Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Take On Payments

August 27, 2012

Mind the Gap: PIN versus Signature Authentication

In a January post, Portals and Rails considered the difference in fraud rates for payments using signature versus those using PIN authentication. Based on the data at hand, we concluded that "financial institutions have significantly more exposure to fraud losses from card payments with signature authentication than those from PIN authentication." The just-released PULSE Debit Issuer Study reveals that in 2011 the gap in loss rates between signature and PIN debit transactions has widened further. Issuers lost an average of three cents per signature debit transaction compared to less than one-half of one cent on PIN transactions.

Debit Card Issuer Loss Rates

Fraud is a concern for issuers
According to the study, which was conducted by the consulting firm Oliver Wyman on 57 banks and credit unions, 74 percent of large financial institutions (asset size greater than $10 billion) and 90 percent of small institutions (asset size under $10 billion) view fraud as a major challenge for 2012. Looking deeper into 2012 fraud concerns, 54 percent of issuers, regardless of their size, expect signature debit fraud to increase, while only 37 percent of issuers expect an increase in PIN debit fraud levels.

With fraud being of such high concern to issuers, I expected EMV card issuance to be high on their priority list, but that is not the case. In fact, 71 percent of the financial institutions have no immediate plans to issue EMV cards. In the past, we've highlighted some of the many possible ways to do an EMV implementation—according to the study, these unknowns of a U.S. EMV implementation have many financial institutions taking a "wait-and-see" approach.

Of particular note, issuers are interested in knowing if PIN authentication will become mandatory or if it will continue to coexist with signature authentication. Hopefully, this issue and others surrounding EMV implementation will soon be addressed by the industry through the recently announced collaborative EMV Migration Forum created by the Smart Card Alliance. The sooner these issues get sorted out, obviously, the better, as signature debit card fraud is showing no signs of slowing down.

Douglas A. KingBy Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

August 27, 2012 in chip-and-pin, crime, EMV, fraud | Permalink


Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

July 16, 2012

Oh, SNAP! Benefit trafficking costs millions

As I watched the local evening news several weeks ago, one particular story caught my attention. A local convenience store owner had been arrested for the repeated abuse of the Supplemental Nutrition Assistance Program (SNAP), formerly known as the food stamp program. The store owner allowed SNAP recipients to exchange their electronic benefit transfer (EBT) cards for such items as cigarettes and alcoholic beverages, charging a premium of anywhere from 25 to 50 percent of the items' values. This type of SNAP fraud is known as "trafficking." Another form of trafficking fraud occurs when the program recipients sell their cards on the black market in exchange for cash. These cards are then reported as lost or stolen, so recipients receive a replacement card.

Upon performing an Internet search on this topic the next day, I was surprised to discover that SNAP trafficking is actually a $300 million-a-year problem. According to a 2011 report of the USDA Food and Nutrition Service, trafficking diverted an estimated $330 million annually from SNAP benefits, or about one cent for each SNAP dollar redeemed. Interestingly, this figure is down significantly from earlier reports published by the USDA. In 1993, trafficking resulted in more than $800 million of fraud, or nearly four cents per SNAP dollar redeemed. Since the first report, the trafficking rate has fallen, leveling off at its current rate of 1 percent. Still, fraud levels for this EBT program are significantly higher than for general purpose credit and debit card cards.

The main reason for this decline has been the electronification of the old food stamp program. During the mid to late 1990s, some states began replacing food stamps with EBT cards. And since June 2004, all states have used EBT cards to distribute SNAP funds.

Though taking this program from paper payments to plastic payments has dramatically reduced trafficking fraud, fraud is still an issue at 1 cent per dollar redeemed—so much so that the USDA recently proposed a new rule that would allow state agencies to deny replacement cards to recipients who make four replacement requests over a 12-month period.

The USDA's proposed rule is currently open for comment through July 30. I encourage anyone with thoughts or ideas on this particular rule and on trafficking fraud in general to make their voice heard and provide feedback to the USDA. The SNAP EBT fraud rate, which is substantially higher than credit and debit card fraud rates, is the burden of all taxpayers. What else can or should we do to further tackle this particular payments fraud?

Douglas A. KingBy Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

July 16, 2012 in crime, fraud, regulators | Permalink


Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

May 21, 2012

Cramming and bill-to-mobile payments: Managing the risk

An interesting market segment in the evolving mobile payments industry is bill-to-mobile payments, which is a service that permits wireless carriers to add charges to consumers' mobile phone bills for generally small-value transactions involving digital and virtual goods purchased over the Internet. At the same time, the telecommunications industry is accommodating the addition of more third-party charges to consumers' mobile phone bills. Naturally, fraudsters are finding opportunities to apply unauthorized charges to these bills, a practice known as "cramming." As bill-to-mobile services grow more popular, how do we mitigate the potential risk of this fraudulent activity?

Telecoms and bill-to-mobile services
Telecoms have license to add charges to bills for a variety of call-based services. The advent of bill-to-mobile as a type of mobile payment began as intermediary platform providers—namely, Zong and Boku—entered the market to facilitate payments from consumers to online merchants through mobile carrier billing. Even Facebook allows the purchase of Facebook credits for games and apps to be billed to the customer's mobile phone bill in lieu of a credit or debit card payment. These services have become hugely popular as an electronic micropayment solution alternative to credit and debit cards. This makes a lot of sense when you consider the younger demographic market segment for online games and their social reliance on mobile for day-to-day interaction.

Regulation and law enforcement
As mobile phone usage grows, the incidence of criminal activity is growing in lockstep. In fact, since deregulation of the telecommunications industry, according to one state's Department of Justice report, complaints about erroneous charges on telephone bills have grown. Crammers bet on consumers not reading their phone bills carefully, and thereby failing to notice an extra dollar or two fraudulently charged each month.

The Federal Communications Commission's (FCC) Truth-in-Billing rule requires that telecom firms organize bills clearly by complying with specific requirements, such as including "clear and conspicuous notification" of charges that would be apparent to a reasonable consumer and that the name of the merchant associated with each charge is clearly identified on the bill. It also requires that the bill contain clear and conspicuous disclosure of inquiry contacts in the event of a billing dispute so that the consumer will know who to contact to dispute unauthorized charges.

While the FCC's rule might not have envisioned a mobile-payment-enabled environment and associated charges for financial services, the rule should provide adequate consumer protections for victims of phone bill cramming.

Managing the cramming risk for mobile payments
Currently, U.S. wireless carriers are limiting bill-to-mobile services to micropayments for virtual and digital goods. Purchases are typically limited to $100 a month because so far the carriers have not demonstrated an appetite for managing credit risk. Telecom firms generally resolve complaints quickly, as the cost associated with time spent by staff devoted to error disputes far exceeds the value of the charge in a complaint. As these services grow, however, this may not always be the case.

With appropriate consumer protection regulation in place, risk mitigation lies with the consumer, who should consider the following steps to protect against cramming:

  • Read your bill monthly, just as you would a credit card bill.
  • Be alert for changes in your bill, particularly those with language including words like "activation" and "service fee."
  • Address irregularities as soon as possible. The FCC's Truth-in-Billing rule requires phone bills to include a toll-free number to make it easy for a consumer to quickly report a dispute about a charge.

Cindy MerrittBy Cynthia Merritt, assistant director of the Retail Payments Risk Forum

May 21, 2012 in crime, mobile payments | Permalink


TrackBack URL for this entry:

Listed below are links to blogs that reference Cramming and bill-to-mobile payments: Managing the risk:


Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

November 7, 2011

International Fraud Awareness Week is here

According to the Association of Certified Fraud Examiners (ACFE), organizations worldwide lose roughly 5 percent of annual revenues to fraud. That's huge. A theme that we return to again and again in Portals and Rails is the fact that technology is making our lives—including the ways we transact consumer payments—more efficient and secure. But these new technologies also offer fraudsters new and sometimes better ways to perpetrate crime.

Fraud Awareness WeekIn an effort to promote fraud awareness and education, starting November 7, the ACFE is sponsoring International Fraud Awareness Week, a "time dedicated to fraud awareness, detection, and prevention." So in keeping with this theme, we are using this space to refocus on some of the issues around payments fraud in the United States.

U.S. payments fraud is on the rise but hard to measure
Unlike other countries, the United States does not have a single, uniform repository for collecting fraud loss data. Industry analysts primarily base their concerns about the industry on anecdotes from law enforcement, financial intelligence agencies, and regulators. In addition, recent media accounts of check fraud, corporate account takeovers, payment card breaches, card payment terminal skimming, and the like leave no doubt that in the retail payments arena, leave no doubt that the problem of fraud is universal and growing.

Also validating the growing concern are proxies such as fraud surveys from organizations like the American Bankers Association (ABA), which measures deposit account fraud in banks, and the Association for Financial Professionals, which works with corporations to measure their fraud loss experience. However, more information may be needed as payment systems grow more complex, provide new alternative solutions and access new electronic channels.

Internal fraud is growing globally
The global economic downturn has led to an increased incidence of payments fraud. Sometimes financially distressed employees—rationalizing their behavior in light of dire circumstances—commit frauds within a business, effectively stealing from their employers. For example, employees in financial institutions who have access to large amounts of customer data may use their insider access to commit fraud. In one of our podcasts, an expert noted that internal fraud is more growing more common—and complex—as criminal rings increasingly place their people within legitimate organizations, where they can then steal data. Once they have the data, they can use it to commit a variety of frauds, including identity theft and payment crimes, such as card counterfeiting and counterfeit checks, to name just a few.

Fraud awareness week highlights old-school solutions
The International Fraud Week web page highlights resources for fraud prevention and education that businesses and consumers can tailor to their own particular needs. For example, the site offers a link to a Fraud Prevention Check-Up, which provides a framework for business to assess their risk and evaluate the strength of their fraud mitigation environment. Another anti-fraud resource is a presentation with tips to help organizations prevent and detect fraud.

To that same end, Portals and Rails in an earlier blog offered a recommendation for businesses to be proactive by adopting relatively simple control processes. For example, basic checklists like the one that follows can help organizations comply with ACH rules and regulations, avoid human error, and reduce fraud.

Electroic Payment Checklist

International Fraud Awareness Week activities
To help raise awareness around fraud, the ACFE recommends that businesses participate year round in its blog and in other social media initiatives, such as forums for dialoguing and sharing ideas on fraud detection and mitigation. It also suggests that organizations spread the word to colleagues and clients about International Fraud Awareness Week and the resources available to promote strong fraud risk management program development.

One thing we know for certain, and can't say enough, is that our payment systems are growing more and more complex, in terms both of sophisticated technologies and of multiple new nonbank service partners entering the mix. With this constant change and development, the payment distribution chain will undoubtedly contain more points of potential vulnerability to risk and fraud. Taking basic preventive measures and increasing industry awareness through the activities and resources highlighted during International Fraud Awareness Week can go a long way to combating payment-related risks and fraud.

Cindy MerrittBy Cynthia Merritt, assistant director of the Retail Payments Risk Forum

November 7, 2011 in crime, fraud, identity theft, payments risk, payments systems | Permalink


Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

October 17, 2011

As payments system evolves, "funny" money is still no laughing matter

Counterfeit money in the United States has been in circulation since colonial America. During the Revolutionary War, counterfeiting of Continental American money became so rampant that the currency became worthless. Hence, the phrase "not worth a Continental" was born. Counterfeiting continued after the country's independence from the British, so the government established the U.S. Secret Service in 1865 to suppress it. It was only later that the agency was also tasked with the highly visible and publicized mission of protecting national leaders, most notably the president, and visiting foreign leaders.

Since the establishment of the Secret Service, payment types have advanced from paper bills to checks and card-based payments. Alongside the advancement of our nation's payment methods, the security features of each payment type are evolving to combat attempts at counterfeiting. Yet today, 111 years after the Secret Service was established, counterfeiting remains a threat to the U.S. payments system. This blog examines the security technological advances currently deployed and those in development to fight counterfeiting schemes in consumer payments.

Counterfeit currency
In 1865, approximately one-third of all currency in circulation was counterfeit. Today, counterfeit currency is estimated to represent only 3/100ths of 1 percent of total currency—yet the crime of counterfeiting currency remains popular. According to its Fiscal Year 2010 Annual Report, the Secret Service made more than 3,000 domestic and international arrests for counterfeiting offenses in 2010, resulting in the removal of more than $261 million in counterfeit currency from circulation. This amount is an increase of more than 150 percent from the 2008 level of $103 million. Continued advancements in computer and printing technologies aid counterfeiters in producing hard-to-detect counterfeit bills. It is also important to note that counterfeit bills do not have to be perfect. These bills just need to be good enough for the counterfeiters to exchange once to another party to be deemed successful.

To mitigate the production of counterfeit currency and to help detect it, the U.S. Department of the Treasury constantly enhances paper currency's security features. Newer features such as color-shifting ink, watermarks, and security threads have made paper currency more difficult for criminals to counterfeit accurately.

Counterfeit checks
Much like paper currency, checks became an important payment instrument in the United States following the Revolutionary War. And as is the case with paper currency, checks are also a common target for counterfeiters. Even as check usage continues to decline, check fraud continues to increase and remains one of the largest threats to businesses today, according to the 2011 AFP Payments Fraud and Control Survey: Report of Survey Results. Also according to this report, the counterfeiting of nonpayroll checks using an organization's MICR line data remains the most widely used technique to commit check fraud.

Counterfeit cards
Since the first credit card was introduced in the United States in 1958, card-enabled debit and credit payments have become many consumers' preferred payment methods. But just as payments migrated from paper to electronic methods such as debit and credit cards, counterfeiting fraud schemes have shifted from paper as well. Today's payments fraud-related headlines are flooded with stories of card-skimming schemes to produce counterfeit cards. Fraudsters are using skimming devices on point-of-sale (POS) terminals and at ATMs to capture card numbers. As my colleague Cynthia Merritt previously discussed in an earlier post, these skimming devices are becoming more sophisticated. According to Verizon's 2011 Data Breach Investigations Report, tampering of ATMs and POS terminals accounted for 98 percent of physical data breaches in 2010. The report notes that these tampering attacks, which have been occurring for years, are on the rise.

Despite the continued evolution of payment types and their corresponding security features, counterfeiters persist in finding ways to harm the payments system, regardless of payment type. Although the industry can and should strive to eliminate the success of counterfeiters, history shows us that the task is all but impossible. It will be very interesting to see the effect that new security enhancements as they develop will have on counterfeiting trends in the United States. For me, I am eagerly anticipating the effect that dynamic data chip-enabled transactions will have on the skimming and counterfeiting of payment cards should the industry adopt the technology.

By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

October 17, 2011 in check fraud, crime, fraud, payments systems | Permalink


TrackBack URL for this entry:

Listed below are links to blogs that reference As payments system evolves, "funny" money is still no laughing matter:


Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

September 6, 2011

Using data mining to catch suspected financial wrongdoers

The seemingly inconsequential disclosure of a phone number or ZIP code to a store clerk can ultimately end up far away from where it was first shared, especially if it is used for data mining purposes. Data mining is the use of computer-based analytic tools that sift through large collections of data searching for patterns based on statistical techniques. Often times, data records containing personal identifiers are compiled from many sources and transferred to third parties for data analysis.

The information collected and stored in large databases can be used to detect suspicious spending patterns or to uncover improper spending of federal relief funds. Often, the results of the analysis lead to the detection of overall trends or patterns that reveal unusual activity and other specific parameters. While some data mining techniques are used to help with national security, others are in place to help combat financial fraud.

Federal agencies
The Federal Agency Data Mining Reporting Act requires federal agencies to submit reports periodically to Congress informing them of their data mining activities. For instance, two bureaus of the Department of the Treasury regularly engage in data mining activities: the Internal Revenue Service (IRS) and the Financial Crimes and Enforcement Network (FinCEN). The IRS mines financial data to predict which individual tax returns have the greatest potential for fraud and which corporations are most likely to make improper use of tax shelters. FinCEN focuses its data mining on money laundering activities and other financial crimes.

Both agencies use similar data mining technologies that include a database that reviews aggregate Bank Secrecy Act (BSA) forms and information. However, because BSA reports—such as the Suspicious Activity Report and Currency Transaction Reports—do not on their own reveal potential underlying criminal activity, FinCEN, for instance, may also query other law enforcement databases for further data on suspicious trends or patterns indicative of anomalous or illicit activities.

Data mining limitations
While data mining can reveal helpful patterns and trends, it has inherent limitations. For example, data mining cannot identify the underlying cause of the identified patterns and trends. The user must determine the significance of the data collected and must be able to draw relevant and accurate inferences.

A significant drawback to using commercial data is the possibility that the data contain errors or is of poor quality—it may be duplicative, for example, or dated. The accuracy, timeliness, and completeness of the data and analysis of the data are important. Drawing erroneous or adverse inferences about any individual can quickly become problematic. According to the Treasury's data mining report, FinCEN uses checks and balances in its data mining and analysis to ensure that the data is used only by authorized agencies and for statutorily authorized purposes.

Interpreting the data
Large aggregated collections of information are valuable intelligence resources. It is important to understand how and why access to such information is valuable. Sophisticated information retrieval techniques such as data mining allow users to search extremely large collections of data for trends and patterns and to zero in on particular transactions of interest. The information collected can also help law enforcement agencies identify emerging financial criminal trends. However, it is prudent to keep in mind that the initial data gathered many times only serves as lead information, and it may not be that until further analytical and investigative steps are taken that the information can ultimately work to help catch financial wrongdoers.

Photo of Ana Cavazos-WrightBy Ana Cavazos-Wright, senior payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed


September 6, 2011 in crime, fraud | Permalink


Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

August 29, 2011

Seeing what dimly lies in the distance: Parting thoughts on addressing payments system risk

As this post for Portals and Rails runs, it is likely that my concerns about fraud may be starting to center on whether the manufacturer's claims about the bass lure I am using are fraudulent. I guess that's a way of saying that on August 31, I will officially retire after 38 years with the Federal Reserve, an extraordinary organization faced with extraordinary challenges across the three legs of its mission responsibilities: monetary policy, bank supervision and regulation, and payments services. I have been blessed to have had so many challenging and diverse experiences through the years, including the last two years directing the fascinating work of the Retail Payments Risk Forum. Learning about the risks in our payments system, marveling at the entrepreneurship of those who want to exploit its weaknesses to commit fraudulent activity, and working with the industry to try to find ways to mitigate those risks has been both interesting and exhilarating.

Clearly such work is never done and the constant arms race to stay ahead of the bad guys in a technology-centric payments world is not likely to abate. My hope is that those who read this column continue to support the work of the Forum, its outstanding staff, and its new leader. But even more importantly, my hope is that the industry continues to make progress in collaboratively addressing the needs of our payments system in difficult times when investment dollars are scarce and tough choices must be made. At the risk of waxing philosophic, it is with all this in mind that I leave the following thoughts for others to consider and hopefully run with.

First, as an industry, we need to push our leaders to understand that the paradigms of success today are not those that served us well 10 years ago. The payments system is now a global infrastructure, and purely domestic solutions to managing fraud will not work. Business models for success changed with the advent of the Internet and they will change again with the evolution of mobile technology. A corporation's worst nightmare may be riding a train in Eastern Europe while simultaneously cleaning out a bank account in the United States. This means that it will inevitably be harder to implement solutions, but imminently necessary to extract ourselves from domestic thinking while building partnerships across the globe.

Second, standards are the key to long-term progress in such an environment. Certainty about what standards frees markets to invest in developing solutions to payments problems in a competitive environment that encourages escalating performance. Hence, we must give a lot of attention to doing the work in the basement rooms where standards folks work. While I suppose that revenue opportunities may abound for the entity that owns the standards, companies that are able to depend on standards to deliver risk management systems and products greatly reduce their cost of development and ongoing operations.

Third, it would be useful to clarify the roles of the many government (and sometimes private sector) groups that must engage in the business of protecting our payments system. The Forum and colleagues from the Boston Fed have been engaged in an ongoing effort with mobile payments that has demonstrated to us that nobody wants this clarity more than a frequently confused marketplace. While they long for integrated operations, integrated law, and integrated technology, it is integrated oversight that would help clarify who is responsible for what, encourage collaboration and sharing, and expose gaps in coverage that bad actors can exploit.

Fourth, in recent industry meetings I have heard payments professionals lament that a big part of our problem is that customers—both consumers and businesses—are not well educated in how to protect themselves against fraud. The discussion concerning who should be responsible for providing the education, however, resembles a group of folks juggling a hot potato. My suggestion is that financial institutions (individually or collectively through their trade associations) are the one party that touches both user groups and that stepping up and assuming the leadership role in payments education would not only be a great service but might actually be an endearing customer relationship and retention strategy.

Finally, as an industry we seem to be struggling to establish a vision for the future. On a wall at a recent meeting room, I read a quote by Thomas Carlyle that said, "Our main business is not to see what dimly lies at a distance, but to do what lies clearly at hand." Carlyle (who is credited with calling economics the "dismal science") may have had a point when he wrote this in the mid-19th century, but today the future comes at us so fast, it seems to me that we have to constantly keep our eye on what lies vaguely in the distance and create a vision for the future that embraces the possibilities. Said differently, it may be useful to create a vision for how we will collectively address future risks in the payments system even as we deploy new technology, rather than focusing on how to defeat the threats we already know.

With that, I wish our readership all the best and trust that perhaps our paths may cross again.

Photo of Rich OliverBy Rich Oliver, executive vice president of the Atlanta Fed and director of the Retail Payments Risk Forum

August 29, 2011 in collaboration, crime, payments, payments risk | Permalink


TrackBack URL for this entry:

Listed below are links to blogs that reference Seeing what dimly lies in the distance: Parting thoughts on addressing payments system risk:


Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

August 3, 2011

Fighting the rising tide of elder financial abuse

The successes and failures of law enforcement in fighting financial crime are big news here at the Retail Payments Risk Forum. Earlier this year, we highlighted the gains made in reducing identity theft in the United States. Unfortunately, one form of crime continues to grow despite law enforcement's best efforts: financial crimes targeting the elderly. Last month, MetLife released a report indicating that elder financial abuse is widespread and growing. The report estimated $2.9 billion in annual losses to victims. MetLife based these estimates on an analysis of news articles documenting crimes over two three-month periods in mid- and late 2010. Survey research conducted at Cornell confirms that this is a major problem in New York State, where an average 42 out of 1,000 elders were the victims of financial abuse. Furthermore, the report determined that victims reported fewer than 3 percent of incidents to authorities. While the rate of abuse remains subject to debate, fighting this grim crime is an ongoing battle for law enforcement and consumers.

Elder financial abuse encompasses a category of crimes including theft, confidence tricks, Medicare and Medicaid fraud, forgery, and coerced property transfers. AARP has broadly defined the crime as "the illegal or improper use of a vulnerable adult's funds or property for another person's profit or advantage." The abuse is often a betrayal of a trusted relationship, and the victims are left with emotional and psychological scars that leave them feeling even more vulnerable.

Older Americans at risk of telemarketing fraud
MetLife also conducted a literature review and victim interviews to determine why the elderly are particularly vulnerable to financial abuse. Factors include poor physical health and limited mobility, mental health weaknesses related to the onset of dementia or Alzheimer's, and social isolation. Those who are isolated may be particularly susceptible to manipulation by con artists, for example.

Older Americans disproportionately suffer from telemarketing fraud, a scam where the victim is tricked into agreeing to electronic payments for fraudulent transactions. The criminals on the other end of the line are completely shameless in their techniques to gain the victim's trust. Con artists have targeted victims by searching for surviving spouses in local obituary notices or by purchasing lists of contact information for those who have been previously victimized in similar attacks. Banks can also become entangled in this financial abuse if they are not vigilant. In 2008, Wachovia was forced to pay out $125 million to the victims of fraudulent telemarketing businesses.

Consumer education the best defense
Combating elder financial abuse requires educating potential victims about the risks. Part of Wachovia's settlement included funding for financial literacy programs aimed at seniors. However, it is clear from rising crime rates that education alone is not a cure-all. Regulators, law enforcement, and financial institutions must collaborate to create more effective preventative measures. As a starting point, MetLife has published some consumer tips for prevention, and I have consolidated the recommendations of several of the sources cited above:

  • Review financial statements and bills for unauthorized transactions.
  • Use direct deposit and online banking to prevent mail theft.
  • Sign your own checks.
  • Keep passwords and ATM/debit card PINs secret.
  • Review important documents like wills and insurance policies annually.
  • Do not send money to strangers contacting you over the phone or internet: if an offer sounds too good to be true, it probably is.
  • Be aware that abusers may be charismatic individuals or even someone you trust.
  • Do not be afraid or embarrassed to seek help if you've been the victim of financial abuse. The longer you wait, the worse the situation can become.

By Jennifer C. Windh, a payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed

August 3, 2011 in consumer fraud, consumer protection, crime | Permalink


TrackBack URL for this entry:

Listed below are links to blogs that reference Fighting the rising tide of elder financial abuse:


Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 28, 2011

The nitty gritty of money transfer operators (MTOs)

When a friend of mine was travelling across Cambodia last year, he had a common, yet frightening, experience of the solo voyager: his wallet was stolen. Luckily, despite the seeming remoteness of his beach vacation, there were several Western Union agents in Sihanouk Ville. His parents were able to send him enough cash to finish out his trip. While losing his identification was still stomach-gnawing, he at least had the money to pay for lodging, food, and transportation. The global reach of money transmitters offers a clear value to travelers and migrants, but may also be valued by those wishing to exploit the companies for more nefarious purposes.

The reach of MTOs across the globe is a remarkable business accomplishment. Western Union or MoneyGram agents can be in from the smallest American town to the remotest corners of the globe. Western Union currently boasts 445,000 locations worldwide, and MoneyGram offers another 227,000. This already expansive agent network is quickly growing, with Western Union adding 150,000 locations since 2007. These MTOs serve the financial needs primarily of migrants—a significant portion of the worldwide population—offering not only money transfers but also ancillary services like prepaid cards, money orders, and walk-in bill payment. Immigrants in any given country are often unbanked or underbanked, yet often need to send cash remittances to family back home. MTOs are able to charge a premium for services that customers see as reliable, fast, and private.

But how exactly are these international money transfers executed? In Western Union's case, agents take cash from remitters and enter confirmation of cash receipt into Western Union's messaging system. The agents also collect data on both the sender and recipient. On the receiving end, the recipient in most cases presents photo identification at his or her local agent to pick up the cash. Western Union net settles with agents at the end of the day via ACH, if that service is available in the country, or by wire otherwise. Western Union has some intraday credit exposure to the transaction, as they commit to reimbursing the receiving agent regardless of the sender's solvency at the end of the day. Therefore, a Western Union transfer consists of three different streams: the flow of information between the sending and receiving agents via their messaging system, the separate communication between sending and receiving customers, and the final flow of funds between Western Union and the agents. MoneyGram's system operates similarly, but typically at a somewhat lower price point.

What are the risks?
The primary concern of regulators and law enforcement vis-à-vis MTOs is the risk of illicit use—bad actors taking advantage of these global networks to launder money and finance terrorism. Unlike banks that establish long-term account relationships with their clients, MTOs offer one-off transactions with more limited customer data. Consequently, MTOs may lack the relationship-level depth of customer data that banks have access to for risk mitigation purposes. Western Union has proactively led anti-money laundering (AML) compliance efforts in response to such fears. In 2010 testimony to Congress, Western Union reported spending more than $35 million annually on AML compliance. Although MTOs are global in scope, regulatory oversight is inherently limited to specific jurisdictions, and therefore the firms must interact with many different regulators and law enforcement agencies. MTOs currently operate under a complex structure of state, federal, and foreign regulation. Western Union has advocated for more consolidated regulation at the federal level, which may be in the cards, as the new Consumer Financial Protection Bureau (CFPB) will have jurisdiction over MTOs. Of greater concern may be unregistered MTOs, which operate outside the rule of law, and against whom FinCEN regularly brings enforcement.

Another concern facing MTO regulators is fraud. Social engineers sometimes use MTOs to try to part victims from their money. For example, a scam artist might convince a victim that he or she has won a cash prize but must first send a money transfer to cover the taxes before collecting the winnings. Of course, after the target sends the irreversible transfer, he or she never sees any winnings. We have previously covered MoneyGram's remedial efforts in this area, and Western Union calls out this risk as a special concern in their annual report:

The remittance industry has come under increasing scrutiny from government regulators and others in connection with its ability to prevent its services from being abused by people seeking to defraud others.... [T]he ingenuity of criminal fraudsters, combined with the potential susceptibility to fraud by consumers during economically difficult times, make the prevention of consumer fraud a significant and challenging problem. (p. 27)

The global ubiquity that lies at the heart of MTOs' value proposition is also a key risk factor for illicit use and fraud, as criminals may leverage the systems to divert illicit gains outside the jurisdiction of their crimes. While some companies have recognized this risk and actively worked to mitigate it, others may need regulatory encouragement. How can we most effectively monitor such expansive entities? How can industry and regulators better collaborate to bring unregistered MTOs into compliance with existing laws? These questions will be increasingly important as the CFPB moves to more rationally and comprehensively supervise this dynamic industry.

By Jennifer C. Windh, a payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed

March 28, 2011 in crime, money services business (MSB), wire transfer fraud | Permalink


TrackBack URL for this entry:

Listed below are links to blogs that reference The nitty gritty of money transfer operators (MTOs):


Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 21, 2011

FinCEN proposed new rule addresses money-laundering risks in prepaid products

While prepaid payment products still represent a small percentage of today's electronic payments, their use is rapidly growing. According to the 2010 Federal Reserve Payments Study, the number of prepaid card transactions increased 21.5 percent each year from 2006 to 2009. Most prepaid payments are enabled by plastic cards, but today's technology can enable the same payment functionality in other form factors, including mobile phones.

As the market for these prepaid products continues to develop and grow, the Financial Crimes Enforcement Network (FinCEN) has been watchful of their potential money-laundering risk exposure and issued a proposed rule addressing various kinds of prepaid access devices. In its proposed rulemaking notice, FinCEN announced that the rule would cover not only cards but also such access devices as mobile phones, key fobs, and any other device that can serve as a portal to funds paid for in advance and allow a consumer to retrieve or transfer these funds.

Prepaid access devices and money laundering risks
Many of the same factors that make prepaid access devices attractive to consumers can make them vulnerable to criminal activity. For instance, the ease with which these devices can be obtained along with the potential for anonymity—which is the case with nonreloadable open-loop cards, for example—as well as the ease with which money can be loaded onto them can make them potential money-laundering vehicles.

To help identify potential risks related to prepaid access devices, FinCEN formed a subcommittee within their Bank Secrecy Act Advisory Group (BSAAG). The subcommittee has identified numerous risks, such as funding with cash from stolen credit cards and virtual money cards that allow individuals without a bank account to access illicit cash via ATMs globally. Some high-profile criminal activities have also surfaced, exposing some of these potential risks.

Because some products are perceived to be less likely than others to be used for money laundering, FinCEN has excluded certain prepaid access devices from its rulemaking, including payroll cards, government benefit cards, heath care access cards, closed-loop cards, and products that allow access amounts less than $1,000.

Disrupting, detecting, and deterring the illicit flow of funds
Disrupting the flow of funds can create a less-than-ideal environment for criminals attempting to conceal the sources of their illicit funds. FinCEN's proposed rule is one way to accomplish this disruption. By implementing additional systemic safeguards and filling gaps in the prepaid environment with stronger regulatory controls, the agency hopes to make it more difficult for criminals to use prepaid payments products for illicit purposes.

Ultimately, the goal of the proposed rule is to enhance the regulatory framework for prepaid access devices while finding ways to promote development and growth in the prepaid industry and discourage wrongdoers from misusing prepaid products. For now, FinCEN's final rule is pending release, but if it is adopted as proposed, it would expand Bank Secrecy Act compliance obligations to prepaid access devices beyond plastic prepaid cards to include emerging prepaid products.

Photo of Ana Cavazos-WrightBy Ana Cavazos-Wright, senior payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed

March 21, 2011 in crime, fraud, money laundering, payments risk, prepaid | Permalink


TrackBack URL for this entry:

Listed below are links to blogs that reference FinCEN proposed new rule addresses money-laundering risks in prepaid products:



My research suggests that these proposed rule changes will have a significant negative impact on the prepaid market and yet I am unable to find anyone in the prepaid industry that believes these proposed rules will prevent most of the crimes you identified. In particular the "high-profile criminal activity" you identified is explicitly not prevented by these proposed rules since payroll cards are excluded.

If FinCEN were to document how these proposed rules would prevent specific criminal activities, I think it is likely the prepaid industry could prove FinCEN wrong. More importantly, if FinCEN were to work directly with the industry, I am positive more effective solutions could be identified that would cause far less disruption to the prepaid market.

Preventing disruption is important because these prepaid products are the best hope for providing low cost access to financial services for the unbanked and under served. Even as the FDIC decries the lack of affordable financial services for Low & Moderate Income families, FinCEN proposes new rules that I believe will greatly increase the cost associated with delivering financial services to that same audience -- but likely with no benefit to law enforcement.

Posted by: Timothy Sloane | March 22, 2011 at 02:32 PM

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

Google Search

Recent Posts



Powered by TypePad