Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
February 29, 2016
Warning! This Vehicle Has Been Immobilized
Imagine my frustration when, after a long day at work followed by a nice dinner catching up with an out-of-town friend, I found my vehicle booted in a parking lot 30 miles from home, at 9 p.m. on a Tuesday. The boot immobilized my car because I violated a 6 p.m. curfew. Those details were printed in small print on the receipt I received after paying the automated kiosk and did not read. I pleaded with the boot company attendant to waive the $75 removal fee to no avail. He was a third-party to the lot owner. A man who lived in the apartment building next door was walking his dog and sympathetically shouted, "This happens all the time."
Being deceived is damaging, especially when it comes with a price tag. I felt like a victim. In fact, deceptive acts or practices are unlawful by Section 5 of the Federal Trade Commission (FTC) Act and Section 1031 of the Dodd-Frank Act. Deception is defined as representation, omission, or practice that is likely to mislead a consumer acting reasonably in the circumstances, to the consumer's detriment.
Deception—or alternatively, forthrightness—is circumstance-driven and involves subjectivity, leading us to base judgments on precedent and personal perspective. A practice can't be decidedly deceptive with a yes or no. The Federal Trade Commission (FTC) and federal banking regulators have applied deception interpretation standards through case law, official policy statements, guidance, examination procedures, and enforcement actions.
Two recent interpretations came by way of consent orders from the FDIC (or Federal Deposit Insurance Corporation) at the end of December 2015, both including deceptive practices. My analysis mixes in themes from recent proposed regulation. Deception appears to exist when layering circumstances mislead and cause injury, and when consumers may have chosen differently but for deception. The orders state that (1) consumers shouldn't be forced into receiving funds via one payment type; give them a choice; (2) before consumers make a choice, give them information about fees, features, and limitations, as well as how to use the product; (3) provide error resolution; (4) be clear about account termination and fee practices; (5) pay attention to complaints, and make this a program; and (6) you can't blame noncompliance on the third party.
I would not have parked in the lot if I had known about the 6 p.m. curfew with a $75 penalty. Will UDAAP compliance be an active project for your financial services, or could your most rewarding business vehicle get the boot?
By Jessica J. Trundley, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
February 22, 2016
2016 Payment Predictions
In our 2015 year-end review, we promised we would provide some predictions and expectations for payments in the United States during 2016. Predictions are usually pretty…unpredictable, so by waiting a couple of months to release ours, we're hoping they will end up being more accurate than usual. Disclaimer: These predictions are through the collective wisdom of the Retail Payments Risk Forum staff and do not reflect the opinions of the Federal Reserve System or the Board of Governors. So here we go in no particular order or probability of happening.
- Cyberattacks will be the top threat to payments security: Cyberattacks and data breaches will be as robust as ever and will be the number one threat in the payments ecosystem. As retailers and financial service companies strengthen their defenses, the Risk Forum predicts that hackers will widen their focus.
- This will be the year for mobile point-of-service (POS) payments…not!: Like the broken analog clock face that is correct twice a day, we believe that those forecasting 2016 as the "year of mobile payments" (as they did in 2013, 2014, and 2015) will be a little bit right, but will still be waiting for this optimistic prediction to be fully true. While the adoption pace of mobile payments is growing because of the increasing influence of millennials, the issues of limited merchant acceptance points, fragmentation, and consumer concerns over security and privacy will remain as substantial hurdles. Major educational efforts will be launched stressing the increased security provided by mobile payments through tokenization and biometrics.
- EMV (chip card) POS migration will pick up the pace from 2015: The liability shift for POS took place October 1, 2015, and projections for both card and terminal capability missed their optimistic marks for a variety of reasons. Credit and debit card reissuance will continue during 2016 and should reach significant conversion levels by the end of the year. The Risk Forum expects the pace of merchant terminal conversions to pick up as certifications are completed and merchants targeted by counterfeit card fraudsters feel the sting of losses. However, we also think some merchant categories, such as restaurants, will continue to proceed at a tepid pace.
- ACH same-day service will not be a huge hit: The Risk Forum forecasts that the roll-out of NACHA's mandated same-day ACH service in September will, at least initially, have modest adoption because corporate originators will have to update internal systems to support faster payments, the dollar cap of $25,000 per payment, and the imposition of the interbank fee. Consumer payment applications will have modest uptake due to competing payment alternatives.
- EMV ATM liability shift will cause the number of ATMs to shrink: The implementation of chip card readers in ATMs will follow the same pattern as POS terminals did in 2015—the large ATM owners and operators will meet the October 2016 deadline but many of the small and mid-sized operators, especially those owned by nonfinancial institutions, will not and will be faced with absorbing the loss of transactions made with counterfeit cards—a fraud loss they haven't experienced in the past. Overall, the Risk Forum looks for the ATM base in the U.S. to contract by 10 to 15 percent because of financial institution mergers and the cost of EMV upgrades.
- Mobile wallet space will continue to see turbulence: 2015 saw the launch or announcement of more mobile wallets by payment stakeholders such as Samsung, Google, Chase, Capital One, Walmart, and Target. Then add the retailer and credit union consortiums (MCX CurrentC and CU Wallet) that are struggling to emerge from uncertainty. How many wallets will the consumer be willing to load on a phone and which providers do they trust to keep their payments and banking credentials safe? We believe we'll see continued turbulence in this space during 2016, with some settling of the dust by next year.
- Blockchain technology interest will accelerate: Cryptocurrencies will continue to exist in the "novelty" space, but we think large payments players will direct efforts to leveraging the distributed ledger technology for various uses and will proceed at an accelerated pace.
- Biometric technology improves, but passwords remain supreme: Despite continued cries for intervention, the user ID and password will remain the primary authentication method that consumers use to access their various applications. Biometrics technology for payment and customer authentication applications will continue to improve while decreasing in price. Fingerprint, facial recognition, and eye/iris recognition will dominate as the most-used biometrics although voice recognition will serve as a key method in certain environments such as call centers. The Risk Forum believes that the technology will continue to face critical adoption challenges due to concerns about privacy, security, and safety, but educational programs will lower this resistance.