Please enable JavaScript to view the comments powered by Disqus.

We use cookies on our website to give you the best online experience. Please know that if you continue to browse on our site, you agree to this use. You can always block or disable cookies using your browser settings. To find out more, please review our privacy policy.


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Comment Standards:
Comments are moderated and will not appear until the moderator has approved them.

Please submit appropriate comments. Inappropriate comments include content that is abusive, harassing, or threatening; obscene, vulgar, or profane; an attack of a personal nature; or overtly political.

In addition, no off-topic remarks or spam is permitted.

May 22, 2023

Receiving Banks and Authorized Push Payment Fraud: Somebody Else's Problem?

In my family, we refer again and again to the Somebody Else's Problem Field (SEP), defined as follows in the classic science fiction series, The Hitchhiker's Guide to the Galaxy:

An SEP is something we can't see, or don't see, or our brain doesn't let us see, because we think that it's somebody else's problem. …The brain just edits it out, it's like a blind spot.

Around the home, the SEP is useful for explaining why something isn't happening or has gone missing. For financial institutions, the SEP creates challenges in fighting authorized push payment fraud.

Financial institutions, of course, understand the requirement of Reg E to refund customer funds in the event of unauthorized payments fraud. That's their problem, clearly visible. Authorized fraud, which occurs outside the payments system because it does not involve compromised credentials, is another beast entirely. It's somebody else's problem.

Or is it? Do consumers know the difference between unauthorized and authorized payments? You can answer this question: Most consumers don't know the difference and even those who do think authorized fraud is somebody else's problem. In light of this perception, I've been hearing a lot lately about the imperative for receiving banks and payments providers to fight authorized push payments fraud. These responsibilities are relevant for customer satisfaction and retention at sending banks and for reputation risk at receiving institutions.

Let's take a step back to a time before the authorized fraud is attempted. Account opening fraud, at the soon-to-be receiving bank, can create the destination for payments where the sending accountholder (the victim) is duped or intimidated into paying. Criminals create money mule accounts at receiving institutions, receive push payments from victims, and then—shazam!—drain the funds from the receiving account almost instantly.

Therefore, controls on the account opening process can help to prevent authorized fraud. In 2022, US banks reported that new account openings increased as a source of identity-related fraud: 36 percent of episodes in 2022, compared to just 13 percent of episodes in 2019, according to a recent report. In earlier years, account takeover was associated with more identity fraud (see the chart). Today, with more accounts opened remotely, it's more plausible for criminals to use stolen or synthetic IDs.

Chart 1 of 1: New account creation outstrips account takeover as source of identity-related fraud (percentage of events)

The report shows that more financial institutions are taking action to mitigate ID-related fraud at account opening. Here are some tools that grew in popularity from 2021 to 2022:

  • Email risk assessment
  • Phone number risk assessment
  • Challenge questions to identify bots
  • Automated risk scoring
  • One-time password
  • Geolocation

Sci-fi author Douglas Adams advises that a towel is "the most massively useful thing an interstellar hitchhiker can have" because of its practical value. It's a blanket, a weapon, a hat, a distress signal, and more, and Adams's fans celebrate Towel DayOff-site link this week, Thursday, May 25.

Like a towel, the tools listed above have the potential to be massively useful. But adoption is not universal. About 60 percent of the surveyed banks have adopted email risk assessment for new account opening. The others are currently in use by fewer than half of the surveyed banks, so some work remains to be done.

May 15, 2023

Financial Judgment Decline: An Early Sign of Dementia

Are older adults more at risk for financial fraud than younger groups? It appears they are, according to the Federal Trade Commission's reportOff-site link that reveals people aged 60 and older experience higher median fraud losses than do younger people, with people over 80 having the highest median losses of all age groups.

The question remains why elders are more at risk. One reason that older people may be more vulnerable is obvious: aging can lead to problems with cognition, memory loss, and basic life skills.

One of the first signs of vulnerability appears with a decline in financial judgment, with payments-related issues happening six years before a diagnosis of Alzheimer's or other cognitive impairment is made, at least one studyOff-site link shows.

For example, people who were later diagnosed with dementia had problems with missed credit card payments, showed declines in their ability to manage a checkbook or interpret bank statements, were late paying bills, or missed payments altogether. These financial capabilities were among the first sign of problems and progressively worsened over the six-year period before a diagnosis was finally made.

Certainly, other issues can lead to financial losses for seniors, including family and caregiver exploitation. Ruling that out, the finding that financial judgment and skills decline years before a diagnosis is made may help explain why seniors are more financially vulnerable.

Family and friends can help older adults by looking for early signs of declining financial capability, like unopened bills, missing money and checks, changes in credit card spending, and unexplained ATM withdrawals.

Family or caregivers who are alert to noticing financial issues when they begin or worsen may help to reduce the risk of financial fraud and—even more important—make it possible to get appropriate medical attention for their loved ones sooner.

Here are some resources:

May 8, 2023

A Fertile Environment for Scams

"Normally I would have done a test [wire] transfer but I wanted to get [all the money in the account] out."

This quote, from a New York Times story about a stressed-out small-business owner, encapsulates the way that fear and a perceived need for immediate action can result in payments authorization mistakes. Even worse, fear and decision-making under time pressure can create the perfect growing conditions for fraud to flourish.

Most of us would agree that a test transaction is a good idea when large sums of money are involved. At the same time, most of us can empathize with the business owner's decision-making in an atmosphere of fear, uncertainty, and doubt. Each of us perhaps remembers times when, in retrospect, we might have called our own behavior hasty.

We are in an environment of real information and misinformation that could encourage hasty behavior. Since mid-March, business executives, financial institution leaders, and consumers (including most likely you and me) have been thinking more about keeping our payments and accounts safe. And, sad to say, a lot of criminals have been plotting new ruses and building on old ways to take our money away from us.

As a Take On Payments post noted at the beginning of the COVID-19 pandemic, any time that people are worried is a good time to be particularly vigilant. Today, in a different time of worry triggered by some prominent bank failures, it's a good time to be vigilant:

  • In mid-March 2023, the Cybersecurity and Infrastructure Security Agency (CISA) warnedOff-site link : "exercise caution in handling emails with bank-related subject lines, attachments, or links."
  • Later that month, calledOff-site link bank failures "an irresistible, golden opportunity for scammers and fraudsters to exploit."
  • Also in March, financial institutions were warning customers about a scam asserting that an institution is under FBI review and to get cash out fast. Such "imposter scams" (impersonating government, businesses, tech support, and romantic partners, and more) cost consumers nearly $2.7 billion in losses in 2022, the FTC reported Adobe PDF file formatOff-site link in February 2023.

The scam scenarios are many and varied: financial institutions, businesses, and consumers receiving calls and emails from "customers" or "bank officials" to change payments instructions; plausible, yet false, website names being registered; and phishing, a perennial favorite, offering new incentives or dire warnings if immediate action isn't taken.

So, take a minute. Breathe deeply. Then dig into every element of that email or website address to weed out and stop the fraud.

The links cited in this post were embedded safely. Make sure the ones you come across are, too.

May 1, 2023

Number of Card Payments Spike in 2021 after 2020 Decline

Last week, the Federal Reserve Payments StudyOff-site link (FRPS) documented the growth in the number and value of card payments from 2018 to 2021. The value of card payments increased 10.0 percent from 2018 to 2021; by number, the increase was 6.2 percent per year.

Diving a little deeper, we can look at the ups and downs over the period 2018 to 2021. That’s because the FRPS has collected the number and value of credit, non-prepaid debit, and debit card payments annually since 2015 (expanding on the data collected every three years beginning in 2000). The annual data show that in 2020, the first year of the COVID-19 pandemic, the number and value of card payments dropped. The drop was unprecedented in the history of the FRPS. (Quarterly dataOff-site link for 2020 trace the path of the pandemic, with a peak in February and a trough in April.)

In 2021, that drop was more than reversed. The rate of increase in the value of card payments was almost two-and-a-half times the increase recorded in any prior one-year period: 26.4 percent. By number, the increase was 80 percent greater than any prior annual increase: 18.3 percent. These are big changes, as you can see in the slopes of the lines in the charts below (2020–21 highlighted in red).

What type of cards contributed most to this jump? The table below shows that while growth rates for all card types accelerated in 2021, the growth in payments with prepaid debit cards stood out. Keep in mind, however, that prepaid debit cards were growing on a small base: in 2020, just 10 percent of card payments by number and 5 percent by value were made with prepaid cards.

Table 1 of 1: Compound annual growth rate by card type

We ask ourselves lots of questions about the pandemic. Will behavior changes stick? When will things get back to normal (however you define that)? Will card payments make up for lost time? There, at least, the answer is clear.

You can see all the data hereOff-site link.