Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
December 23, 2013
Here We Go: Number 10!
As the year draws to a close, the Portals and Rails team would like to share its own Top 10 list of major payment-related events that took place in the United States this year.
- The Consumer Financial Protection Bureau finalized Dodd-Frank 1073 money transfer rules.
- The payments industry experienced increased regulatory scrutiny of third-party processors and high-risk business customers.
- Major global ATM cash-out fraud attacks—including many U.S. ATMs—totaled $45 million.
- FTC issued a proposal to ban telemarketers from using remotely created checks and payment orders.
- Debit networks sought a compromise on an EMV interface—while there is little movement on the issuance of EMV cards.
- The newly designed $100 bill with additional security features was released.
- Several major data breaches occurred, and identity theft occurrences skyrocketed.
- Cyber Monday online sales were up 17 percent, with phones and tablets representing almost a third of the total.
- Virtual currencies received increased public, legislative, and regulatory awareness after the U.S. Department of Justice took action to close down virtual currency operators Liberty Reserve and Silk Road.
- U.S. District Court Judge Richard Leon threw out Regulation II debit card interchange fees and routing rules.
And as we head into 2014, here are a few payments-related topics we will be following closely:
- As regulators continue to monitor developments in the virtual currency market, will the usage of virtual currency as a legitimate medium of exchange expand among the merchant community?
- Will 2014 finally be the “Year of the Mobile Payment” as stakeholders have yearned for over the last several years? What progress will be made in addressing the awareness, security, and education aspects of mobile payments?
- With online and mobile commerce showing no signs of slowing down, what authentication solutions will be most widely adopted to prevent a rising tide of card-not-present fraud?
- How will merchants and card issuers deal with EMV implementation?
- What effects will the regulatory attention on third parties and high-risk businesses have on the due diligence practices of financial institutions?
Wishing you all happy holidays and a fraud-free 2014!
By David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Here We Go: Number 10!:
December 16, 2013
Is It the Right Time for Lower ACH Return Rate Thresholds?
Monitoring return rates for automated clearing house (ACH) transactions is an important element of a bank’s risk mitigation program for its business and third-party clients. Recently, NACHA issued a request for comment (RFC) that addresses proposed changes to return rate thresholds included in the NACHA Operating Rules.
The NACHA Operating Rules currently identify a return rate threshold for unauthorized debit entries of 1 percent. The threshold is intended to reduce unauthorized entries transmitted over the ACH network. The NACHA Operating Rules hold an originating depository financial institution (ODFI) that has an originator or third-party sender with an unauthorized return rate over 1 percent subject to ODFI reporting and possible fines if the rate of returns is not reduced in a timely fashion.
According to the RFC, the unauthorized debit return rate declined due to several risk management efforts—including the 1 percent threshold, established in 2008—from 0.06 percent in 2005 to 0.03 percent in 2012. These reduced numbers demonstrate that the monitoring of return rates by banks and other network participants helps to identify issues and leads to fewer problematic transactions.
This RFC proposes three changes to how the NACHA Operating Rules currently address return rate thresholds.
- A reduction in the return rate threshold for unauthorized debit entries from 1 percent to 0.5 percent.
- Establishment of a return rate threshold for data quality debit entries (such as invalid account number) of 3 percent.
- Implementation of an overall debit return rate threshold of 15 percent.
NACHA had issued an RFC in spring 2011 that proposed changes similar to the first two listed items, but ACH participants did not provide sufficient support then and the changes were not implemented. It seems that the time may now be right. The RFC indicates that the environment for this proposal appears to have changed, with ACH participants expressing interest in looking at new thresholds. And the proposal for an overall debit return threshold stresses the need for banks to focus on their overall return rates in addition to specific return reasons.
Regardless of which thresholds are included in the NACHA Operating Rules, banks should monitor for any increase in returns. They should also understand the underlying cause and remedies that their business or processor customers are implementing. A bank focus on return issues is one element of a robust risk management program that helps to ensure the bank’s origination of high-quality payment transactions.
With this proposal on return rate thresholds, is your institution rethinking its internal policies for return rate monitoring?
By Deborah Shaw, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Is It the Right Time for Lower ACH Return Rate Thresholds?:
December 9, 2013
What Do Crayons and Virtual Currencies Have in Common?
Coloring with my young boys the other day, I was a bit amazed by the variety in colors. The days of a single blue crayon from my childhood has now expanded to at least 10 different shades of blue with names such as "Pacific blue" and "cerulean." I quickly learned that my regulation of the usage of crayons by the boys also varied by color. For example, the lone black crayon required ample regulation (and was quite challenging to enforce) to prevent an all-out toddler brawl. Because the blue crayons had such variety, they clearly required less and were much easier to enforce.
Just as crayons come in a variety of colors and shades, virtual currencies have a variety of different attributes, including:
- Open or closed: Closed virtual currencies can be used only within a specific community. Open virtual currencies can be used anywhere the currency is accepted.
- Unidirectional or bidirectional: Unidirectional flow allows the currency to be obtained at a specific exchange rate using fiat currency. This currency cannot be exchanged back to the fiat currency. Bidirectional currencies are bought and sold according to exchange rates.
- Centralized or decentralized: A centralized currency has a central authority that issues the currency and operates the system. A decentralized currency does not have a single entity acting as a central issuer or clearing house.
- Asset backed or demand backed: An asset-backed currency is tied to an asset or assets held in reserve while a demand-backed currency has no tangible value other than the value established by its market.
- Machine-based or human-based: Monetary policy of machine-based currencies, or crypto-currencies, is managed by computers. A central authority establishes monetary policy with human-based currencies.
The regulation of my children's crayon usage differed depending on the particular crayon being used. In that case, it was a matter of scarcity, so the analogy isn't perfect—but it will also be imperative for the regulation of virtual currencies and their enforcement to differ according to the characteristics of the various currencies. Undoubtedly, a decentralized, demand-backed currency not only poses different risks than a centralized asset-backed currency does but it may also include a unique set of participants not part of other virtual currency schemes.
Most of the regulatory discussion currently taking place is focused squarely on a particular virtual currency. And while this particular currency has an enormous market share of the virtual currency market, there are at least 50 other virtual currencies in the marketplace. If I had regulated the blue crayons in a similar way as the black crayon, my children would likely have left their coloring books and moved on to the train table.
I fear that should regulations be developed based on a single virtual currency and then applied to the market at large, the regulations could drive away the innovators in the virtual currency space that may hold long-term promise if they promote a faster, more secure, and more efficient payment system.
By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference What Do Crayons and Virtual Currencies Have in Common?:
December 2, 2013
Keeping Out the Fraudsters: Who Plays the Role of Gatekeeper?
An excessive number of consumer complaints or returns and chargebacks—these are among several red flags that could indicate that a third-party payment processor is engaged in fraud. And who better to take notice of these red flags than financial institutions? That's the thinking of many regulators, including the Financial Crimes Enforcement Network (FinCEN) when it released its October 2012 advisory on risk associated with third-party payment processors. In that advisory, FinCEN stressed the importance of financial institutions performing due diligence and monitoring their third-party payment processors.
The role of financial institution as gatekeeper was a major topic at the Atlanta Fed's October 30 Executive Fraud Forum, where a panel of industry leaders discussed the evolving role of third -party payment processors in the retail payments space. Representatives from the U.S. Department of Justice's Consumer Protection Branch and U.S. Secret Service, while they recognized the benefits of payment processors, highlighted case studies demonstrating the need for institutions to adjust their due diligence and monitoring to recognize attendant risks. They also stressed the importance of collaboration between institutions and law enforcement agencies in protecting consumers and keeping fraudsters away from payment processing.
Judy Long, who is the executive vice president and chief operating officer at First Citizens National Bank, also noted the gatekeeping role that institutions have with regard to the payments networks. Because banks are highly regulated entities whose primary objective is safety and soundness, she noted, they are in the best position to be the underwriters of payment processors.
As part of her discussion, Long mentioned some important practices for financial institutions in managing payment processor relationships.
- Because the board of directors plays a critical role in determining the institution's risk tolerance by approving its policies and procedures, it must make itself knowledgeable about the risk factors involved with third-party payment processors.
- The institution should have as an integral part of its policies underwriting guidelines that set limits for customers.
- The institution must monitor customers by examining return rates and consumer complaints, providing ongoing customer calling programs, and not just knowing its customer but also its customers' customers.
- Agreements should clearly explain the terms and conditions for how the institution will conduct business with a customer. These agreements protect both the institution and its customers.
For more details on this topic, watch this interview with Judy Long. You can also view the presentations from the Executive Fraud Forum on the event webpage.
By Deborah Shaw, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Keeping Out the Fraudsters: Who Plays the Role of Gatekeeper?:
- The Range of Un-Friendly Fraud
- Payments Webinar October 10: Cash in the 21st Century
- "Insuring" Ransomware Will Continue to Flourish
- Designing Disclosures to Be Read
- Is There a Generation Gap in Cash Use?
- What the Most Convenient Food Tells Us about Payments
- Is Friction in Payments Always Bad?
- Why Should You Care about PSD2?
- At the Intersection of FinTech and Financial Inclusion
- A Call to Action on Friendly Card Fraud and Loss?
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- account takeovers
- ATM fraud
- bank supervision
- banking regulations
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- credit cards
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- financial technology
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- online retail
- Payment Services Directive
- payments fraud
- payments innovation
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- skills gap
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workforce development
- workplace fraud