laboratory team, one out of every 11 wallets could contain cards with easily discovered PINs. And ATM and debit card fraud can be more costly to cardholders than credit card fraud. Fraudulent ATM and debit card transactions verified by a PIN generally carry a higher consumer liability limit than do credit card or signature debit transactions. This is especially true if a consumer fails to report a card or PIN as lost or stolen or identify a fraudulent transaction in a timely manner.
In the spirit of ATM and debit card safety awareness, we encourage all cardholders to strengthen any weak PINs as well as follow these and other suggested tips from the PULSE ATM/debit network:
- Monitor your financial account statements.
Many experts recommend reviewing accounts online daily so that any suspicious activity is spotted quickly. Switch from postal delivery of statements to online access or ensure that mailed statements are sent to locked boxes and not left available to fraudsters.
- Protect your wallet, purse and PIN.
Carry only what you need and avoid carrying items with private information such as your Social Security number. Don't share your PIN with anyone. That means don't write it down and don't give it to a clerk or anyone else to enter for you.
- Be extra alert at ATMs.
Don't use an ATM if it is in an unlit or hidden area. Block the keypad while entering your PIN so you can't be observed. If an ATM looks phony or has a suspicious card reader that is loose or not part of the main body of the machine, do not use it.
- Protect your online shopping.
Update computer anti-virus software, anti-spyware, and firewalls. New attacks come frequently, and your software provider will frequently send updates to stop them. Use only secure sites and network connections when shopping online.
- Protect personal information online.
Limit social media access to friends only and don't "friend" people you don't know. Fraudsters use personal information such as birth dates, family and pet names, high schools, and birth cities to "verify" your identity.
By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference A human firewall? Tips to keep information secure:
June 4, 2012
The new consumer protection agency looks at prepaid cards
The prepaid card industry has grown faster than many expected it to in recent years. The industry has a wide range of customers today, including not only the underbanked market but also many other market segments. In fact, in a public hearing on May 23, 2012, Consumer Financial Protection Bureau (CFPB) Director Richard Cordray noted that while many consumers "actually have a bank account, they often use nonbank products to meet their financial needs," including the relatively new prepaid card. As this product has grown in acceptance, consumer advocacy groups have voiced concerns about the potential lack of consumer protections and the need for regulatory clarity for prepaid product providers. In response to these concerns, the CFPB announced its plan to launch a rulemaking initiative to promote safety and transparency in the prepaid market.
Why legal protections differ
While payment law critics cite the fragmented legal landscape for retail payment methods, the differences lie in the underlying mechanics. In the simplest of terms, retail payments can be segmented into three basic genres: "paying now" through a deduction in your account balance at a financial institution through either a check or debit card; "paying later" by using a credit card, which involves a loan from the payment service provider to cover the cost of the purchase in the transaction; and "paying before," by prefunding an account by the consumer for use at a later time.
These inherent funding differences lend themselves to different laws, regulations, and rule sets, since the timing and liability for maintaining the safety of the funds in each case differs. Consumer lending protection laws, for example, have relevance only for credit payment products. The emergence of new prepaid products and nonbanks participating in new business models, along with the sometimes questionable pricing schemes and fees, points to the need for industry dialogue on what new regulatory governance is needed in prepaid services today.
Growth in prepaid
The Federal Reserve’s last triennial payment study revealed that prepaid cards, particularly the general-purpose reloadable (GPR) variety, were the fastest growing retail payment in recent years, even though they represent a relatively small piece of the overall pie of preferred retail payment types. GPR cards allow the consumer—or another party, like an employer—to add funds to the card. This reloadable feature makes the product functional and convenient, and allows consumers who traditionally relied on cash to participate in the electronic economy.
Increased e-commerce is in turn leading to the use of prepaid in the mobile environment. Payment providers have been experimenting in recent years with bridge technologies such as prepaid card stickers using contactless technology. The sticker is put on the mobile handset, and is intended to influence consumer payment behavior by offering consumers the opportunity to tap their mobile phones at the merchant’s point of sale. As a result, the advanced notice of rulemaking notes that a prepaid "card" may also take the form of other access devices, such as key fobs, or even a cell phone application that accesses a prepaid financial account.
What the CFPB is offering consumers
When it comes to prepaid cards, the public hearing made it clear that the CFPB wants to make sure, first and foremost, that consumers’ funds are safe, especially because not all prepaid accounts are structured so that they are protected by deposit insurance. The agency also wants to make sure that consumers have access to clearly written disclosures on card terms and fees before they even open a prepaid account. In the hearing, the CFPB also discussed a proposal to extend Regulation E protections to include GPR cards specifically. Furthermore, the CFPB also launched "Ask CFPB: Prepaid Cards" on its website to provide consumers with information about prepaid cards in a question-and-answer format.
By Cynthia Merritt, assistant director of the Retail Payments Risk Forum
- The Range of Un-Friendly Fraud
- Payments Webinar October 10: Cash in the 21st Century
- "Insuring" Ransomware Will Continue to Flourish
- Designing Disclosures to Be Read
- Is There a Generation Gap in Cash Use?
- What the Most Convenient Food Tells Us about Payments
- Is Friction in Payments Always Bad?
- Why Should You Care about PSD2?
- At the Intersection of FinTech and Financial Inclusion
- A Call to Action on Friendly Card Fraud and Loss?
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- account takeovers
- ATM fraud
- bank supervision
- banking regulations
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- credit cards
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- financial technology
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- online retail
- Payment Services Directive
- payments fraud
- payments innovation
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- skills gap
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workforce development
- workplace fraud