Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
June 24, 2019
Moving towards Electronic Social Security Number Verification
Earlier this year, a colleague wrote a Take on Payments post about synthetic identity fraud. Throughout the year, we've found ourselves talking often with representatives from law enforcement and financial institutions about the growth of this particular type of fraud. There are different estimates that try to catalogue the damage, but one that strikes me is that synthetic identity fraud could account for as much as 5 percent of uncollected debt and be responsible for approximately 20 percent of credit losses.
A major challenge to mitigating this fraud is the difficulty financial institutions and other lenders have in confirming that a social security number (SSN) being presented actually belongs with the name of the person presenting it and that their date of birth actually matches the SSN. Prior to June 2011, the first three numbers of the SSN provided geographical clues to the number holder's birth state, which allowed for some basic verification, but the Social Security Administration (SSA) now randomizes all numbers making this minimal form of verification impossible for any SSN issued after this date. Currently, the SSN verification process requires that the requester complete a wet signature consent form that is submitted in hard copy to the SSA. Hardly a speedy process in a day and age when financial institutions and lenders are striving to make many lending decisions in hours or minutes, not days! But change from the SSA is in the air.
On June 7, the SSA published a notice to the Federal Register announcing initial enrollment for a new electronic consent-based SSN verification service. The notice is full of details about this program and its initial enrollment is open to all financial institutions (FI) and FI service providers as defined by the SSA. Participation in the pilot program requires that enrollees pay an initial administrative fee followed by volume-based pricing according to the annual number of transactions. The initial enrollment period opens on July 17 and will run through July 31. Following this period, the SSA will select a limited number of enrollees across several different categories for participation in the program, which is set to begin June 2020. Even if an applicant company is not selected to participate in the initial program, it would be eligible to participate when the program expands. Otherwise, new applicants will have to wait until the next enrollment period, which could be as long as two years.
This new SSA program would be a positive step toward reducing synthetic identity fraud. However, there is a balancing act between the costs for combating fraud and the actual cost of fraud. It will be interesting to follow the enrollment figures and other metrics to determine how effective this measure turns out to be. How do you feel about these efforts by the SSA?
June 17, 2019
Performing and Paying in the Gig Economy
Bobby Short at the Café Carlyle in New York City. Hank Williams at Nashville's Grand Ole Opry. A trumpet player in the pit, a pianist at a bar. All these musicians have been gigging—that is, they've performed live for pay. The term gig is thought to be shorthand for engagement and has been around since the early years of the 20th century.
Nowadays, it seems that a lot more workers—not just musicians—gig. In the gig economy, independent workers perform short-term jobs for companies or individuals. Many of us presume that most of those jobs are somehow enabled by technology. Now some counterintuitive data about the gig economy comes from the Federal Reserve's Survey of Household Economics and Decisionmaking (SHED).
The SHED finds that three in 10 U.S. adults did some gig work at least once in the month prior to the survey. The survey defines gigging as selling goods online or renting out property, as well as providing personal services like yard work or ride sharing. Among gig activities, child- and elder-care, cleaning, and property maintenance were most common. Half of gig workers indicated they spent five hours or less on gig work in the month prior.
One finding that surprised me: the gig economy is an offline economy. Compared to the 30 percent of adults who did some gig work, just 3 percent of adults used a website or mobile app to find that work. Said another way, that means that just one in 10 gig workers engage in what this paper from the Boston Fed calls "internet platform-based work."
My immediate reaction: how can that be? I took 15 ride shares in April, one every other day. Surely there are more Uber and Lyft drivers out there. My second thought: my mom gets rides, too. When Mom wants a ride, she makes a call on her landline phone to a gig worker for a local agency that helps seniors live independently. As the SHED report puts it, "Most of [gig] activities predate the internet." Driving, housekeeping, babysitting, and lawn maintenance all have been around for a long time.
And, in fact, the SHED estimate of internet platform-based work is higher than some others, because the work is not limited to providing services. It includes, as noted above, selling stuff via online marketplaces. In comparison, the Contingent Worker Supplement from the U.S. Bureau of Labor Statistics (BLS) finds that in May 2017, 1 percent of workers engaged in "electronically mediated work," defined as "short jobs or tasks that workers find through websites or mobile apps that both connect them with customers and arrange payment for the tasks." (Note that the SHED estimate is a share of adults and the BLS is a share of workers ["employed persons," defined here].)
Like the gigs, some ways to pay for gig work predate the internet. My mom pays her driver directly on the same day with paper. And, in fact, the 2017 Survey of Consumer Payment Choice found that 70 percent of person-to-person (P2P) payments were made with cash or checks.
I pay the ride-share app with a fingerprint through an intermediary. The driver, paid indirectly by me, gets an ACH credit to a bank account or a prepaid card load. Many get paid the same day or right after the ride. About half of those I speak with don't mind the 50 cent fee to get paid sooner.
Two ways to arrange a ride. Two ways to pay. Both relevant in the 21st century.
By Claire Greene, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
June 10, 2019
The ABCs of Elder Financial Exploitation
In 2011, the World Health Organization designated June 15 as World Elder Abuse Awareness Day. So each year, a number of organizations supporting the elderly run educational campaigns throughout the month of June aimed at increasing awareness of elder abuse. This crime has a number of different forms: physical, emotional, or sexual abuse, neglect and abandonment, and financial exploitation.
We covered the growing impact of elder financial abuse in terms of numbers in a post last August. That growth is being driven by a double whammy: the surge in the senior population and the proliferation of available exploitation attack channels, thanks to the internet. Because none of this is likely to slow down for some time, education is critical. As the Retail Payments Risk Forum has stressed before, education is an important element in curbing fraud, and this area is no exception.
Here are some of the more common financial scams targeting the elderly:
- Charity: The victim receives a request, usually over the telephone or in a public place, for donations for natural disaster relief or other good causes, but the funds are not used for such purposes.
- Sweepstakes/lottery: The victim receives a letter, email, or telephone call with the news that they have won a lottery or cash sweepstakes—but they have to pay a tax or administrative fee in advance.
- Home repairs: Someone tells the victim that some aspect of their property needs repair—for example, the driveway, roof shingles, or gutters—and it can be done inexpensively since there is a "crew already in the area." The victim must pay by cash or check in advance, but the crew never appears to do the work.
- Romance: The fraudster, often posing under a false identity, makes romantic overtures and eventually asks the victim to send money so he or she can travel to meet them.
- Tax: The victim receives a phone call from the fraudster claiming to be an IRS agent pursuing back taxes and unless the victim sends funds immediately, they will be subject to arrest. A variant of this scam involves the perpetrator posing as a police officer pursuing unpaid traffic tickets or other infractions.
- Virus: A "technical support" company calls the victim, claiming that a virus has infected the victim’s computer. For the payment of a "modest fee," the company can download software that can kill the virus and protect the computer against future attacks. Often, the software downloaded actually contains some form of malware that may allow the criminal to compromise the banking credentials of the victim.
- Other advance fee fraud: The fraudster requests money to help a relative in jail or stranded on the roadside. The situations are completely false but might contain some element of truth as the scammer may have found information on social media providing a name or that the named individual is out of town.
- Identity theft: The criminal communicates with the victim through social media, telephone, or email to obtain bank account or other information allowing them to attempt a wide variety of fraudulent activities including credit applications, unauthorized account transactions, and more.
- Investments: The victim is convinced to purchase an annuity or some other investment with a supposed lucrative payback.
Sadly, most elder financial abuse is committed by family or other people who are trusted with care of the elderly, which makes the crime more difficult to detect. Such abuses range from the transfer of property or securities to the theft of liquid assets through check writing or ATM withdrawals.
While researching this issue, I was heartened to learn that various organizations are developing or improving software products to help spot potential financial exploitation or to provide training materials. The American Association of Retired Persons recently launched a pilot program for financial institutions called BankSafe. It is a free online training program with educational material presented in different formats, including video games, distributed by the Independent Community Bankers of America and the Credit Union National Association, and, directly, by some financial institutions. In addition, a recent Dow Jones Institutional News article highlighted some fintech products designed to alert trustees of unusual or suspicious activity.
If you know of any valuable programs or organizational efforts to increase awareness of elder financial abuse, please let us know.
By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
June 3, 2019
Hitting the Brakes on the Cashless Society
"Reverse ATMs" is a term I learned from reading my colleague Oz Shy's new working paper, "Cashless Stores and Cash Users." At venues that don't accept cash at the register, the patron puts cash into the reverse ATM and a loaded prepaid card comes out. Mercedes-Benz Stadium in Atlanta, for example, is one of the latest venues to adopt this practice.
Speaking of "reverse," I'm sure you know that some states and municipalities are seeking to reverse what may—or may not—be a trend toward brick-and-mortar retailers not accepting cash. Refusing to accept cash has been illegal in Massachusetts, where I live, since 1978. More recent developments:
- Philadelphia will ban cashless stores beginning in July.
- In March, New Jersey outlawed cashless restaurants and stores.
- In May, the San Francisco Board of Supervisors voted to require brick-and-mortar businesses to accept cash.
- Also in May, Representative David Cicilline (D-RI) introduced the Cash Buyer Discrimination Act, which would require businesses all across the United States to accept cash.
These and other proposed laws are predicated on the idea that people without access to payment cards or digital payments are harmed when they cannot make purchases using their payment instrument of choice: cash. Oz's paper adds to the conversation by examining the choices consumers make at the point of sale, depending on their access to different ways to pay.
Using data from the 2017 Diary of Consumer Payment Choice, Oz found that consumers who own different mixes of payment instruments use cash with different intensity to make in-person purchases:
- Diary respondents who own neither a credit card nor a nonprepaid debit card made almost 9 in 10 of their in-person payments with cash, on average. The median share of cash purchases was 100 percent.
- Diary respondents who own at least one credit card and one nonprepaid debit card make about one-third of their in-person payments with cash, on average. The median share was 20 percent.
Oz goes on to calculate the cost to the cash payers who do not have credit or nonprepaid debit cards of switching from cash to a prepaid card. He finds that, all things being equal, for some consumers, using cash would have to cost twice as much as using a prepaid card for the cash users to be indifferent to switching. Oz's conclusion: "A complete transition to cashless stores imposes a measureable burden on consumers who do not have credit or [nonprepaid] debit cards." For perspective, 8.5 percent of respondents with household income below the U.S. median ($61,000) did not have a credit card or nonprepaid debit card in 2017, according to the diary.
As this research shows, cash is important to some consumers. The cashless society could be on a collision course with reality.
- Why Should You Care about PSD2?
- At the Intersection of FinTech and Financial Inclusion
- A Call to Action on Friendly Card Fraud and Loss?
- You Can't Manage What You Can't Measure
- Ransomware Attacks Continue
- The Future of Fraud in a Post-EMV Chip Environment
- A Tip for Summer Travel
- Ransomware: Hopefully Not Coming Soon to a Computer Near You
- Moving towards Electronic Social Security Number Verification
- Performing and Paying in the Gig Economy
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- December 2018
- November 2018
- account takeovers
- ATM fraud
- bank supervision
- banking regulations
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- credit cards
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- financial technology
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- online retail
- Payment Services Directive
- payments fraud
- payments innovation
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- skills gap
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workforce development
- workplace fraud