About


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Take On Payments

« October 2018 | Main

November 13, 2018


In Payments, What I Say May Not Match What I Do

How do you like to pay your bills? Perhaps you schedule bills to pay automatically by bank account number so you don't miss a due date. Or maybe you would rather review a paper statement and then mail a check.

By number, U.S. consumers report paying 4 in 10 bills by electronic means—for example, by using their online banking bill pay function or providing a bank account number at a biller's website. By dollar value, the practice of using electronic transactions to pay bills is also prevalent: about half of bill payments by dollar value are made using online banking bill pay or bank account number payment. These are among findings from the Diary of Consumer Payment Choice, a survey of U.S. consumers released in September of this year.

Chart-one

Source: 2017 Diary of Consumer Payment Choice

The diary also asks respondents how they prefer to pay bills, so we can look at how consumers' stated preferences compare to what they actually do in specific situations. It turns out that 36 percent of consumers prefer online banking bill pay or bank account number payment, and about the same percentage prefer either a debit card or credit card.

Keep in mind that 38 percent of bill payments and 36 percent of consumers are not comparable. Actual behavior is measured in percentage shares of transactions. Preferences are measured in percentage shares of consumers (about 2,900 U.S. adults responded to this nationally representative survey).

We can see, however, the transactions for which consumers deviate from their stated preferences for bill payments. Of the bill payments recorded in the 2017 DCPC, about half were made using the consumers' preferred payment instrument.

Why do we consumers deviate from what we say we prefer? Think of your own payment choices. You might be constrained by what is feasible. For example, you might prefer to pay most bills with a paper check but for bills you pay online, it's impossible to use paper payment instruments. Your choice could be limited by what the payee prefers to accept. For example, your plumber might prefer payment by cash or check. Or you might deviate from your preferred method to save money. For example, your local municipality might put a surcharge on card payments, so paying with your bank account number is less costly. Or, for larger bills, you might use a credit card to earn points.

To see more about how consumers adjust our payment choices given the situation, take a look at the interactive charts detailing payment choice by dollar value, payment type, and remote or in-person payments, as reported in the 2017 Diary of Consumer Payment Choice.

Photo of Claire Greene By Claire Greene, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

November 13, 2018 in cards, payments study | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

November 5, 2018


Organizational Muscle Memory and the Right of Boom

"Left of boom" is a military term that refers to crisis prevention and training. The idea is that resources are focused on preparing soldiers to prevent an explosion or crisis—the "boom!" The training they undergo in left of boom also helps the soldiers commit their response to a crisis, if it does happen, to muscle memory, so they will act quickly and efficiently in life-threatening situations.

Image-one

The concept of the boom timeline has been applied to many other circumstances, as I can personally attest. More years ago than I will admit to, I was a teller and had to participate in quarterly bank-robbery training that focused on each employee's role during and immediately after a robbery. The goal was to help us commit these procedures to muscle memory so that when we were faced with a high-stress situation, our actions would be second nature. My training was tested one day when I came face-to-face with a motorcycle-helmet-wearing bank robber who leaped over the counter into the teller area. Like most bank robbers, he was in and out fast, but thanks to muscle memory, we were springing into action as soon as he was leaping back over the counter and running out of the branch.

This type of muscle memory preparation has also been applied to cybersecurity. Organizations commit significant human and capital resources to the left of boom to help prevent and detect threats to their networks. Unfortunately, cybersecurity experts must get things right 100 percent of the time while bad actors have to be right only once. So how do organizations prepare for the right of boom?

Recently, I had the opportunity to observe a right-of-boom exercise that simulated a systemic cyberbreach of the payments system. This event, billed as the first of its kind, was sponsored by P20 and held in Cambridge, Massachusetts. Cybersecurity leaders from the payments industry convened to engage in a war games exercise that was ripped from the headlines. The scenario: a Thanksgiving Day cyberbreach, the day before the biggest shopping day of the year, of a multinational financial services company that included the theft and online posting of 75 million customer records, along with a ransomware attack that shut down the company's computer systems. The exercise began with a phone call from a reporter asking for the company's response to the posting of customer records online—BOOM! Immediately, the discussion turned to an incident response plan. What actions would be taken first? Who do you call? How do you communicate with employees if your system has been overtaken by a ransomware attack? How do you serve your customers? What point is the "in case of fire break glass" moment, meaning, has your organization defined what constitutes a crisis and agreed on when to initiate the crisis response plan?

An overarching theme was the importance of the "commander's intent," which reflects the priorities of the organization in the event of an incident. It empowers employees to exercise "disciplined initiative" and "accept prudent risk"—both principles associated with the military philosophy of "mission command"—so the company can return to its primary business as quickly as possible. In the context of a cyberbreach that has shut down communication channels within an organization, employees, in the absence of management guidance, can analyze the situation, make decisions, and then take action. The commander's intent forms the basis of an organization's comprehensive incident response plan and helps to create a shared understanding of organizational goals by identifying the key things your organization must execute to maintain operations.

Here is an example of a commander's intent statement:

Process all deposits and electronic transactions to ensure funds availability for all customers within established regulatory timeframes.

Having a plan in place where everyone from the top of the organization down understands their role and then practicing that plan until it becomes rote, much like my bank robbery experience, is critical today.

Photo of Ian Perry-Okara  By Nancy Donahue, project manager in the Retail Payments Risk Forum at the Atlanta Fed

 

November 5, 2018 in consumer protection, cybercrime, cybersecurity | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

Google Search



Recent Posts


Archives


Categories


Powered by TypePad