Please enable JavaScript to view the comments powered by Disqus.

We use cookies on our website to give you the best online experience. Please know that if you continue to browse on our site, you agree to this use. You can always block or disable cookies using your browser settings. To find out more, please review our privacy policy.

About


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Comment Standards:
Comments are moderated and will not appear until the moderator has approved them.

Please submit appropriate comments. Inappropriate comments include content that is abusive, harassing, or threatening; obscene, vulgar, or profane; an attack of a personal nature; or overtly political.

In addition, no off-topic remarks or spam is permitted.

October 17, 2022

Webinars Address ATM Crimes, Financial Exploitation

ATM attacks don't generally appear in the news, despite their growing threat. As we've written before, these attacks can be both cyber and physical, and the physical attacks can be against both machine and the personnel servicing the machine. Another disturbing crime that may not appear enough in the headlines is the financial exploitation of senior adults. Two upcoming events in our Talk About Payments webinar series will give you the opportunity to learn more about these issues from the experts. The first, on November 3, covers ATM attacks. The second webinar takes place the following week, on November 10, and addresses the exploitation of seniors and community-based approaches to help mitigate vulnerabilities. More details about these webinars, as well as registration links, are below. We hope you will join us for both events.

November 3: ATM Attacks and Defenses
Because many financial institutions have closed or reduced the operating hours of many of their banking offices since the start of the pandemic, customer withdrawals of cash from ATMs have increased significantly. Unfortunately, the criminal element has shifted some resources to attacking ATMs and the personnel servicing them, including those who make currency deliveries. More than half of all ATM attacks in the United States involve thefts of the ATMs themselves, according to ATM Security Association data. The growth in dispenser jackpotting is also troubling. Because the methods of ATM crime can vary from city to city and month to month, it is critical that that ATM operators stay informed about current trends.

A panel of ATM experts join moderator David Tente, executive director of the ATM Industry Association, in discussing trends in cyber and physical attacks against ATM terminals and service personnel along with measures that can mitigate the risks. The panelists are:

  • Brenda Born, supervisory special agent, Federal Bureau of Investigation
  • Brad Moody, executive vice president of operations, Lowers & Associates
  • John Toneatto, vice president of security and investigations, Loomis

The webinar takes place on November 3 from 1 to 2 p.m. (ET). To participate in the free webinar, please registerOff-site link.

November 10: Financial Exploitation of Aging Adults
Did you know that more than 10,000 US adults turn 65 every day, and that many of them will be victims of financial fraud? Elder financial exploitation is a growing problem, according to the National Council on AgingOff-site link, which estimates financial losses of at least $36.5 billion dollars a year. With the rapidly aging population, we must identify and protect elderly citizens exposed to financial exploitation risks.

In the November 10 episode of our Talk About Payments webinar series, Drs. Thomas Blomberg and Julie Brancale, criminologists from Florida State University, describe the current research, theory, and policy responses associated with this growing social problem. They also address the patterns and variations of financial exploitation of older adults and discuss why some older adults may be more or less vulnerable than others. The presentation concludes with a discussion of areas in need of additional research and policy attention. Scarlett Heinbuch, a payments risk expert at the Atlanta Fed, moderates the discussion.

The webinar takes place on November 10 from 1 to 2 p.m. (ET). To participate in the free webinar, please registerOff-site link.

We encourage financial institutions, retailers, payments processors, law enforcement officials, academics, and other payments system stakeholders to join us for these informative webinars. You will be able to submit questions during the webinar. Please let your colleagues know about these webinars!

August 22, 2022

Not-So-Common Scams Result in Large Losses

We often write in this blog about the scams that criminals seem to favor at the time and describe defenses that targeted individuals or companies can use to thwart these scams. The most popular continues to be the broad category of advance fee scams. I thought it would be helpful to review two other types of financial scams that are not so frequent but that can result in large losses for victims.

Cashier's check fraud
A genuine cashier's check is a direct obligation of the bank that sells it. In a more innocent time, cashier's checks were viewed "as good as gold." Regulation CCOff-site link generally requires a bank to make the funds of a deposited cashier's check available the next business day, but a fraudulent cashier's check could take several days or weeks to be returned to the bank of first deposit.

Criminals use this time gap to their advantage. In some cases, the check is for the exact amount of the item being purchased, and the criminal departs with the goods. For remote purchases, the criminal may send the seller a cashier's check for an amount in excess of the purchase price: $1,500 instead of $1,000, for example. Then the criminal claims the amount was a mistake and asks the seller to send the merchandise as well as refund the overpayment. When the fraudulent check is returned, the seller is out not only the merchandise but also cold hard cash.

Fraudulent cashier checks can be very difficult to spot given the advanced technology of printers and graphics software. Here is some fraud prevention advice:

  • Accept a cashier's check only from someone you know or trust.
  • Never accept a cashier's check with an amount higher than the purchase price.
  • Consider using an escrow service instead of a cashier's check, where the goods are held by a trusted third party until the payment funds are fully verified.
  • Be aware of the difference between when funds from a cashier's check become available versus when the check finally clears.

You can find more information about cashier's check fraud on the website of the Federal Deposit Insurance CorporationOff-site link (FDIC).

High-yield investment fraud
In this type of scam, a fictitious financial institution or company, often located outside the United States, offers a risk-free, guaranteed return on a savings or investment instrument that is substantially above the market rate. The scammer claims to be able to achieve these returns by using sophisticated trading techniques involving "prime bank" financial instruments in foreign markets. Often, there is a promise that the funds are insured by a country's financial oversight agency or by the World Bank, a claim supported by certificates that look legitimate.

These scammers target their victims through advertisements in national and financial publications. They may also solicit victims with executive phishing attacks that have obtained contact information of high-net-worth individuals. The criminals assert that the victim will be part of an exclusive group and therefore should not discuss the investment with others, sometimes even requesting execution of nondisclosure agreements.

My prevention tip for this scam is to follow the old adage that "if it's too good to be true, it probably is."

If there are other financial scams that you think we should address, please let us know by leaving a comment.

August 15, 2022

AI Is No Silver Bullet in Fighting Fraud

A sobering report just out from the Federal Trade Commission (FTC) explores the current limits of artificial intelligence (AI, variously referred to as machine learning, automated decision systems, natural language processing, expert systems, neural networks, thinking machines, and more) for preventing online harms, including scams, fake product reviews, romance fraud, money laundering, revenge porn, hate crimes, and counterfeit product sales.

The report makes clear that the use of AI to prevent online scams is "in its relative infancy" and that AI as a standalone tool is no silver bullet for eliminating disinformation from social media platforms, identifying cloaked offers of child pornography, and selling illegal products, among other ills.

The FTC's June 2022 report, Combatting Harms through InnovationOff-site link, returns to the first principles of fraud prevention, which are useful to merchants and financial institutions fighting all types of online fraud, including payments fraud. In the nothing-new-under-the-sun-category, the report warns, "Greed, hate, sickness, violence, and manipulation are not technological creations, and technology will not rid society of them."

The report points out the trade-offs between increased use of AI to prevent harm and the likelihood that more surveillance could result in discrimination or censorship. With implications for the challenge merchants face in identifying potentially fraudulent actors while minimizing shopping cart abandonment, the report states, "Even with good intentions, use [of AI tools] can also lead to exacerbating harms via bias, discrimination, and censorship."

The report lists eight principles for applying AI and various automated tools. Here are three with particular importance for fighting payments fraud:

  1. Human intervention is vital. When using automated tools, humans can prevent the sorts of unintended consequences that—at their most extreme—went on with the computer Hal, who very nearly murdered his human handlers in 2001: A Space OdysseyOff-site link.
  2. AI tools must be transparent to the people they affect. Merchants and financial institutions must be able to explain decisions to customers and potential customers.
  3. Businesses that use AI for decision making must be accountable for errors.

You can read the other five principles in the report, which is deeply skeptical of the wholesale application of this technology in its current state: "One caveat for consumer protection or competition enforcers, however, is that it makes little sense to use limited resources to obtain any AI tools without having already decided what exactly to do with them."

Another useful resource from ACAMS Today: "Your AI Cheat Sheet: Key Concepts in Common Sense TermsOff-site link."

The payments industry has benefited greatly from new technology over the decades. Check imaging, contactless pay, online payments all come to mind. As these examples show, advances in technology can provide many benefits, and, as Hal reminds us, adoption of new tools must move forward with a careful eye to not only benefits but also risks. As always, Take On Payments will continue to report objectively on payments technology.

July 11, 2022

Drawing the Line on Consumer Protection

Consumer protection regulations are designed to ensure that consumers are treated fairly in their dealings with a business. But what is fair from the perspective of the consumer is often quite different from that of the business when there is a dispute.

This post was triggered when I read an article about a series of lawsuits filed by consumers hoping to gain class-action status against financial companies in situations where the consumer has authorized an immediate payment from their account to someone who later turned out to be a fraudster. The consumers claim that they should be reimbursed by the financial institution because they were scammed.

Regulation E Adobe PDF file formatOff-site link is quite clear on where the line is drawn as to the customer's liability in an electronic transaction. If the transaction is unauthorized, the customer's liability is generally zero as long as they report the transaction within a specified amount of time. The regulation is very specific in its definition of unauthorized: "an EFT from a consumer's account initiated by a person other than the consumer without authority to initiate the transfer and from which the consumer receives no benefit." In the cases discussed in the article I read, the consumers admit that they voluntarily initiated the push payment transactions, so the financial institutions appear to be justified in denying reimbursement because the transactions did not meet the definition of "unauthorized" and therefore the liability protections of Regulation E did not apply.

In a late 2021 post, I wrote about how banks in the United Kingdom have adopted a Contingent Reimbursable Model (CRM) that could give customers who are victims of authorized push payment scams some financial relief. The debateOff-site link within the United Kingdom as to how equally the CRM is applied continues to this day, with consumers claiming that it doesn't go far enough to ensure that financial institutions fairly and uniformly evaluate a consumer's claims.

As push payment usage continues to increase in the United States, is there a need to redraw the line by implementing regulations that will give greater protection to consumers in such scams? While I am empathetic toward those who suffer these financial losses, I believe the payments industry has made a reasonable and good faith effort to educate customers when they should use authorized push payments and when they should not. What do you think?