Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
October 19, 2015
The governments in countries such as Sweden and Nigeria may have taken initial steps to move to a "cashless" nation, but here in the United States, there is no question that cash is still king. It remains the most-used retail payment instrument, especially for low-value payments. This finding from the Fed's Cash Product Office (CPO) was welcome news to a group of independent (nonfinancial institution) ATM operators that I had the pleasure of addressing last month at their annual conference. The primary business of these entrepreneurs is getting cash into the hands of consumers through their terminals located in a variety of malls and merchandise, food, and beverage stores. Of the estimated 400,000–425, 000 ATMs and cash dispensers operating in the United States, approximately 60 percent are owned by these nonfinancial institutions.
One of the CPO's main missions is maintaining a supply of currency and coin to meet demand in both normal times and special situations such as natural disasters, when other forms of payment might be unavailable. As a critical part of accomplishing that mission, the CPO constantly evaluates research to determine how cash use is changing in this country. One of the main sources of research is the Fed's Diary of Consumer Payment Choice (DCPC). Data collection was last fielded in 2012, but is being conducted again now. To collect the data, the DCPC asks a representative national sample of about 2,500 individuals to record all their financial transactions over a rolling three-day period. In addition to recording the transaction and demographic information, respondents were also asked to indicate their top preferred payment method and their second preferred method of payment in instances when their top choice is not available.
Some of the major findings of that study include:
- Debit and credit cards represent the stated primary payment choice, at 64 percent, but 30 percent of the consumers stated their primary payment preference was cash.
- Cash serves as the backup payment method for all segments, reflecting its importance in our overall payment infrastructure.
- Interestingly, although 3 percent of the consumers said their preferred payment method was checks, they actually used cash twice as often as writing checks.
- Reflecting the tendency for people to use cash for small-value payments, cash payments represented 40 percent of the number of payments made by the survey participants but only 14 percent of the total value of the payments.
- Cash clearly dominates the small-value segment under $10.
- Cash was the payment method used in two-thirds of person-to-person (P2P) payments.
- The use of cash in P2P transactions is different from other cash transactions; P2P transactions are two-thirds higher in value ($35 versus $21) than other types of expenditures.
- While 51 percent of the adults in the 18–34-year-old age group indicated that debit cards are their most preferred payment method, cash followed closely at 40 percent for the 18–24 year olds and 31 percent for the 25–34 age groups. Will the 2015 results show a departure from this finding?
It is clear that the United States is a long way from becoming a cashless society despite the predictions of many over the last twenty years. The 2015 results will provide important information as to how cash continues to be used by the general population and the emerging millennials segment in particular.
So is there cash in your wallet? I bet there is and will be for quite some time.
By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
October 5, 2015
Don't Let the Absence of a Fat Dog Scare You
Halloween, not at all my favorite holiday, looms. On this "hollow day" we commonly celebrate the ghastly—ghouls, ghosts, goblins and gloom—and with ever-increasing fanfare (when did lights get to be important for Halloween?). It's not clear to me what upside there is to focusing on that which encourages us to be frightened, worried, or just plain grossed out. This is especially true for those who work with or are responsible for retail payment systems. From cyberattacks and data breaches to basic fraud and theft, there is plenty to haunt and drive us to an early grave.
Today, I offer no solution to the threats; they seem to be ever with us. When bad things happen, and they almost surely will, one of our most important choices relates to reporting. To get to where I'm going I'll share a text series my son sent recently to report an incident at the house. His messages were as follows:
The trouble with security incidents is they don't come with a fat dog to vacuum up the mess. One of the trickier messes is in the reporting. What should be reported, to whom should it be reported, and when?
My first instinct is to say that when something goes awry, err to the side of reporting—early and often. I have said so in a previous post. Alas, it's not that easy; there is no fat dog to clean up the mess. Realizing that, I feel compelled to correct my earlier thinking or to at least offer a more nuanced view.
One can agree or not, like it or not, but the truth is notification obligations are not triggered by every security incident. What has to be reported and when varies by state as well as circumstance. That's grist for another blog. For this one, just note that one often has choices. What if bad consequences such as reduced sales or damaged reputations could have been avoided by not talking out of turn? It's not wrong to ponder that.
There are other arguments to be made against early reporting. For instance, early understanding may (likely will) need to be amended. The amendment could be dramatic if additional forensics make clear that initial conclusions or thoughts were incomplete or simply incorrect.
The other side is that erring in favor of the "early and often" principle or sacrificing self in the interest of others is "the right thing to do." I recently heard a person say their company chose to be public and transparent about a breach of theirs, in spite of incomplete information. The speaker said it was the right thing for them, in that instance. He also said it couldn't be a rule. His rule was that the CEO needs to be comfortable with what is decided because somebody is harmed no matter what the decision.
The resolution is an incident response plan. Be committed to developing a well-conceived one. Don't think your firm is too small for one. Knowing options like whether or not notice is required (and when) could prove priceless as could considering all the communication decisions in the absence of heat that accompanies a real incident. If incident response plans are already in place, test key decision makers with realistic exercises that include wide-ranging communication scenarios and find out what doesn't work for the company. Fix what is discovered before the storm hits.
Alternatively, I have a fat dog that doubles as a vacuum. Price is negotiable but any sale is final.
By Julius Weyman, vice president, Retail Payments Risk Forum at the Atlanta Fed
- Making the Choice to Use Cash
- We Are Thankful For...
- Will Payments Be Getting REAL?
- Financial Solutions for the Younger Generation
- Encouraging Password Hygiene
- Should We Throw in the Towel When It Comes to Data Breach Prevention?
- Looking for Partners in Safer Payments
- The Range of Un-Friendly Fraud
- Payments Webinar October 10: Cash in the 21st Century
- "Insuring" Ransomware Will Continue to Flourish
- December 2019
- November 2019
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- account takeovers
- ATM fraud
- bank supervision
- banking regulations
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- credit cards
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- financial technology
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- online retail
- Payment Services Directive
- payments fraud
- payments innovation
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- skills gap
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workforce development
- workplace fraud