Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Take On Payments

« November 2015 | Main | January 2016 »

December 21, 2015

Help Determine the Payment and Fraud Data You See Reported

Information is powerful and can help drive strategy and operational success. Help shape the information you have access to by improving on the survey instruments used in reporting 2015 payments and fraud data.

As has occurred every three years since 2001, the Federal Reserve System is again undertaking a triennial payments survey for noncash payments originated to or received from accounts based in the United States. At the core of this research, we will again be collecting data on the number and value of payments and associated fraud across a broad array of payment channels and applications. Summarized survey results will be shared broadly with survey respondents, the industry, and the public at the end of 2016. Detailed aggregated results are anticipated to be available sometime in the second quarter of 2017. As always, due to the confidential nature of the information being supplied, individual respondents’ data is used only to produce aggregate estimates.

In two previous blogs (here and here), I have documented the need for expanded fraud information for card payments. Stepping back from the specifics of card fraud, I would like to encourage readers to send comments on our prospective survey instruments that were recently posted in the Federal Register. A summary of our survey instruments compared to survey instruments used in the 2013 payments study is available here.

The upcoming study consists of three research efforts:

  • Depository and Financial Institutions Payments Survey (DFIPS)
    The prospective DFIPS survey (Federal Register Notice FR 3066a) is a national survey of institutions that offer transaction deposit accounts, prepaid card program accounts, and credit card accounts to consumers as well as business and government customers. Using a nationally representative stratified random sample of depository institutions, the survey gathers data about noncash payments, cash withdrawals, and deposits that post to customer accounts as well as third-party payment fraud that took place during 2015.

    The DFIPS includes questions on the following topics:
    • Check payments, deposits, and returns
    • ACH payments and returns
    • Wire transfers originated and received
    • General-purpose debit and prepaid cards
    • General-purpose credit cards
    • Cash withdrawals, deposits, and terminals
    • Alternative payment initiation methods
    • Unauthorized third-party payment fraud

  • Networks, Processors, and Issuers Payments Surveys (NPIPS)
    The prospective NPIPS survey set (Federal Register Notice FR 3066b) targets organizations that facilitate payments. The survey set actually contains 19 different surveys, each one tailored to a particular payment channel or respondent type. Respondents answer only the surveys that apply to their organizations.

    The NPIPS includes payment and fraud questions across the following classifications:
    • General-purpose/private-label credit cards
    • Debit cards
    • General-purpose/private-label prepaid cards
    • ATM cards
    • Various payment form factors such as chip, no chip, and mobile
    • Payment applications such as electronic benefit transfers, person-to-person payments, bill pay, transit payments, and more

  • Check Sample Survey (CSS)
    The CSS survey (Federal Register Notice FR 3066c) estimates the distribution of checks by categories such as payers, payees, and purposes. Survey data are based on a representative, random sample of checks written and processed by large commercial banks and, for the first time, may include additional checks processed by the Federal Reserve.

Please review these survey documents and provide your comments as to how they could be improved. You can make submittals through the Federal Register by clicking here. Comments are due by January 25, 2016.

By Steven Cordray, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

December 21, 2015 in payments study | Permalink


Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

December 14, 2015

Down and Out in Myanmar

Here in the United States, we have gotten used to cash being the default payment method when other payment methods are not accepted or fail for one reason or another. But a few years ago, I had the pleasure of traveling to a country where cash was pretty much the only acceptable payment method. My experience there really made me appreciate the existence of mobile money transfer (MMT) services like M-Pesa. These MMTs are rapidly spreading across the developing world. Unfortunately for me, however, I had no access to an MMT in the country I visited.

In 2010, my wife was sent on a three-year assignment to her employer's Asian offices in Singapore. During one of my periodic visits, my wife and I vacationed in Myanmar, also known as Burma. Myanmar has a predominately cash-based economy.

Let me provide a little geography and history. Myanmar is bounded by Bangladesh, India, China, Laos, and Thailand. Before independence in 1948, it was ruled by the British, except during World War II, when the country was occupied by Japanese troops. At the end of the war, the country reverted to British rule. In 1962, a military coup led to nearly 50 years of military rule. In the year we visited, fewer than 600 tourists arrived at the international airport in Yangon, the busiest airport in the country.

Before our visit to Myanmar, we wired funds to a tour operator's account in Thailand to pay for the services of a driver, a guide, and some of our lodging. We estimated that we would need about $3,000 for the rest of our travel expenses during our three-week visit. At the time of our visit, Myanmar was under stringent trade sanctions due to the repressive military regime, so no international payment networks operated in the country. Consequently, the coin-of-realm for international tourists was U.S. hundred-dollar bills that could be exchanged for kyats, the local currency.

What we didn't understand is that the money exchangers required U.S. bills of the 1996 series or later with no folds, tears, markings, or stains of any sort. Yikes, we are essentially talking about uncirculated, brand-new bills. Since no international ATMs operated in the country, our first visit was to a local bank. The teller agreed to exchange only $500 after scrutinizing in microscopic detail (like a paleontologist examining a fossil) for 15 minutes our thirty $100 bills. This would cover less than our first week of expenses. We had thousands of dollars burning a hole in our pocket and no place to spend it. We were hard up.

We were getting anxious after several failed attempts at other bank branches, so our guide suggested using an unofficial currency marketer to see if we could exchange more bills. We walked a serpentine route to an untouristed, possibly unsafe area of town. Our guide took us to a money exchanger who grudgingly exchanged an additional $500. Even with further economizing, we estimated we were still short in funds for the last week of our trip. Success arrived when we met fellow travelers with excess funds they were willing to exchange.

I have wondered to this day why the reluctance to accept less-than-pristine bills. Obviously, one concern is the possible counterfeiting of $100 U.S. notes by the government of North Korea, according to some press accounts.

But whatever the reason, it left us spending $1,000 less than we anticipated. If we had had access to an MMT, we presumably would have been able to more freely purchase goods and service without wondering whether our cash would be accepted—though it should be noted that we may still have had problems with the initial cash load at an MMT money transfer agent.

Stepping back, the lessons we learned include the various risks associated with a cash economy, such as counterfeiting and, on a personal level, the disappointment of a diminished vacation due to the time and anguish spent in exchanging money. As I said in the beginning, I can appreciate firsthand the real advantages of moving away from cash to a low-cost, widely accepted mobile money transfer service. In Kenya, for example, M-Pesa reported in 2015 a 22.8 percent growth in revenue and 13.86 million active customers out of a population of 45 million. Meanwhile, next time I go to Myanmar, I'll know what to bring.

By Steven Cordray, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

December 14, 2015 in mobile money transfer, P2P | Permalink


Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

December 7, 2015

Inquiring Minds Want to Know More about Card Fraud

As I described in an earlier post, while doing research on expanding card fraud data collection in the Fed's upcoming 2016 triennial payments study, I came across a gap in publicly available detailed fraud data for the United States compared to what is available in other countries. Fortunately, prospective survey instruments accompanying the Federal Reserve Payments Study posted in the Federal Register for the upcoming study promise to remedy the problem. In particular, the Networks, Processors and Issuers Payments Surveys lists the following fraud classifications; I've included capsule descriptions for each.

  • Lost card: Fraudulent payments result from the use of a lost card.
  • Stolen card: Fraudulent payments result from the use of a stolen card.
  • Card issued but not received: Fraudulent payments result from use of an intercepted new or replacement card in transit to a card holder.
  • Fraudulent application: Fraudulent payments result from a new card that is issued based on a falsified or stolen identity.
  • Counterfeit card: Fraud is perpetrated at the point of sale by someone using an altered or cloned card based on card account details fraudulently obtained.
  • Fraudulent use of account number: Fraud is perpetrated remotely (that is, via phone, mail, or Internet) using card account details fraudulently obtained.
  • Other (including account takeover): All other fraud not covered above. In particular, "other" covers a form of identity theft whereby an unauthorized party gains access to and use of an existing card account.

The last triennial payments study (2013) used a bifurcated classification, distinguishing only card-present and card-not-present fraud across various card payment types. If in its place we used a more detailed classification system, it could offer a richer understanding about whether fraud was perpetrated by gaining possession of an existing card, through a data breach, or through identity theft.

But even this level of specificity may not be enough. If we were to use only the detailed classifications I provide above to map card-present and card-not-present fraud data, we still might assume that card-present fraud encompasses all fraud except for fraudulent use of account number. So by extension, what is excluded must represent card-not-present fraud, right?

But we should not be so hasty in making such assumptions.

The rub is that how each fraudulent payment is classified can depend on the case management system the issuing bank uses. For example, suppose that the skimming of a card results in the rightful card holder reporting 10 fraudulent payments. Two payments are made at the point of sale and the other eight payments are made online. Using the definitions above, some case management systems would treat all of the payments as counterfeit card while other systems may flag two as counterfeit card and the others as fraudulent use of account number. Flagging all 10 of the payments as counterfeit card would lead to overstating the number of overall card-present fraud payments at the expense of understating card-not-present fraud. Without additional detail on where the payments were initiated, we would be uncertain about the shares of card-present and card-not-present fraud.

So given the tradeoffs and trying to anticipate fraud reporting needs in the future, would it not be better to retain and possibly improve existing measurements of fraud while offering other complementary measurements to fill in the gaps? Making this more concrete, I proffer that we should be interested in the distribution of how the card or card information was obtained using the categories above as well as how the fraud was perpetrated by card entry mode and card verification methods. Being specific on the latter, we could report on fraud based on chip versus nonchip cards, point-of-sale payment versus remote payment, signature versus PIN authentication methods, and so forth. In fact, a closer review of the updated survey instruments for 2016 reveals that both survey approaches are in fact what is used.

What suggestions do you have for classifying card fraud data? All comers are encouraged to respond to the Federal Register Notice.

By Steven Cordray, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

December 7, 2015 in cards | Permalink


Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

Google Search

Recent Posts



Powered by TypePad