About


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Take On Payments

September 10, 2018


The Case of the Disappearing ATM

The longtime distribution goal of a major soft drink company is to have their product "within an arm's reach of desire." This goal might also be applied to ATMs—the United States has one of the highest concentration of ATMs per adult. In a recent post, I highlighted some of the findings from an ATM locational study conducted by a team of economics professors from the University of North Florida. Among their findings, for example, was that of the approximately 470,000 ATMs and cash dispensers in the United States, about 59 percent have been placed and are operated by independent entrepreneurs. Further, these independently owned ATMs "tend to be located in areas with less population, lower population density, lower median and average income (household and disposable), lower labor force participation rate, less college-educated population, higher unemployment rate, and lower home values."

This finding directly relates to the issue of financial inclusion, an issue that is a concern of the Federal Reserve's. A 2016 study by Accenture pointed "to the ATM as one of the most important channels, which can be leveraged for the provision of basic financial services to the underserved." I think most would agree that the majority of the unbanked and underbanked population is likely to reside in the demographic areas described above. One could conclude that the independent ATM operators are fulfilling a demand of people in these areas for access to cash, their primary method of payment.

Unfortunately for these communities, a number of independent operators are having to shut down and remove their ATMs because their banking relationships are being terminated. These closures started in late 2014, but a larger wave of account closures has been occurring over the last several months. In many cases, the operators are given no reason for the sudden termination. Some operators believe their settlement bank views them as a high-risk business related to money laundering, since the primary product of the ATM is cash. Financial institutions may incorrectly group these operators with money service businesses (MSB), even though state regulators do not consider them to be MSBs. Earlier this year, the U.S. House Financial Services Subcommittee on Financial Institutions and Consumer Credit held a hearing over concerns that this de-risking could be blocking consumers' (and small businesses') access to financial products and services. You can watch the hearing on video (the hearing actually begins at 16:40).

While a financial institution should certainly monitor its customer accounts to ensure compliance with its risk tolerance and compliance policies, we have to ask if the independent ATM operators are being painted with a risk brush that is too broad. The reality is that it is extremely difficult for an ATM operator to funnel "dirty money" through an ATM. First, to gain access to the various ATM networks, the operator has to be sponsored by a financial institution (FI). In the sponsorship process, the FI rigorously reviews the operator's financial stability and other business operations as well as compliance with BSA/AML because the FI sponsor is ultimately responsible for any network violations. Second, the networks handling the transaction are completely independent from the ATM owners. They produce financial reports that show the amount of funds that an ATM dispenses in any given period and generate the settlement transactions. These networks maintain controls that clearly document the funds flowing through the ATM, and a review of the settlement account activity would quickly identify any suspicious activity.

The industry groups representing the independent ATM operators appear to have gained a sympathetic ear from legislators and, to some degree, regulators. But the sympathy hasn't extended to those financial institutions that are accelerating account closures in some areas. We will continue to monitor this issue and report any major developments. Please let us know your thoughts.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

September 10, 2018 in banks and banking, consumer protection, financial services, money laundering, regulations, regulators, third-party service provider | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

August 27, 2018


Who Owns Your ATM?

Counting the number of ATMs in the United States has been a challenge since 1996, when independent operators (nonfinancial institutions) started deploying ATMs/cash dispensers. That was when Visa and MasterCard dropped their prohibition against surcharges. But a recent study sponsored by the National ATM Council largely overcame that challenge while also gathering some interesting results about the locational aspects of the independently owned ATMs compared to machines owned by financial institutions (FI).

The study was conducted earlier this year by a team of economics professors from the Department of Economics and Geography in the University of North Florida's Coggin School of Business. The study's primary objective was to determine whether the locations of independently owned ATMs and FI-owned ATMs were different in terms of demographics and socioeconomic status.

Using a database from Infogroup, the team identified 470,135 ATMs operating in 2016. About 41 percent of these were FI-owned, and the rest were independently owned. The majority of the independent ATMs are in retail establishments, with heavy concentrations in convenience stores, pharmacies, and casual dining locations.

FI owned ATMs Duval Median Household Income 2016 Independently owned ATMs Duval Median Household Income 2016
(Click on the images to enlarge.)

The research team plotted the locations of all the ATMs, overlaying demographic and socioeconomic data they obtained from the U.S. Census Bureau and its American Community Survey. Among the 10 main elements the researchers used were median age, unemployment rate, education level, household income, disposable income, and average home values.

They concluded that the independent ATMs "tend to be located in areas with less population, lower population density, lower median and average income (household and disposable), lower labor force participation rate, less college-educated population, higher unemployment rate and lower home values."

So what does this mean?

Well, it means that the independently owned ATMs are providing a vital service in rural and inner-city areas. Other studies—such as the Federal Reserve's Diary of Consumer Payment Choice—have shown that lower-income households (those earning less than $50,000) use cash as their primary method of payment. Therefore, these independent ATM owners are giving these households access to financial services that would otherwise be limited.

A post from December 2014 highlighted some of the challenges the independent operators were facing. Stand by for a future post that will provide an update on this part of our country's payment ecosystem.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

August 27, 2018 in banks and banking, financial services | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

June 18, 2018


Thinking about My Grandmother and Future-Proofing Payments

I often reminisce about times I spent with my grandmother. She passed away when I was only nine years old, but fortunately left me with a host of memories that I cherish. How I loved our trips to Walden Bookstore in the Hickory Ridge Mall whenever she'd visit us in my hometown of Memphis. We'd pick out a book or two and then return home to read them together. I often wonder what she would think about my family's book shopping and reading habits today. Online bookstores, e-readers, and audiobooks downloaded or streamed onto mobile phones would be completely foreign to her as the technology behind these was not even around during her lifetime! How could she ever have known how the world of books would evolve?

And this brings me to the notion of future-proofing payments. Mobile payments just might be the hottest topic when payment professionals get together to discuss the future of payments. It makes sense to think that maybe one day our mobile phones will replace our debit and credit cards and maybe even cash. But to date, the mobile phone has not done for cards and cash what it has done for mp3 players, digital cameras, and portable navigation devices, to list just a few things. Perhaps we need more time for mobile phones to transform payments—or could it be that payments as we know them today will be made over by a technology or device that is not yet widely available or even conceived? Is it possible that the primary payment methods we use today can withstand the test of time and remain our primary methods for many more years? Thinking about my grandmother and books, maybe future-proofing payments is a losing proposition and we should be nimble, ready to adapt to whatever changes come our way.

Join me for the Atlanta Fed's Retail Payments Risk Forum's latest Talk About Payments webinar on Thursday, June 28, from 1 to 2 p.m. (ET), when I will explore the future of mobile payments at the point of sale by first considering the debit card's long rise to prominence. Participation in the webinar is complimentary, but you must register in advance. After completing registration, you will receive a confirmation email with all the log-in and toll-free call-in information.

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

June 18, 2018 in banks and banking, emerging payments, mobile banking, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

April 23, 2018


Paying with PlasticMetal

I recently had the opportunity to watch a panel of eight millennials discuss their thoughts on money and payments. (The Pew Research Center defines a millennial as anyone born between 1981 and 1996.) While realizing that a sample size of eight young adults is far from representative, I was completely caught off guard at times by what they had to say based on everything I have read or heard about this generation's banking and payment preferences. None of these people lived with their parents and all of them held full-time jobs. So what did I learn from these eight millennials?

  • Demand deposit accounts (DDA) with financial institutions are still important. I was surprised that all eight panelists maintain a DDA.
  • Credit card reward programs are strong drivers of payment usage. Six out of the eight panelists stated that credit cards were their preferred method of payment, primarily because of the rewards that their cards offered. One panelist preferred debit cards while another panelist preferred cash. Of the six credit card-preferring millennials, all stated they were purely transactors that pay off their monthly balance, opting not to revolve them.
  • Another strong driver of credit card usage is card design. All of the panelists raved about metal cards. They love how metal cards feel and they love the sound that they make when they drop them on a counter or table to pay. Several expressed that they wanted cards to be even thicker and heavier. In general, the panel thought that paying with a metal card was "cooler" than paying with a mobile phone.
  • Person-to-person (P2P) wallets and applications are used extensively, but primarily for transacting between individuals, not for storing money. All of the panelists use a P2P mobile wallet or application on their phone. However, none maintain a significant balance in their preferred wallet. They opt to transfer their balance to their DDA. A primary reason for not holding funds in a mobile wallet is concern over security. They feel their money is safer with a financial institution.
  • Mobile phones are vital to their livelihood, yet mobile proximity payments have not fully caught on with them. Half of the panel uses their phone at point-of-sale terminals that accept mobile payments; one panelist mentioned the rewards that he receives from his mobile wallet as driving his mobile payment usage. A majority expressed enthusiasm about mobile order-ahead functionality and use it whenever it's available. However, the availability of mobile payments does not drive decisions to shop at specific stores. All use mobile phones for comparison shopping, oftentimes in a physical store.

A key takeaway from synthesizing all of this information is that it's not just mobile phones that pose a major threat to paying with plastic—it's also metal cards. They certainly seem to appeal to the millennials that I heard on stage and drive loyalty from a usage perspective. And while I don't have data to back up this claim, I do think this metal phenomenon spans generations, as I have had people of all ages show off their metal cards to me. Cards as a form factor are here to stay, but could plastic (especially for credit cards) be on its way out?

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

April 23, 2018 in banks and banking, cards, debit cards, mobile banking | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 19, 2018


Mobile Banking and Payments' Weakest Link: Me

What's the biggest hole in mobile banking security? As my colleague Dave Lott reported in January, bankers say it's consumers' lack of protective behavior when using mobile devices. That means you and me.

In response, financial institutions (FI) have implemented controls including inactivity timeouts and multifactor authentication, as noted in Mobile Banking and Payment Practices of U.S. Financial Institutions, which reported the findings of a 2016 Federal Reserve survey.

Baking these controls into mobile apps makes sense because research on consumer behavior suggests that expecting consumers to independently take steps to protect their accounts and data is not realistic. Take as one example: I co-wrote a paper with Joanna Stavins for the Boston Fed reporting the results of our investigation into consumers' responses to the massive Target data breach. We found that while consumers do react to reports of fraud, their reactions can be short-lived. In addition, consumers' opinions may change, but their behavior may not. In other words, considerations aside from security could take priority. (See also a report on the 2012 South Carolina Department of Revenue breach.)

Debit and credit card data for 40 million cards used in Target stores were stolen in late 2013. The breach was widely reported in the news media and caused many financial institutions to reissue cards. Because it was primarily a debit card breach, one might reasonably expect consumers to take a jaundiced view of debit cards after the breach.

And, indeed, that was the case. The Survey of Consumer Payment Choice was in the field at the time of the Target breach. Some consumers answered questions about the security of debit cards before the breach became public. Others answered after.

Consumers who rated card security after the breach rated debit cards more poorly relative to the average rating of the other payment instruments—cash, paper checks, ACH methods, prepaid cards, and credit cards. So in that sense, they reacted to the news.

One year later, consumers in 2014 rated the security of debit cards more poorly both relative to their ratings of other payment instruments and absolutely (that is, a greater percentage of consumers rated debit cards as risky or very risky). In contrast, compared to 2013, the absolute security ratings of cash improved. There was no change in the security ratings of credit cards.

The more important question: Did consumers change their behavior in response to this massive and widely reported data breach? The answer: not according to this survey data. There was no statistically significant change in consumers' method of payment mix in 2014. Debit cards remained the most popular payment instrument among consumers in 2014, accounting for almost one-third of their payments per month.

What does this mean for financial institutions? Realism about my willingness to take action is well placed. You can't count on me.

Photo of Claire Greene By Claire Greene, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

March 19, 2018 in account takeovers, banks and banking, cards, debit cards, identity theft, mobile banking, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 12, 2018


Webinars Discuss Mobile Banking and Payments Survey Results

Earlier this year, I wrote a post highlighting some of the Mobile Banking and Payments Survey results that were consolidated from the seven Federal Reserve districts that conducted the survey: Atlanta, Boston, Cleveland, Dallas, Kansas City, Minneapolis, and Richmond. The 706 responding financial institutions gave us valuable information about their current and planned services as well as security features for their mobile banking and mobile payments products. (You can download a copy of the report from the Boston Fed's website.)

You can get a more detailed review of the survey findings when the Boston Fed's Payment Strategies Group conducts two webinars on March 21 and March 22.

Attendees will learn about:

  • Current developments in mobile financial services
  • Practices, products, and trends related to consumer mobile banking and payment services
  • Financial Institution perspectives on mobile security, concerns, and mitigation tools

There is no charge for the webinars but you must register. To view both webinars, you must register for both. Select a link below, then click the Register button. After you have registered, you will receive a confirmation email with the access information.

REGISTER for Part I: Consumer Mobile Banking, Wednesday, March 21, 2018 at 2 p.m. (EDT)

REGISTER for Part 2: Consumer Mobile Payments, Thursday, March 22, 2018 at 2 p.m. (EDT)

Feel free to share this post with any of your colleagues who may wish to attend. If you have any questions about the webinars, please email elisa.tavilla@bos.frb.org.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

March 12, 2018 in banks and banking, mobile banking, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

February 26, 2018


Explosive News Regarding ATMs

You've probably seen at least one video of a criminal attaching a chain from a truck an ATM to try to pull the ATM out of its mounts. Or maybe you've seen one of someone using a sledgehammer to try to smash an ATM open. Although these types of attacks are destructive, they do not rise to the level of the explosive attacks that have been taking place in Europe, Australia, and South America—and, just recently, in the United States. First reported about 10 years ago in Europe, their frequency has increased dramatically over the last several years.

I learned a bit about these and other ATM dangers at a conference I recently attended in Las Vegas on emerging functionality for ATMs and cash dispensers. One of the most interesting sessions was a presentation on ATM crimes that a U.S. Secret Service agent gave. The agent talked about the two major categories of ATM terminal crimes: logical and physical attacks. Criminals carry out logical attacks using software, skimming devices, or cameras. With software, they aim to gain access to the ATM software or operating system so they can intercept data transmissions or issue commands to dispense currency. With skimming or shimming devices and cameras, they can capture card and PIN data. A recent logical attack "jackpotted" an ATM—that was the first time in the United States that a criminal forced an ATM to dispense all its currency.

Criminals trying to blow up ATMs in Europe have predominately used gas. They pump a combustible gas like oxyacetylene, used in welding, into the ATM enclosure through a drilled hole, currency slot, or other entry point, and then detonate it. This 2015 Bloomberg Businessweek article describes explosive attacks in England in great detail.

Unfortunately, reports indicate that solid explosives such as dynamite, explosive gel, and C4 are becoming more common in Europe and South America. In Brazil, dynamite is the predominant explosive, in part because a large supply of dynamite was stolen from a mining operation. As expected, these attacks are highly destructive, not only to the ATM but also to the surrounding building, which you can see in the photo below (this ATM attack recently took place in Atlanta). Normally these attacks are carried out at ATMs in isolated locations at off-hours. Fortunately, I have not heard of any loss of life or injuries to innocent people from these attacks.

From tweet
Source: WSB-TV

Because the frequency of these attacks is growing, ATM manufacturers and other third parties have developed countermeasures either to detect and thwart the attacks or to reduce the monetary value of a successful attack. For gas attacks, detection sensors installed in the ATM may do several things: trigger an audible—and monitored—alarm, release a gas-suppression system to prevent detonation, open a cover to prevent the gas pressure from building to a level that will detonate, or trigger a currency-staining mechanism that would put an ink stain on the currency in the machine, neutralizing its ability to be used. Additionally, penetration mats may be installed inside the ATM fascia that could detect drilling. Regrettably, attacks with solid explosives are more difficult to mitigate, but the industry has responded with harder enclosures and currency-inking neutralization systems.

We can hope that such attacks will not grow in frequency the United States, but security folks will probably tell us that we are being a bit Pollyannaish. Best be prepared.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

February 26, 2018 in ATM fraud, banks and banking, crime, theft | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

February 12, 2018


If the Password Is Dying, Is the PIN Far Behind?

Back in January, I wrote a post that highlighted the rising incidence of lost-and-stolen card fraud in the United Kingdom. I concluded that the decades-old PIN solution for the card-present environment is now showing signs of weakness. Results of a recent Minneapolis Fed survey of 283 financial institutions offer some validity to my conclusion: the survey found that losses on PIN-based debit increased by 50 percent from 2015 to 2016. In fact, 81 percent of the respondents reported fraud losses from PIN-based debit, compared to only 77 percent for credit cards.

The news wasn't all bad for PIN-based debit. Signature-based debit and credit cards still had more fraud attempts than any other payment instrument. At 63 percent, signature debit fraud actually had a higher increase in fraud losses from 2015 to 2016 than did PIN debit. The PIN is a far superior verification method for card payments, but I'm willing to bet that the PIN, much like the password, has become less effective.

Is this coming at a time when the PIN is about to become more prominent? In late January, the PCI Security Standards Council announced a new security standard for software-based PIN entry, also known as "PIN on glass." This standard specifies the security requirements for accepting a PIN on a mobile point-of-sale device such as a Square card reader.

As an aside, I am a bit surprised by this announcement. Apparently, mobile phones are safe enough for entering PINs, but when someone uses a pay wallet such as Apple Pay or Samsung Pay, the card's PAN, or primary account number, is tokenized for security purposes. I'll save a discussion of this inconsistency for another post.

People have been talking for years now about how the password has passed its prime as a standalone authentication solution. Yet it continues to live, and it's as difficult as ever to mitigate its vulnerabilities. In my opinion, attempts to do so have increased customer friction and had minimal impact. I think the PIN is following a similar path. It creates customer friction (especially for me as I now have different PINs for multiple cards that I struggle to keep straight) and is losing its effectiveness, according to the data I mentioned in the first paragraph. But it appears that, with the PCI's recent announcement, the PIN could become even more prevalent for cardholders. Is it time, in the name of security and customer friction, for us to replace PINs and passwords with more modern authentication technologies such as biometrics?

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

February 12, 2018 in authentication, banks and banking, cards, chip-and-pin, consumer fraud, debit cards, EMV, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

January 22, 2018


Business Email Compromise Is a Growing Threat

In April 2016, I wrote about the work of the FBI’s Internet Crime Center (IC3) and the rise of reported cases of business email compromise (BEC) attempts. BEC involves what looks like a legitimate email from another employee or customer requesting a transfer of funds. Since I wrote that post, BEC attempts—both successful and prevented—have continued to increase dramatically. The latest figures from the IC3 website show that from January 2016 through June 2017, BEC attempts totaled $223 million, with losses at $148 million. BEC scams are also attracting a wider variety of criminals, including individuals, small gangs, and professional groups.

At first, the fraudsters primarily targeted financial institutions and businesses dealing in frequent and large-value transfers, such as law firms handling real estate or trust account transactions. But as fraudsters have proliferated, they've begun targeting companies of all sizes. Last May, the FBI issued another BEC alert, which includes useful descriptions of BEC scenarios based on actual cases.

The BEC attempt is usually not the start of the criminal activity but rather the culmination of an extended effort that began with the criminal hacking a business's financial records. The hack may have occurred when an employee opened an email with a bogus attachment or link that loaded malware on the computer, or when the criminal purchased a user's credentials off the dark web. Once the fraudster has accomplished the intrusion, a period of information gathering begins. The fraudster obtains current accounts payable records, wire transfer transactions, and transfer procedures, and may also comb social media for information that could be useful. Perhaps a targeted company official will be out of town attending a conference, or on vacation and difficult to contact.

BEC attempts generally have the following common elements:

  • It is a funds transfer request.
  • The request is based on a routine event or legitimate transaction.
  • The bank account where the transfer is to be sent is new or has been modified in some way from previous transactions, or the requested method of payment is different.
  • The request often carries a sense of urgency—late fees or breach of a contract are threatened—to encourage bypassing of controls.

To avoid falling into this trap, it is imperative that businesses have strong funds transfer controls that are monitored to ensure compliance. Also, businesses should have a continuing program of internal education (and perhaps testing) for all employees involved in funds transfer requests. The FBI suggests that the best control is to verify transactions through a second, independent means, similar to two-factor authentication.

There are several actions a business can take if it becomes a victim of BEC:

  • Immediately contact the receiving financial institution to see if the funds can be frozen.
  • Notify all relevant employees of the attack—multiple employees are often targeted.
  • Contact the FBI or the Secret Service.
  • Conduct an internal investigation to determine the point of compromise, and then take the necessary corrective action.

Finally, financial institutions with customer education programs should consider providing business customers with materials regarding this threat.

We are interested in hearing from you about your experiences with BEC and preventive practices. Criminals are constantly changing their attack methods and sharing information is a valuable way to help develop best practices.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

January 22, 2018 in banks and banking, data security, fraud, malware | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

January 8, 2018


Consolidated Mobile Banking and Payments Survey Results Published

In earlier posts, we published highlights of the 2016 Mobile Banking and Payments Survey of Financial Institutions in the Sixth District results as well as a supplement showing the results by financial institution (FI) asset size. The survey was designed to determine the level and type of mobile financial services that FIs offered and to find out what plans FIs had to offer new services.

Six other Federal Reserve Banks also conducted the survey in their districts, and we've combined all the data into a single report. Marianne Crowe and Elisa Tavilla of the Boston Fed's Payment Strategies group led the team that consolidated the data. The report—now available on the Boston Fed's website—addresses mobile banking and payment services from the perspective of the FI. The report offers additional value with its inclusion of a large number of small banks and credit unions (under $500 million in assets), a group from which data are often difficult to obtain.

Consolidated-survey-respondents-by-asset-size

The seven districts participating were Atlanta, Boston, Cleveland, Dallas, Kansas City, Minneapolis, and Richmond. A total of 706 FIs responded.

Here are some of the key learnings from survey responses regarding mobile banking:

  • Retail mobile banking offerings are approaching ubiquity across financial institutions in the United States. Eighty-nine percent of respondents currently offer mobile banking services to consumers, and 97 percent plan to offer these services by 2018.
  • By the end of 2018, 77 percent of bank and 47 percent of credit union respondents will be providing mobile banking services to nonconsumers including commercial and small businesses, government agencies, educational entities, and nonprofits. Commercial and small businesses will be the most prevalent.
  • Among FIs offering and tracking business mobile banking adoption, more than half still have adoption rates of less than 5 percent.
  • The most important mobile banking security concern that respondents cited is the consumer's lack of protective behavior. In response, FIs have implemented a range of mitigating controls. To enhance security and help change consumer behavior, more than 80 percent of respondents support inactivity timeouts and multi-factor authentication (MFA) as well as mobile alerts.

And here are some important findings regarding mobile payments:

  • Implementation of mobile payment services is growing as FIs respond to competitive pressure and industry momentum. In addition to the 24 percent already offering mobile payments, 40 percent plan to do so within two years. However, the current offering level fell substantially short of the expected 57 percent predicted by the responses to the 2014 survey.
  • Mobile wallet implementations are increasing steadily, with Apple Pay as the current leader.
  • Enrollment and usage remain low. Eighty-one percent of the respondents had fewer than 5 percent of their customers enrolled and actively using their mobile payment services.
  • Asset size makes a difference in many areas: larger FIs have greater resources to expend on new services, implementations, and security technologies and controls.
  • Banks and credit unions often differ in approaches and strategies for mobile payments.

We will conduct the survey again this year and are eager to see how the mobile banking and payments landscape has changed. If you have any questions about the survey results, please let us know.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

January 8, 2018 in banks and banking, mobile banking, mobile payments, payments study | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

Google Search



Recent Posts


Archives


Categories


Powered by TypePad