Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
January 25, 2016
Waiting for the Other EMV Shoe to Drop
The EMV, or chip card, liability shift for point-of-service (POS) transactions began on October 1, 2015. The sun continued to rise and set each day thereafter, despite the predictions of a few that EMV conversions would bring retailer POS checkout processes to a grinding halt and create major consumer dissatisfaction. Sure, there have been some issues around longer card transaction processing time and, some retailers chose to defer their EMV implementation until after the holiday buying season. But, all in all, the terminal and card conversions have moved steadily forward.
In the United States, there are an estimated 410,000 to 425.000 ATMs operating with 55–60 percent of them owned by independent (non-financial-institution) deployers. The impact of the next EMV liability shift on October 1, 2016, might be more significant, especially for these independent ATM operators. On that date, an ATM that accepts any MasterCard-branded card must be EMV operational or the ATM owner will face liability for any fraudulent transaction performed with a counterfeit MasterCard. Under current network rules, the card issuer currently assumes 100 percent of fraud losses from ATM withdrawals made with a counterfeit card. While Visa's timetable for ATMs to be EMV operational is not until a year later, since virtually all ATMs in the United States accept both Visa- and MasterCard-branded cards, the earlier timeline for MasterCard essentially forces all ATM deployers to be ready. While the liability shift is not a mandate, it is expected that most ATM deployers will make their ATMs EMV operational to avoid being saddled with the additional liability.
For the independent ATM owner, their decision to upgrade, maintain, or remove a particular terminal is a challenging one. Their terminals are generally the more simplified table-top cash dispensers rather than the fully function ATMs installed by financial institutions. They are often installed in convenience stores, restaurants, bars, and other specialty retail locations. While their purchase cost is substantially less than full-service, heavily armored ATMs, their average transaction volume is also substantially less due to their location and the foreign transaction fees imposed by most cardholders' financial institutions. Their revenue comes primarily from an ATM surcharge fee and a dwindling network interchange, out of which they have to pay all their operating expenses, including rent to the retailer where the ATM is located. An ATM generating $100 a month in net profit is considered a successful ATM. The cost to upgrade such a terminal is highly variable depending on its current hardware and processing capability, but just the cost of an EMV card reader, its installation, and testing is generally in the $500 to $800 range. The older cash dispensers may not be suitable for upgrades.
This industry has seen its cyclical periods of prosperity and austerity over the last 15 years, with its financial challenges generally centered on the hardware and software upgrades related to regulatory compliance—first with Y2K compliance, then with the American with Disabilities Act (ADA), Triple DES, PCI, Windows XP nonsupport, and now EMV. As occurred with these earlier technology upgrades, the industry is seeing further consolidation of ATM terminal portfolios. A number of industry observers share my prediction of a contraction in the ATM installed base by as much as 15 percent by the end of 2016 due to further bank consolidations and the cost impact of the EMV upgrade. Since cash operations is a major function of the Federal Reserve System, we will be watching this impact with considerable interest.
By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
January 19, 2016
Mobile Wallets: Is This the Year?
In our 2015 year-end retrospective post, we commented on the slow pace of adoption of mobile payments despite the introduction of several major mobile wallets. While some consumer research continues to point to widespread consumer usage of mobile wallets in the coming years, we have seen similar projections from past research fail to materialize.
So what have been the major barriers to adopting mobile wallets? And for those who have adopted them, what functions are the most important? As I have noted before, I am a firm believer in former Intel CEO Andrew Grove's 10X rule: a new technology experience must be at least 10 times better than the previous method to achieve widespread consumer adoption and usage. A number of different elements—speed, cost, convenience, personalized experience, ease of use, and so on—can all contribute to achieve that 10X factor. Another critical element is the consumer's trust in the security of the wallet to ensure that payment credentials and transaction information will not be compromised in some way. The market research and strategy firm Chadwick Martin Bailey (CMB) conducted mobile wallet research in March–April 2015 on a nationally representative sample of smartphone owners and specifically asked mobile wallet nonusers what were their particular security concerns. As the chart shows, identity theft and the interception of personal information during the transaction were the top two reasons given.
The tokenization of payment credentials goes a long way to providing a higher level of security, but a major educational effort is required to relay this knowledge to consumers to increase their level of confidence. The CMB study found that 58 percent of nonusers would be somewhat or extremely likely to use a wallet if tokenization of their payment account information were performed.
But is it enough to convince consumers that mobile payments are more secure to significantly speed up adoption and usage? Mobile wallet proponents have been saying for years that the mobile wallet must deliver more than just a payment function, that it should include incorporate loyalty, couponing, identification, or other functions.
So if the desired end state is known, why is it taking so long for the mobile wallet providers to achieve that winning solution? The retailer consortium MCX is going into its fourth year of development and has just recently begun a pilot program of its CurrentC wallet in the Columbus, Ohio, market. Two of MCX's owners and major U.S. retailers, Walmart and Target, have announced in the last couple of months their plans to develop and operate their own mobile wallet. While these companies still profess their support of the MCX program, have they concluded that a common mobile wallet solution among competing retailers doesn't meet all their specific needs? Or is it a desire to offer their customers a wider choice of shopping experience options and differentiate their experience? Or is it another reason altogether? Only time will tell.
So do you believe that 2016 will be the year of the mobile wallet? Let us know what you think.
By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
January 11, 2016
Prisoner Release Cards: How to Protect the Interests of Recently Released Inmates?
I recently watched a late-night comedian criticize prison reentry programs in the United States. The segment focused on the resources—or lack thereof—that are provided to released inmates. One of these resources, I have recently learned, is increasingly a prepaid card.
Upon imprisonment, inmates are given a trust account to hold money that they receive for prison work and from family and friends. When they are released, they may also receive start-up funds to help with the reentry process. According to the Federal Bureau of Prison's Inmate and Custody Management Policy, "an inmate being released to the community will have suitable clothing, transportation to inmate's release destination, and some funds to use until he or she begins to receive income. Based on the inmate's need and financial resources, a discretionary gratuity up to the amount permitted by statute may be granted." While the policy expands the details of what constitutes suitable clothing and the method of transportation, there is no mention of how to disburse funds to the released individuals.
Enter prison-release prepaid cards. Many state and federal prison systems enter into contracts with prepaid card providers pursuant to a public bidding process to provide prison release funds through a prepaid card as an alternative to cash or checks. This shift in disbursement methods may be attributable to concerns about cash controls in the prison setting and the high check-cashing fees some inmates who lack traditional bank accounts incur, to name a couple of possibilities. Regardless of the disbursement method that the correctional agency chooses, this vulnerable population depends on every last penny.
Some people maintain that account fees are too high on these prepaid cards and that agreements with cardholders contain forced arbitration clauses. Could the correctional agency negotiate better terms on behalf of the released prisoner? Or could the inmate possibly be given options for the trust fund distribution—cash, check, prepaid card, or even a Paypal account?
A late-night comedian may have the ability to isolate one slice of the problem with prison release programs, but our regulations shouldn't piece together a solution to an overarching issue. Likewise, there are challenges with creating blanket regulations for a product category like prepaid cards that contains many different products meeting a wide variety of distinct needs, each with unique characteristics and different users. Isn't the goal is to provide released prisoners the freedom to use money that belongs to them, as for any other citizen?
By Jessica J. Trundley, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
January 4, 2016
The Year In Review
2015 marked the end of the era for my favorite late-night talk show host. In his 33 years of bringing laughter to late-night audiences, David Letterman is perhaps best known for his nightly Top 10 list. During the last several years, the Risk Forum's last blog for the year has included our own list of top 10 payments events. Our efforts clearly didn't match Letterman's entertaining Top 10s, and we have decided to retire our Top 10 blog in favor of a year-end review blog.
2015 can easily be characterized as "The Year of Deals." We witnessed two established payment processors, Worldpay and First Data, become publicly traded entities, with IPOs during the year. Following these IPOs, Square became the first "Unicorn"—a tech start-up with a valuation in excess of $1 billion—to test the public markets with its IPO. Beyond the IPOs, there were ample other noteworthy deals in 2015, including Ebay spinning off PayPal as its own entity; Visa acquiring its former subsidiary, Visa Europe; Global Payments' acquisition of Heartland; and a host of mergers such as the one between Early Warning and ClearXchange. On the venture capital and private equity side, indications suggest that 2015 will top 2014's nearly $10 billion investment in financial technology in the United States with payments-related investments leading the way.
Near and dear to the Risk Forum, notable risk-related stories will also make 2015 memorable. The long-anticipated initial EMV liability shift took place on October 1 with mixed reviews from different participants in the payments ecosystem. Data breaches that included the compromise of payment credentials and personally identifiable information seemed to be an almost-weekly event during the year. In response to the increasing incidence of data breaches and anticipated increase in card-not-present fraud, the buzz surrounding tokenization, which began in earnest with the launch of Apple Pay in 2014, intensified within the payments industry.
Mobile proximity payments might be the most frequent payment topic over the past five years, and 2015 was no different. While many have labeled each year over the last five as the "Year of Mobile Payments," mobile still has a way to go before the Risk Forum is willing to give this title to any year, including 2015. However, momentum for mobile proximity payments remained positive with the launch of Apple Pay rivals Samsung Pay and Android Pay. We witnessed a well-known and early established mobile wallet, SoftCard (originally branded as Isis), exit the playing field after being acquired by Google. The Merchant Customer Exchange (MCX), a consortium of retailers, launched a pilot of its mobile wallet—CurrentC—and has also partnered with Chase and its Chase Pay service with entrée to 94 million cards; and two large Financial Institutions, Chase and Capital One, both announced new mobile wallet initiatives. In December, Walmart and Target announced their own mobile payment applications. While mobile proximity payment usage remains minimal, it is becoming increasingly clear that consumers are using their mobile phones to shop online. According to holiday shopping figures from Black Friday through Cyber Monday 2015, mobile shopping accounted for approximately one-third of total e-commerce sales.
Finally, in 2015, the payment industry witnessed the launch of a comprehensive, collaborative effort to improve the speed and security of payments in the United States. In January, the Federal Reserve issued its long-anticipated Strategies for Improving the U.S. Payment System followed by the formation of two task forces, Faster Payments and Secure Payments, seeking to turn these strategies into actionable payment improvements. Related to improving the speed of payments, NACHA membership approved a same-day ACH service after a similar measure failed to gain approval in 2012.
As those in the payments industry have come to expect excitement and innovation, 2015 did not disappoint. And while it's certainly fun to look back, we must always keep looking ahead. Perhaps the most famous late-night talk show host, Johnny Carson, understood this best with his beloved great seer, soothsayer, and sage Carnac the Magnificent persona. Be on the lookout for our upcoming blog where the Risk Forum will channel our inner Carnac with some predictions and expectations for payments in 2016.
By the Retail Payments Risk Forum at the Atlanta Fed
- The Range of Un-Friendly Fraud
- Payments Webinar October 10: Cash in the 21st Century
- "Insuring" Ransomware Will Continue to Flourish
- Designing Disclosures to Be Read
- Is There a Generation Gap in Cash Use?
- What the Most Convenient Food Tells Us about Payments
- Is Friction in Payments Always Bad?
- Why Should You Care about PSD2?
- At the Intersection of FinTech and Financial Inclusion
- A Call to Action on Friendly Card Fraud and Loss?
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- account takeovers
- ATM fraud
- bank supervision
- banking regulations
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- credit cards
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- financial technology
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- online retail
- Payment Services Directive
- payments fraud
- payments innovation
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- skills gap
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workforce development
- workplace fraud