Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Comments are moderated and will not appear until the moderator has approved them.
Please submit appropriate comments. Inappropriate comments include content that is abusive, harassing, or threatening; obscene, vulgar, or profane; an attack of a personal nature; or overtly political.
In addition, no off-topic remarks or spam is permitted.
May 3, 2021
You Can Deploy 19th-Century Technology against a 21st-Century Scourge
Just like last year, and in 2019 before that, the Association for Financial Professionals (AFP) is reporting that business email compromise (BEC) is at the heart of fraud attempts against businesses: an AFP survey found that 6 in 10 attempted or perpetrated frauds are built on BEC.
Many of us are familiar with the seemingly urgent—and fraudulent—email from a faux CEO or other executive demanding that we immediately purchase gift cards for a pressing need or instantly transfer funds to an impatient vendor demanding payment. The language of these requests plays on our insecurities and fears. Adrenaline surges, muscles tense, heart rate speeds up. We are ready—and want to—spring into action. And when payments are frictionless, that’s easy to do. The click of a mouse, and the problem goes away.
Then, the second thoughts. Uh-oh. Our lizard brains have betrayed us again.
But the 520 corporate treasury professionals who responded to the survey hold out hope. These treasury pros reported using processes to remove from the fraud equation an email from a perpetrator to an accounts payable clerk, CEO, or other employee. They include implementing a payment request database and then prohibiting the email receipt of payment requests or creating a secure supplier web portal so that payees—not the payor—control updates to bank account information.
Another effective solution, not so new: the voice call. This 19th-century invention, variously credited to Antonio Meucci, Elisha Gray, and Alexander Graham Bell, can add friction at just the right point in the fraud-prevention process, what my colleague Jessica Washington calls "fast access to live humans." Some respondents to the AFP survey, for example, reported that they required a voice call-back to confirm changes requested by email or to ascertain the bona fides of parties applying for credit, friction that creates a necessary opportunity for a double-check.
At the Telephone Museum in Waltham, Massachusetts, you can admire 19th-century contraptions of wood and cloth and even teach your kids to use a rotary dial. The Mickey Mouse phone, the hamburger phone, and the "princess" phone of my childhood are all there. While the younger set investigates some antediluvian communications device, be sure to take a moment to remind yourself of its efficacy in the present day.
April 26, 2021
Financial Literacy: Talk to Me Like I'm a Fifth Grader
Kids adapt to technology by repeated exposure, usually starting with interactive games, and can learn about money and payment choices in the same way.
While there are initiatives for teaching financial education in high schools, the age to learn about money may be around the time kids tap on their first iPad. A study by the University of Cambridge reveals that kids form money habits by the age of seven.
April is Financial Literacy month. As my colleague Doug King noted in a recent post, financial literacy rates are low among adults, declining from 42 percent in 2009 to 34 percent in 2018. Open conversations create greater understandings and can lead to a more financially literate population. Early learning about money and our payment systems fosters those conversations and increases financial knowledge.
As kids learn more about money and finances, they also learn about risks and how to better protect themselves from fraud. Starting with cash and coin literacy, there are several options to explore from the agencies that produce them. These simple introductions to our currency could help kids become more comfortable and familiar with our units of payment.
The U.S. Mint introduces kids to currency and all the details that go into making coins, including the design, weight, materials, and locations of the actual mints. It's fun and informative for kids and adults.
The U.S. Treasury provides details for kids on paper money. More details are found at the Bureau of Engraving and Printing in Washington, D.C., and Fort Worth, Texas. The site explains how they print billions of dollars yearly that are delivered to the Federal Reserve System, which helps kids to understand the interaction of the U.S. Treasury with the Federal Reserve.
The U.S. Currency Education Program sponsors a Currency Academy, which is managed by the Federal Reserve Board, for K-5 classrooms. The program includes videos, games, and activities for kids along with lesson plans for educators. The site notes the materials are best suited for kids in grades two through five.
The Richmond Fed's My Money workbook introduces young children to the characteristics and functions of money. They learn how to identify the different values of coins. Activities included in the workbook teach children that people earn money at jobs to use the money they earned to buy goods and services.
As kids learn about currency, they can extend their knowledge to other forms of payments they may see their family members use, including debit, credit, or prepaid cards, checks, and alternative payment methods such as Venmo, Square, CashApp, Paypal, or Zelle, among others.
You can order print copies of the workbook and other resources from the Federal Reserve Education's site. The St. Louis Fed has developed many parent reading guides to accompany popular children's books. These books and their associated parent guides include age-appropriate themes that encourage positive financial behaviors.
April 19, 2021
Criminals Also Like Convenience
The phrase "The customer is always right" was coined by London department store retailer Harry Gordon Selfridge in 1909 to encourage his employees to provide customers with exceptional customer service. Ever since, retailers across all industries have been trying to achieve the positive customer experience—and possibly a competitive advantage—that Selfridge was striving for by offering a variety of customer-oriented policies and services. One such service that gained popularity a couple of years ago is buy-online-pick-up-in-store, often shortened to BOPIS. The COVID pandemic has led to a modification of BOPIS: BOPAC, short for buy-online-pick up-at-curbside. Merchants are offering these options so they can provide a "frictionless transaction"—in other words, they want to reduce the actions customers have to take to obtain their products. This less-contact process also happens to address the CDC’s COVID health recommendations of minimizing contact with others.
Unfortunately, fraudsters have latched onto BOPIS and BOPAC because they’re a means to secure their ill-gotten gains faster and at a lower risk of confrontation once they have stolen the payment credentials of a legitimate cardholder. According to a report published last fall , BOPIS fraud increased 55 percent from the first half of 2019 to the first half of 2020. While merchants in the BOPIS model can ask customers for identification, many do not, for a couple of reasons. First, the person picking up the goods may not be the cardholder, as often happens in the home improvement and landscaping business. Some retailers have addressed this by requiring the cardholder during checkout to give the name of the pick-up person. Second, requesting identification adds a step to the process and therefore adds friction.
A major financial services company published a best practices guide a year ago that contains recommendations on how merchants can reduce their fraud risk for BOPIS/BOPAC transactions. These recommendations include manually reviewing orders of high-value or targeted merchandise and using video cameras in the pick-up areas.
As stores and shopping centers begin to open more and with longer hours, it will be interesting to see if customers return to browse and shop in the aisles or the convenience of BOPIS/BOPAC will continue to drive ecommerce traffic. What do you think?
April 12, 2021
NFTs Raise Questions about Money Laundering
I must admit—my head is spinning a bit trying to grasp the valuation of nonfungible tokens, which are commonly referred to as NFTs. In March, an NFT by the artist Beeple sold for almost $70 million. An NFT is a unique digital asset that is authenticated using a blockchain. Digital assets can be artwork, music, sports cards or videos, or even tweets. There are multiple marketplaces for purchasing NFTs, oftentimes with cryptocurrencies or stablecoins, and many of these platforms are focused on a specific segment of the NFT market such as this one dedicated to players and highlights from the National Basketball Association. (The concept seems so far-fetched that Saturday Night Live based a skit on NFTs.)
Once my head stops spinning due to the astronomical valuations of some NFTs, it immediately focuses on the money-laundering risks. For years, the art world has been used to launder funds. Reasons for this include the anonymity often sought by buyers and sellers, the use of shell companies to hide owners, the use of cash for high-value purchases, and the challenges of determining a fair market value for a singular piece of art that might be purchased for well above market value, which is a red flag for money laundering. Are these reasons for using art in the physical world to launder funds alleviated or exacerbated in the digital world? I don't have the answer for this question because I admittedly haven't spent the time to fully understand the measures the NFT industry has taken to mitigate money laundering risks. I do know that transactions on a public blockchain are transparent, but that doesn't necessarily mean that the individuals engaged in the transaction can be identified. And as I mentioned earlier, determining a fair value for NFTs presents quite the challenge.
Whether or not NFTs are being used for money laundering, I am not alone in asking the question. In March, the Financial Action Task Force, seeking input from the public by April 20, 2021, released a public consultation paper on draft guidance on a risk-based approach to virtual assets and virtual asset providers. This guidance has the potential to affect NFT marketplaces and providers by encouraging regulatory agencies across the globe to require them to perform some levels of Bank Secrecy Act/Anti-Money Laundering monitoring and reporting. The task force is looking to implement changes to the draft and approve this updated guidance at its June 2021 meeting.
Are you interested in learning more about NFTs and the potential risks they may pose? While we will continue to monitor developments and provide pertinent updates, let us know if you have questions or concerns that you think we should address given the increased media exposure and transaction volumes of NFTs.