About


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Take On Payments

April 22, 2019


The Prepaid Rule: All Jokes Aside

A payments compliance rule took effect this year on April Fools' Day, and it occurred to me that when a compliance deadline is approaching, you might not feel like joking around. The Prepaid Accounts Final Rule was issued a few years ago, in 2016, but after a number of postponements, its effective date is finally behind us.

The rule standardizes disclosures, error resolution procedures, consumer liability limits, and access to records. These changes are intended to provide comprehensive consumer protections for prepaid accounts under the Electronic Fund Transfer Act, or Regulation E. The rule is fairly comprehensive, but for the sake of brevity, I'm going to look at only a couple areas of the rule—those that stand out to me.

Consumers can now expect protections over their transaction accounts regardless of whether the account is offered directly by a traditional financial institution or by a third party, such as a fintech or merchant, as they make electronic payments (debit, prepaid, ACH). Also, fintech companies that allow consumers to store funds or are thinking about adding that ability may want to prepare themselves to be designated as prepaid services providers and therefore subject to the regulatory and licensing requirements that go along with that designation. To that point, I am not surprised to see several big names recently listed on the FinCen Money Service Business Registration as "Providers of prepaid access." (To see the list, scroll down the web page to the MSB registration form; on the MSB ACTIVITIES field, click the down arrow to open the dropdown list; select Provider of prepaid access and click the Submit button.)

Established prepaid issuers have long been preparing for the new prepaid rule despite the stops and starts of an effective date and the uncertainty about some of its key provisions. Because consumers open prepaid accounts in a variety of ways—from starting a new job to purchasing prepaid cards at a retail checkout lane—it can be difficult to accommodate the disclosure requirements, such as those for listing fees, that the prepaid rule prescribes. Most issuers have changed product packaging to accommodate the new disclosures. These changes required complicated logistics coordination for the prepaid supply chain to replace old, noncompliant inventory with new, compliant card packages. Some issuers are still grappling with how to list types of fees that may not apply to their particular account program.

Many issuers had already been providing some level of consumer protection from unauthorized transactions before the rule requirement took effect. Now there will be a standard expectation. Limited liability and error resolution benefits need apply only to customers who have successfully completed the identification and verification process, if there is one for their particular program. Regulation E's error resolution and limited liability requirements do not extend to prepaid accounts (other than payroll or government benefit accounts) that have not completed the verification process, one of the key revisions after the rule's initial issue.

The rule will change the way we categorize prepaid services. For instance, in the past, discussion around prepaid products focused on whether the product was open- or closed-loop, and whether it was reloadable or nonreloadable. While those characteristics still exist, they are not necessarily a determinant as to whether the rule applies to a particular product or not. There are clear exclusions for certain products like those that are marketed and labeled as gift cards, health care savings cards, or disaster relief cards. However, even if a product doesn't have "prepaid" on its label, it may still fall under Regulation E. Coverage extends to asset accounts that consumers can use to conduct transactions with multiple, unaffiliated merchants for goods or services, to pull cash from automated teller machines, or to make person-to-person transfers.

For both incumbents and those finding themselves new in prepaid, it has been no joke to prepare to comply with the new rule. Despite the extra burden, do you think we will look back on this milestone favorably in the future? I think the new prepaid rule will lead to strengthening trust and confidence in these products. The Consumer Financial Protection Bureau (CFPB) pledges to be vigilant in evaluating new rules. Moreover, the CFPB is required to submit a formal evaluation five years following a rule's effective date. The industry should be ready to help measure the rule's impact.

Photo of Jessica Washington By Jessica Washington, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

April 22, 2019 in fintech, prepaid, regulations | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 25, 2019


Safeguarding Privacy and Ethics in AI

In a recent post I referred to the privacy and ethical guidelines that the nonprofit advocacy group EPIC (Electronic Privacy Information Center) is promoting. According to this group, these guidelines are based on existing regulatory and legal guidelines in the United States and Europe regarding data protection, human rights doctrine, and general ethical principles. Given the continued attention to advancements in machine learning and other computing technology advancements falling under the marketing term of “artificial intelligence” (AI), I thought it would be beneficial for our readers if we were to review these guidelines so the reader can assess their validity and completeness. The heading and the italicized text in these guidelines are EPIC’s specific wording; additional text is my commentary. It is important to point out that neither the Federal Reserve System nor the Board of Governors has endorsed these guidelines.

  • Right to Transparency. All individuals have the right to know the basis of an AI decision that concerns them. This includes access to the factors, the logic, and techniques that produced the outcome. EPIC says the main elements of this principle can be found in the U.S. Privacy Act and a number of directives from the European Union. It is unlikely that the average person would be able to fully understand the complex computations generating a decision, but everyone still has the right to an explanation of and validation for the decision.
  • Right to Human Determination. All individuals have the right to a final determination made by a person. This ensures that a person, not a machine, is ultimately accountable for a final decision.
  • Identification Obligation. The institution responsible for an AI system must be made known to the public. There may be many different parties that contribute to an AI system, so it is important that anyone be able to determine which party has overall responsibility and accountability.
  • Fairness Obligation. Institutions must ensure that AI systems do not reflect unfair bias or make impermissible discriminatory decisions. I understand the intent of this principle—any program developed by a person will have some level of inherent bias—but how is it determined that the level of bias has reached an “unfair” level, and who makes such a determination?
  • Assessment and Accountability Obligation. An AI system should be deployed only after an adequate evaluation of its purpose and objectives, its benefits, as well as its risks. Institutions must be responsible for decisions made by an AI system. An AI system that presents significant risks, especially in the areas of public safety and cybersecurity, should be evaluated carefully before a deployment decision is made.
  • Accuracy, Reliability, and Validity Obligations. Institutions must ensure the accuracy, reliability, and validity of decisions. This basic principle will be monitored by the institution as well as independent organizations.
  • Data Quality Obligation. Institutions must establish data provenance, and assure quality and relevance for the data input into algorithms. As an extension of number 6, detailed documentation and secure retention of the data input help other parties replicate the decision-making process to validate the final decision.
  • Public Safety Obligation. Institutions must assess the public safety risks that arise from the deployment of AI systems that direct or control physical devices, and implement safety controls. As more Internet-of-Things applications are deployed, this principle will increase in importance.
  • Cybersecurity Obligation. Institutions must secure AI systems against cybersecurity threats. AI systems, especially those that could have a significant impact on public safety, are potential targets for criminals and terrorist groups and must be made secure.
  • Prohibition on Secret Profiling. No institution shall establish or maintain a secret profiling system. This principle ensures that the institution will not establish or maintain a separate, clandestine profiling system to assure the possibility of independent accountability.
  • Prohibition on Unitary Scoring. No national government shall establish or maintain a general-purpose score on its citizens or residents. The concern this principle addresses is that such a score could be used to establish predetermined outcomes across a number of activities. For example, in the private sector, a credit rating score can be a factor not only in credit decisions but also in other types of decisions, such as for vehicle, life, and medical insurance underwriting.
  • Termination Obligation. An institution that has established an AI system has an affirmative obligation to terminate the system if human control of the system is no longer possible. I refer to this final principal as the “HAL principle” from 2001: A Space Odyssey, where the crew tries to shut down HAL (a Heuristically programmed ALgorithmic computer) after it starts making faulty decisions. A crew member finally succeeds in shutting HAL down only after it has killed all the other crew members. HAL is an extreme example, but the principle ensures that an AI system’s actions do not override or contradict the actions and decision of the people responsible for the system.

On February 11, 2019, the president signed an executive order promoting the United States as a leader in the use of AI. In addition to addressing technical standards and workforce training, the order called for the protection of “civil liberties, privacy, and American values” in the application of AI systems. As the development of AI systems increases pace, it seems important that an ethical framework be put in place. Do you think these are reasonable and realistic guidelines that should be adopted? Do you think some of them will hinder the pace of AI application development? Are any principles missing?

Let us know what you think.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

March 25, 2019 in emerging payments, fintech, innovation | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 18, 2019


The Patriots of the Payments Landscape

Last February, the New England Patriots and their future first-ballot Hall of Fame quarterback, Tom Brady, won their sixth Super Bowl title since 2002. Over this 17-year period, they have played for the National Football League title nine times. In college football, a similar scenario has emerged, with two teams (the University of Alabama and Clemson University) winning seven out of the last 10 collegiate football national titles. It is proving to be very difficult to upend the dominant players in this sport, and many football fans and pundits believe that such domination makes the overall sport less interesting (especially if your favorite team isn’t Alabama, Clemson, or the Patriots). They think it’s bad for the sport and argue it would be better to see more variety in championship teams. As I think about that perspective, my mind drifts to a payments conversation that I am often a part of in both business and social settings: Where are payments going to be in the next three to five years?

While it would be much "more entertaining" in my social settings to be able to discuss some great shift in payments on the horizon, the fact is that right now payments is in a place similar to football’s. Card-based payments are sitting on top of the non-cash-based payments world and will be difficult to dethrone anytime soon. According to the Federal Reserve Payments Study 2016 (the last report that provided annual estimates for both automated clearinghouse (ACH) and check payments), card payments, by number of transactions, made up 72 percent of noncash payments. Now the latest figures from the payments study’s 2018 Annual Supplement report reveal that there were 123.5 billion card transactions in 2017, a figure representing robust growth of 10.1 percent from 2016. The report also highlights that, during this 2016–17 period, the number of network ACH payment transactions grew at an accelerated pace of 5.7 percent while large-institution check payments declined in number of transactions at an accelerated pace of 4.8 percent. The Federal Reserve is currently conducting its triennial payments study, which will provide updated national estimates on all noncash payments for 2018.

In the future, we might be dipping cards more often, tapping contactless cards, or even tapping our phones more, but it’s hard to envision a new payment channel making much headway in the next three to five years. Cards just have too big of a share and are experiencing accelerating growth. Consumers are not only accustomed to using them, but they also find that cards work very efficiently for them. And just like the football fans and pundits who talk or write about the need for different champions in the football world, payments professionals and pundits are enamored with writing about and discussing how blockchain, distributed ledger technology, faster payments, or some other brave, new technology are going to be the next frontier in payments. And you know, they might be right one day, but it’s not going to happen anytime soon, certainly not before Mr. Brady finds his way into the Hall of Fame.

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

March 18, 2019 in credit cards, debit cards, emerging payments, fintech, innovation | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 11, 2019


Payments Webinar Explores a Fintech Talent Gap

Developments in financial technology (fintech), as welcome as they may be, are pressuring one of our most valuable resources: our workforce. Not only are there not enough candidates experienced in new fintech, but also there is a growing gap between the skills employers want and the skills that employed professionals have.

As fast as fintech is moving, it is important not to be hasty when making talent development decisions. Now is the time to be strategic and intentional in evaluating the ways to bridge the fintech talent gap. Most new banking technologies, especially those that are payments related (whether they’re offered by a traditional financial institution or a non-bank entity), require a new approach to software and cybersecurity. With this in mind, a fundamental feature of workforce development is aligning education and training programs with real business needs.

In the next episode of our Talk About Payments (TAP) webinar series, our panel will explore the underlying emerging technologies that are essential core knowledge for the payments and fintech workforce. We will also explore initiatives that are under way to bridge the fintech talent gap. Our panel will include:

  • Jessica J. Washington, AAP, Payments Risk Expert, Federal Reserve Bank of Atlanta
  • James Senn, Founding Director, Georgia Fintech Academy
  • Allen Sautter, Information Security Officer, Federal Reserve Bank of Atlanta

We encourage financial institutions, merchants, fintechs, payments processors, law enforcement, academia, and other payments system stakeholders to participate. Participants will be able to submit questions during the webinar.

The webinar will take place on March 21, from 1 to 2 p.m. (ET). To participate in the webinar, you must register in advance (there is no charge). You can register here. Once you have registered, we will send you a confirmation email with the login and toll-free call-in information. You can direct questions concerning the webinar to David Lott at david.lott@atl.frb.org. We hope you will join us and be part of the discussion.

Photo of Jessica Washington By Jessica Washington, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

March 11, 2019 in emerging payments, financial technology, fintech, payments innovation, skills gap, workforce development | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

February 11, 2019


AI and Privacy: Achieving Coexistence

In a post early last year, I raised the issue of privacy rights in the use of big data. After attending the AI (artificial intelligence) Summit in New York City in December, I believe it is necessary to expand that call to the wider spectrum of technology that is under the banner of AI, including machine learning. There is no question that increased computing power, reduced costs, and improved developer skills have made machine learning programs more affordable and powerful. As discussed at the conference, the various facets of AI technology have reached far past financial services and fraud detection into numerous aspects of our life, including product marketing, health care, and public safety.

In May 2018, the White House announced the creation of the Select Committee on Artificial Intelligence. The main mission of the committee is "to improve the coordination of Federal efforts related to AI to ensure continued U.S. leadership in this field." It will operate under the National Science and Technology Committee and will have senior research and development officials from key governmental agencies. The White House's Office of Science and Technology Policy will oversee the committee.

Soon after, Congress established the National Security Commission on Artificial Intelligence in Title II, Section 238 of the 2019 John McCain National Defense Authorization Act. While the commission is independent, it operates within the executive branch. Composed of 15 members appointed by Congress and the Secretaries of Defense and Commerce—including representatives from Silicon Valley, academia, and NASA—the commission's aim is to "review advances in artificial intelligence, related machine learning developments, and associated technologies." It is also charged with looking at technologies that keep the United States competitive and considering the legal and ethical risks.

While the United States wants to retain its leadership position in AI, it cannot overlook AI's privacy and ethical implications. A national privacy advocacy group, EPIC (or the Electronic Privacy Information Center), has been lobbying hard to ensure that both the Select Committee on Artificial Intelligence and the National Security Commission on Artificial Intelligence obtain public input. EPIC has asked these groups to adopt the 12 Universal Guidelines for Artificial Intelligence released in October 2018 at the International Data Protection and Privacy Commissioners Conference in Brussels.

These guidelines, which I will discuss in more detail in a future post, are based on existing regulatory guidelines in the United States and Europe regarding data protection, human rights doctrine, and general ethical principles. They call out that any AI system with the potential to impact an individual's rights should have accountability and transparency and that humans should retain control over such systems.

As the strict privacy and data protection elements of the European Union's General Data Privacy Regulation take hold in Europe and spread to other parts of the world, I believe that privacy and ethical elements will gain a brighter spotlight and AI will be a major topic of discussion in 2019. What do you think?

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

February 11, 2019 in consumer protection, emerging payments, fintech, innovation, privacy, regulations | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

January 28, 2019


A Cryptocurrency Primer

Every day, my newsfeed is full of stories about cryptocurrency, blockchain, and distributed ledger technology. I even see stories on how we can create our own digital currency, a notion that conjures up for me visions of my face on a coin, just like suffragette Susan B. Anthony. Could my own digital currency, known hereafter as the NEDNote, become a reality? My husband is a software engineer, so the technical piece is covered, but maybe offering a primer on the history of cryptocurrency and its confusing and rapidly changing nomenclature is the best place to start before I launch the NEDNote into the cryptographic biosphere.

The concept of virtual currency as a substitute for fiat currency dates back to the 1980s, with David Chaum being credited with introducing digital cash. (Fiat currency, often referred to in cryptocurrency discussions, is legal tender backed by a government or central bank.) Although early attempts at virtual currencies were made in the late ’90s, the anonymous white paper published in 2009 under the pseudonym Satoshi Nakamoto is credited for creating the first decentralized cryptocurrency, Bitcoin, and the blockchain database. And with that paper, a new lexicon began to emerge, some of which I define here.

  • Cryptocurrency, short for cryptographic currency, is a subset of digital currency.
  • Cryptography in the cryptocurrency world refers to the algorithms that encrypt data for transmission. In the analog world, think how the Navajo language was used to transmit secure messages during World War II.
  • Distributed ledger technology (DLT) refers to the infrastructure that allows a repeated digital copy of data to be available at multiple locations. With DLT, transactions take place over a peer-to-peer network, and do not require the use of a central administrator to govern or validate the transaction, but rather employ consensus algorithms to replicate the data across locations.
  • Blockchain is a type of DLT that organizes records in blocks, which are then linked with cryptographic hashes to create the chain. Each block consists of these hashes, data, and a unique timestamp. Because no trusted source or authority exists for the blockchain, it is necessary that data somehow be validated before anything can be added.
  • Validation protocols include “proof-of-work” and “proof-of-stake,” the two primary methods of validating transactions on a blockchain.
    • Proof-of-work involves mining and timestamping, which are key validation computations. Mining both validates transactions and obtains new cryptocurrency. The mathematical calculations performed in the mining process build the hash function that links the block to the chain. Miners are rewarded with new cryptocurrency for their contributions to the validation process. Timestamping tracks historical changes made to the data contained in the block.
    • Proof-of-stake employs a consensus method to determine ownership of the cryptocurrency. This method requires less computing power to complete than does proof-of-work validation but does not reward miners with new currency.
  • A crypto wallet provider is a cryptocurrency storage service that is online (hot wallet) or offline (cold storage). Hot wallets are connected to the internet and are frequently hosted by an online exchange platform. Cold storage, which is not connected to the internet, is viewed as more secure.

For many years, my husband allowed the SETI Institute to harness the excess processing power of our home computers in the search for extraterrestrial intelligence, when we could have been mining for cryptocurrency and making the NEDNote a reality. In my next post, I’ll talk about how cryptocurrencies are exchanged and some of the associated risks.

Photo of Nancy-Donahue  By Nancy Donahue, project manager in the Retail Payments Risk Forum  at the Atlanta Fed

January 28, 2019 in currency, fintech, innovation | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

December 10, 2018


A Look in the Rearview Mirror of Payments for 2018

I'm sure just about everyone else in the payments industry would agree with me that 2018 was yet another exciting year for payments. The year was filled with a host of newsworthy events, but fintech most certainly took center stage in the financial services industry, including payments. Whether the news highlighted an announcement of a new product to increase financial access or discussed the regulatory challenges and associated concerns within the fintech space, it seemed that fintech made its way into the news on a daily basis. Still, for payments, 2018 will be remembered for more than just fintech.

The Retail Payments Risk Forum's last Talk About Payments webinar of 2018 will feature Doug King, Dave Lott, and Jessica Washington sharing their perspectives and memories on the year-in-payments in a round table discussion. Among the topics they will discuss are consumer payment preferences, the changing retail environment, and the state of fraud—and fintech, of course. We encourage financial institutions, retailers, payments processors, law enforcement, academia, and other payments system stakeholders to participate in this webinar. Participants will be able to submit questions during the webinar.

The webinar will be held on Thursday, December 20, from 1 to 2 p.m. (ET). Participation in the webinar is free, but you must register in advance. To register, click on the TAP webinar link. After you complete your registration, you will receive a confirmation email with all the log-in and toll-free call-in information. A recording of the webinar will be available to all registered participants in various formats within a couple of weeks.

We look forward to you joining us on December 20 and sharing your perspectives on the major payment themes of 2018.

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed


December 10, 2018 in banking regulations, banks and banking, crime, cybercrime, emerging payments, fintech, innovation, payments fraud | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

December 3, 2018


Building Blocks for the Sandbox

I just returned from a leave of absence to welcome my third child to this world. As I catch up on payments news, one theme emerging is the large number of state and federal regulatory bodies launching their own fintech sandboxes. Typically, these testing grounds allow businesses to experiment with various "building blocks" while they innovate. Some businesses are even allowed regulatory relief as they work out the kinks. As I've researched, I've found myself daydreaming about how my new little human also needs to work with the right building blocks, or core principles, to ensure he develops properly and "plays nice" in the sandbox.

But—back to work. What guidance do fintechs have available to them to grow and prosper?.

On July 31 of this year, the U.S. Department of the Treasury released a report suggesting regulatory reform to promote financial technology and innovation among both traditional financial institutions and nonbanks. The report in its entirety is worth a review, but I'll highlight some of it here.

The blueprint for a unified regulatory sandbox is still up for discussion, but the Treasury suggests a hierarchical structure, either overseen by a single regulator or by an entirely new regulator. The Treasury suggests that Congress will likely have to assist by passing legislation with the necessary preemptions to grant authority to the newly created agency or a newly named authoritative agency.

The report outlines these core principles of a unified regulatory sandbox:

  • Promote the adoption and growth of innovation and technological transformation in financial services.
  • Provide equal access to companies in various stages of the business lifecycle (e.g., startups and incumbents). [The regulator should define when a business could or should participate.]
  • Delineate clear and public processes and procedures, including a process by which firms enter and exit.
  • Provide targeted relief across multiple regulatory frameworks.
  • Offer the ability to achieve international regulatory cooperation or appropriate deference where applicable.
  • Maintain financial integrity, consumer protections, and investor protections commensurate with the scope of the project, not be based on the organization type (whether it's a bank or nonbank).
  • Increase the timeliness of regulator feedback offered throughout the product or service development lifecycle. [Slow regulator feedback is typically a deterrent for start-up participation.]

Clearly, the overarching intent of these principles is to help align guidance, standards, and regulation to meet the needs of a diverse group of participants. Should entities offering the same financial services be regulated similarly? More importantly, is such a mission readily achievable?

People have long recognized the fragmentation of the U.S. financial regulatory system. The number of agencies at the federal and state levels with a hand in financial services oversight creates inconsistencies and overlaps of powers. Fintech innovations even sometimes invite attention from regulators outside of the financial umbrella, regulators like the Federal Communications Commission or the Federal Trade Commission.

In the domain of financial services are kingdoms of industry. Take the payments kingdom, for example. Payments are interstate, global, and multi-schemed (each scheme with its own rules framework). And let's be honest, in the big picture of financial services innovations and in the minds of fintechs, payments are an afterthought, and they aren't front and center in business plans. Consumers want products or services; payments connect the dots. (In fact, the concept of invisible payments is only growing stronger.)

What is more, a fintech, even though it may have a payments component in its technology, might not identify itself as a fintech. And a business that doesn't see itself as a fintech is not going to get in line for a unified financial services regulator sandbox (though it might want to play in a payments regulator sandbox).

When regulatory restructuring takes place, I hope it will build a dedicated infrastructure to nurture the payments piece of fintech, so that all can play nice in the payments sandbox. (Insert crying baby.)

Photo of Jessica Washington By Jessica Washington, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

December 3, 2018 in bank supervision, emerging payments, financial services, fintech, innovation, regulations, regulators | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

October 15, 2018


An Ounce of Prevention

Benjamin Franklin coined the phrase "An ounce of prevention is worth a pound of cure," and after attending late September's FinovateFall 2018 Conference in New York City, I find this aphorism as relevant today as it was in 1735. The conference showcased 80 demonstrations of leading-edge financial technology over two days with presenters representing five continents. Demos touched on a wide range of technologies and solutions, including game-based marketing and financial education; "lifestyle" mobile banking applications that integrate social media, news, e-commerce, and financial management to deliver personalized recommendations; lending and home buying; and integration with intelligent personal assistants. What stood out to me most were the many possible technologies offered to authenticate users, cards, and mobile transactions, each with the potential to prevent payments fraud.

As card payments continue to dominate consumer transactions in the United States, usage is increasing in other countries, and remote purchases gather steam, the demand for fast, reliable identity and payment authentication has also grown. So has the even greater demand from consumers for frictionless payments. But how does technology reward the good guys, keep out the bad ones, and prevent cart abandonment or consumer frustration? Here are just a few examples of how some of the fintech companies at the conference propose to satisfy these competing priorities.

SMS—While one company proclaimed that SMS was designed for teenagers and never intended for use as a secure messaging means, another proposed a three-factor authentication method that combined the use of a PIN, Bluetooth communication, and facial recognition via SMS sent to account holders to identify a possible fraud event in real time. Enhancing this technology was artificial intelligence that analyzes facial characteristics such as smiling or frowning.

Biometrics—Developers demonstrated numerous biometrics options, including those using unique, multifactor, non-gesture-based biometric characteristics such as the speed and pressure we use to swipe our mobile devices. Also demonstrated was the process of linking facial recognition to cards for both in-person and e-commerce purchases, as well as "liveness" tests that access the mobile phone's gyroscope to detect slight physical movements not present when a bot is involved. Another liveness test demonstrated was one in which people use their mobile devices to shoot videos of themselves reciting a number or performing randomized movements. Video content is then checked against identity verification documents, such as driver's license photos, that account holders used at setup. The developers noted that using video for liveness testing helps prevent fraudsters from using stolen photos or IDs in the authentication process.

Passwords—Some developers declared that behavioral biometrics would bring about the death of the password, and others offered services that search the corners of the dark web for compromised credentials. Companies presented solutions including a single, unique identification across all platforms and single-use passwords generated automatically at each login. One of the most interesting password technologies displayed involved the use of colors, emojis, numbers, and logos. This password system, which could be as short as four characters, uses a behind-the-scenes "end code," where the definition of individual password characters is unique to each company employing the technology, rendering the password useless in the event of a data breach.

As I sat in the audience fascinated by so many of the demos, I wished I could go to my app store to download and use some of these technologies right away; the perceived security and convenience, combined with ease of use, tugged at the early adopter in me. Alas, most are white-labeled solutions to be deployed by financial institutions, card networks, and merchant acquirers rather than offered for direct consumer use. But I am buoyed by the fact that so many solutions are abiding by the words of Ben Franklin and seek to apply an ounce of prevention.

Photo of Ian Perry-Okara  By Nancy Donahue, project manager in the Retail Payments Risk Forum  at the Atlanta Fed

 

October 15, 2018 in biometrics, cards, cybersecurity, emerging payments, fintech, innovation | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

May 29, 2018


Laurel or Yanny? Cash or Card?

The latest and greatest trend on the Internet is the debate over whether you hear a recorded voice say "Laurel" or "Yanny." While I don't intend to get into the science of the phenomenon, I do find it fascinating (and completely ridiculous) that anyone would hear "Yanny." As I was thinking about this current crazed conundrum, the payments geek in me started to relate the Laurel-versus-Yanny debate to the payments industry.

It seems that we in the Retail Payments Risk Forum get asked at least monthly when the United States will become cashless. Our short answer is "never." Some people still prefer to pay with cash for many items, especially small-dollar purchases. In fact, a hamburger chain launched a cashless location during the past year only to find out that some of its customers were not happy that they were unable to pay with cash. And a large online retailer just announced a partnership that will allow its customers to use cash for purchasing gift cards to use on its website.

On the flip side, there are those (and I am smiling at one of my Risk Forum colleagues) who wince at the thought of making a paper-based payment, including cash, for anything. Here in the United States, we have embraced payments choice for consumers. And while I might be someone who prefers to pay with a credit card, I have close friends who prefer debit cards. I even know a few people who prefer to use their mobile phones.

Science can explain why people might hear a word differently. Perhaps we also need science to understand the factors that have a role in driving payment preferences—factors that might include past behavior and experiences, socioeconomic status, and incentives. Nevertheless, the fact remains that you will have your Laurels and your Yannys in payments, and oftentimes the two sides won't understand why the other would ever want to pay with their preferred method.

Research can get caught up in the hysteria that surrounds emerging payments and fintech and overlook established forms of payments. But let the Laurel-and-Yanny debate serve as a reminder that differences among consumers in payment preferences will always exist. Let's not lose sight of those established forms of payments that remain vitally important to commerce, even as the industry races to implement new technologies and systems.

To learn more about consumer payment choices and preferences, be on the lookout for the June 1 launch of the Federal Reserve Bank of Atlanta's new consumer payments web pages that house a variety of surveys, studies, and research reports on the topic.

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

May 29, 2018 in cards, fintech, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

Google Search



Recent Posts


Archives


Categories


Powered by TypePad