Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
November 18, 2019
Will Payments Be Getting REAL?
When someone tells you to "get real," they mean you'd better understand the true facts of a situation. Well, you better get REAL if you want to enter a federal building or fly on a commercial aircraft after October 1, 2020. Unusual for such major federal legislation, the REAL in the REAL ID Act of 2005 isn't an acronym but an all-caps word intended to emphasize that states must adopt minimum federal standards for the documents required to obtain a driver's license or state-issued ID card. The act also prohibits federal agencies from accepting noncompliant IDs for any type of official business.
The good news is that most states have been issuing driver's licenses and ID cards that for a number of years have complied with the REAL ID Act, so more than likely your ID is already compliant. How can you tell? Look for a gold or black star in the upper right corner of your card. In my state, the Georgia Department of Motor Vehicles has been issuing compliant licenses and cards since July 1, 2012, and estimates that more than 96 percent of registered Georgia drivers have a compliant license. However, three states—New Jersey, Oklahoma, and Oregon—only came into compliance in early October after being granted a number of extensions.
So much time—15 years—has passed between passage of the act and the final compliance deadline because 25 states mounted legal challenges to the act's constitutionality, often claiming that it was essentially establishing a national ID card or abridging state's rights. These challenges were all defeated, but the Department of Homeland Security was required to announce a number of compliance extensions to give the states time to change their processes.
In reality, you do not have to have REAL ID-compliant identification to access federal services or commercial flights. A passport will suffice, although I think a state-issued license or ID card is more convenient. The REAL ID, however, does not substitute for a passport for international travel.
This website has a great deal of background and interesting information about the REAL ID program and the states' implementation. You can also find READ ID information on the websites of most state motor vehicle departments.
You might ask: so what? What does this change have to do with payments and risk? While the REAL ID Act technically affects only a citizen's interactions with federal agencies, it's quite possible that financial institutions will begin requiring a compliant driver's license or ID card as an acceptable form of documentation in compliance with their Customer Identification Program.
Are you ready? Get REAL!
November 12, 2019
Financial Solutions for the Younger Generation
Earlier this year, I wrote a post about how millennials tend to be risk-averse when it comes to making financial decisions. Because millennials grew up watching various financial crises, such as the dot-com collapse and the Great Recession, they may have formed a negative attitude toward financial-risk-taking and an overall distrust in the financial system. I’d referred to a 2017 survey that showed that millennials are more afraid of credit card debt than of dying. This speaks to a need for more focused financial education tools and advisers to help young people—millennials and Gen Zers alike—increase their financial literacy and gain more trust in the financial system.
I recently attended Finovate 2019, a conference where technology startups showcased their latest fintech innovations in seven-minute demos. Industry leaders shared their insights on various topics in financial services, investing, insurance, and biometrics, to name a few. As a millennial, I found what resonated with me the most were all the developments targeted to my age group, from fractional investment apps to interactive robo advisers that aim to make the entire banking experience less intimidating.
One of the biggest financial burdens that millennials face today is paying off massive amounts of student loan debt. An NPR article states that "student loan debt in the United States has more than doubled over the past decade to about $1.5 trillion." In fact, millennials and Gen Zers have become so crippled by student loan debt that they are delaying and even forgoing the American dream of becoming homeowners because they perhaps mistakenly view it as taking on additional debt, despite all the benefits of owning a home. Similarly, they view credit cards as just another way to take on debt, not as an opportunity to build up or improve their credit.
But now, thanks to startups like those at Finovate, apps and other software are now addressing the student loan debt problem by providing advice to families on the cost and return on investment of college, based on career and salary, as well tools that project financial aid packages for each school. One intriguing millennial- and Gen Z-focused app showcased at the conference was a gamified money management app that rewards users in real cash for saving or achieving a financial goal. Another was a financial literacy app that breaks down complex financial concepts into a quiz format and rewards users with cash or gift cards when they complete the quiz.
It is encouraging to see fintechs and even banks taking notice of the financial needs of the younger generations and developing products and services that better cater to their unique expectations, in a fun, creative way. Could these apps help these young people shift from their current, risk-averse mindset and give them greater confidence in the financial system so that they can take more risks with their money and ultimately build more wealth? Let us know.
November 4, 2019
Encouraging Password Hygiene
Practicing good password hygiene such as using strong passwords and never using them for any other application can be a huge nuisance. Many people, including yours truly, would love to see passwords fade into oblivion and be replaced by stronger authentication technologies, such as biometrics. But the fact remains that passwords will continue to be used extensively for the foreseeable future, and for as long as they remain with us, it's imperative that we adhere to good password protocol. Verizon's 2019 Data Breach Investigation Report reveals that more than 60 percent of successful data breach hacks were due to compromised or stolen log-in credentials.
Information that describes good password practices is abundant, but people continue to be careless. So how can we successfully encourage people to actually follow these practices?
Interestingly, while I was pondering this issue, I came across a Wall Street Journal article. Written by a cybersecurity professor, the article describes research that the author and her colleagues did on this very topic—how to get people to create strong passwords—and I thought it would be useful to share their findings.
So what's the secret to getting us to use strong passwords, according to these researchers? It's the simple incentive of time—and by this I mean the length of time we're allowed to keep our passwords. The researchers found that people were willing to use stronger passwords if they could keep them for longer than they had in the past.
The conventional wisdom used to be that we should change passwords at least once a year. Now many financial service providers and others require users to change passwords every 30 days. However, some organizations continue to allow longer time periods, or perhaps don't enforce change at all, but offset the longer duration with stricter rules, requiring longer passwords with a minimum number of special characters. I imagine most of us are accustomed to the strength bar or bubble graphic that shows us the strength of a password as we're creating it. These might be useful in educating us about what strong passwords look like, but the researchers found them to be ineffective in driving people to create strong passwords.
I'll admit I don't always practice the best password hygiene. One of several reasons for this is that it seems my passwords expire so frequently. But I could get fully on board with building stronger, unique passwords if that meant I would have more time before I had to change them.
Have you seen or experienced other tactics or solutions that have pushed you to use better password hygiene? If so, we would love to hear from you!
- Will Payments Be Getting REAL?
- Financial Solutions for the Younger Generation
- Encouraging Password Hygiene
- Should We Throw in the Towel When It Comes to Data Breach Prevention?
- Looking for Partners in Safer Payments
- The Range of Un-Friendly Fraud
- Payments Webinar October 10: Cash in the 21st Century
- "Insuring" Ransomware Will Continue to Flourish
- Designing Disclosures to Be Read
- Is There a Generation Gap in Cash Use?
- November 2019
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- account takeovers
- ATM fraud
- bank supervision
- banking regulations
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- credit cards
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- financial technology
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- online retail
- Payment Services Directive
- payments fraud
- payments innovation
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- skills gap
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workforce development
- workplace fraud