Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
December 3, 2018
Building Blocks for the Sandbox
I just returned from a leave of absence to welcome my third child to this world. As I catch up on payments news, one theme emerging is the large number of state and federal regulatory bodies launching their own fintech sandboxes. Typically, these testing grounds allow businesses to experiment with various "building blocks" while they innovate. Some businesses are even allowed regulatory relief as they work out the kinks. As I've researched, I've found myself daydreaming about how my new little human also needs to work with the right building blocks, or core principles, to ensure he develops properly and "plays nice" in the sandbox.
But—back to work. What guidance do fintechs have available to them to grow and prosper?.
On July 31 of this year, the U.S. Department of the Treasury released a report suggesting regulatory reform to promote financial technology and innovation among both traditional financial institutions and nonbanks. The report in its entirety is worth a review, but I'll highlight some of it here.
The blueprint for a unified regulatory sandbox is still up for discussion, but the Treasury suggests a hierarchical structure, either overseen by a single regulator or by an entirely new regulator. The Treasury suggests that Congress will likely have to assist by passing legislation with the necessary preemptions to grant authority to the newly created agency or a newly named authoritative agency.
The report outlines these core principles of a unified regulatory sandbox:
- Promote the adoption and growth of innovation and technological transformation in financial services.
- Provide equal access to companies in various stages of the business lifecycle (e.g., startups and incumbents). [The regulator should define when a business could or should participate.]
- Delineate clear and public processes and procedures, including a process by which firms enter and exit.
- Provide targeted relief across multiple regulatory frameworks.
- Offer the ability to achieve international regulatory cooperation or appropriate deference where applicable.
- Maintain financial integrity, consumer protections, and investor protections commensurate with the scope of the project, not be based on the organization type (whether it's a bank or nonbank).
- Increase the timeliness of regulator feedback offered throughout the product or service development lifecycle. [Slow regulator feedback is typically a deterrent for start-up participation.]
Clearly, the overarching intent of these principles is to help align guidance, standards, and regulation to meet the needs of a diverse group of participants. Should entities offering the same financial services be regulated similarly? More importantly, is such a mission readily achievable?
People have long recognized the fragmentation of the U.S. financial regulatory system. The number of agencies at the federal and state levels with a hand in financial services oversight creates inconsistencies and overlaps of powers. Fintech innovations even sometimes invite attention from regulators outside of the financial umbrella, regulators like the Federal Communications Commission or the Federal Trade Commission.
In the domain of financial services are kingdoms of industry. Take the payments kingdom, for example. Payments are interstate, global, and multi-schemed (each scheme with its own rules framework). And let's be honest, in the big picture of financial services innovations and in the minds of fintechs, payments are an afterthought, and they aren't front and center in business plans. Consumers want products or services; payments connect the dots. (In fact, the concept of invisible payments is only growing stronger.)
What is more, a fintech, even though it may have a payments component in its technology, might not identify itself as a fintech. And a business that doesn't see itself as a fintech is not going to get in line for a unified financial services regulator sandbox (though it might want to play in a payments regulator sandbox).
When regulatory restructuring takes place, I hope it will build a dedicated infrastructure to nurture the payments piece of fintech, so that all can play nice in the payments sandbox. (Insert crying baby.)
By Jessica Washington, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
October 15, 2018
An Ounce of Prevention
Benjamin Franklin coined the phrase "An ounce of prevention is worth a pound of cure," and after attending late September's FinovateFall 2018 Conference in New York City, I find this aphorism as relevant today as it was in 1735. The conference showcased 80 demonstrations of leading-edge financial technology over two days with presenters representing five continents. Demos touched on a wide range of technologies and solutions, including game-based marketing and financial education; "lifestyle" mobile banking applications that integrate social media, news, e-commerce, and financial management to deliver personalized recommendations; lending and home buying; and integration with intelligent personal assistants. What stood out to me most were the many possible technologies offered to authenticate users, cards, and mobile transactions, each with the potential to prevent payments fraud.
As card payments continue to dominate consumer transactions in the United States, usage is increasing in other countries, and remote purchases gather steam, the demand for fast, reliable identity and payment authentication has also grown. So has the even greater demand from consumers for frictionless payments. But how does technology reward the good guys, keep out the bad ones, and prevent cart abandonment or consumer frustration? Here are just a few examples of how some of the fintech companies at the conference propose to satisfy these competing priorities.
SMS—While one company proclaimed that SMS was designed for teenagers and never intended for use as a secure messaging means, another proposed a three-factor authentication method that combined the use of a PIN, Bluetooth communication, and facial recognition via SMS sent to account holders to identify a possible fraud event in real time. Enhancing this technology was artificial intelligence that analyzes facial characteristics such as smiling or frowning.
Biometrics—Developers demonstrated numerous biometrics options, including those using unique, multifactor, non-gesture-based biometric characteristics such as the speed and pressure we use to swipe our mobile devices. Also demonstrated was the process of linking facial recognition to cards for both in-person and e-commerce purchases, as well as "liveness" tests that access the mobile phone's gyroscope to detect slight physical movements not present when a bot is involved. Another liveness test demonstrated was one in which people use their mobile devices to shoot videos of themselves reciting a number or performing randomized movements. Video content is then checked against identity verification documents, such as driver's license photos, that account holders used at setup. The developers noted that using video for liveness testing helps prevent fraudsters from using stolen photos or IDs in the authentication process.
Passwords—Some developers declared that behavioral biometrics would bring about the death of the password, and others offered services that search the corners of the dark web for compromised credentials. Companies presented solutions including a single, unique identification across all platforms and single-use passwords generated automatically at each login. One of the most interesting password technologies displayed involved the use of colors, emojis, numbers, and logos. This password system, which could be as short as four characters, uses a behind-the-scenes "end code," where the definition of individual password characters is unique to each company employing the technology, rendering the password useless in the event of a data breach.
As I sat in the audience fascinated by so many of the demos, I wished I could go to my app store to download and use some of these technologies right away; the perceived security and convenience, combined with ease of use, tugged at the early adopter in me. Alas, most are white-labeled solutions to be deployed by financial institutions, card networks, and merchant acquirers rather than offered for direct consumer use. But I am buoyed by the fact that so many solutions are abiding by the words of Ben Franklin and seek to apply an ounce of prevention.
By Nancy Donahue, project manager in the Retail Payments Risk Forum at the Atlanta Fed
May 29, 2018
Laurel or Yanny? Cash or Card?
The latest and greatest trend on the Internet is the debate over whether you hear a recorded voice say "Laurel" or "Yanny." While I don't intend to get into the science of the phenomenon, I do find it fascinating (and completely ridiculous) that anyone would hear "Yanny." As I was thinking about this current crazed conundrum, the payments geek in me started to relate the Laurel-versus-Yanny debate to the payments industry.
It seems that we in the Retail Payments Risk Forum get asked at least monthly when the United States will become cashless. Our short answer is "never." Some people still prefer to pay with cash for many items, especially small-dollar purchases. In fact, a hamburger chain launched a cashless location during the past year only to find out that some of its customers were not happy that they were unable to pay with cash. And a large online retailer just announced a partnership that will allow its customers to use cash for purchasing gift cards to use on its website.
On the flip side, there are those (and I am smiling at one of my Risk Forum colleagues) who wince at the thought of making a paper-based payment, including cash, for anything. Here in the United States, we have embraced payments choice for consumers. And while I might be someone who prefers to pay with a credit card, I have close friends who prefer debit cards. I even know a few people who prefer to use their mobile phones.
Science can explain why people might hear a word differently. Perhaps we also need science to understand the factors that have a role in driving payment preferences—factors that might include past behavior and experiences, socioeconomic status, and incentives. Nevertheless, the fact remains that you will have your Laurels and your Yannys in payments, and oftentimes the two sides won't understand why the other would ever want to pay with their preferred method.
Research can get caught up in the hysteria that surrounds emerging payments and fintech and overlook established forms of payments. But let the Laurel-and-Yanny debate serve as a reminder that differences among consumers in payment preferences will always exist. Let's not lose sight of those established forms of payments that remain vitally important to commerce, even as the industry races to implement new technologies and systems.
To learn more about consumer payment choices and preferences, be on the lookout for the June 1 launch of the Federal Reserve Bank of Atlanta's new consumer payments web pages that house a variety of surveys, studies, and research reports on the topic.
By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
April 9, 2018
Fintech for Financial Wellness
When you hear the term fintech, you might free-associate "blockchain" or "APIs" or "machine learning." Chances are "financial opportunities and capabilities for all" might not be the first topic to spring to mind. Recently, I've been learning about the vast ecosystem of fintech entrepreneurs seeking to improve what the Center for Financial Services Innovation calls "financial health"—that is, our financial resiliency in the face of adversity, ability to take advantage of opportunities, and ability to manage day-to-day finances.
Consumer-focused fintech projects ask the question: Can we use data to improve financial wellness for individuals?
Some of these projects are directed toward specific groups. There are apps to help SNAP (Supplemental Nutrition Assistance Program) recipients manage benefits, enable immigrants to import their credit history from their home countries into U.S. credit reporting tools, and teach recent college grads about financial decisions such as paying off student loans or signing up for employer-sponsored retirement accounts.
Some can help you to:
- Analyze your cash flows over the course of the month and tell you how much you could save.
- Save or invest when you make purchases by automatically rounding up and putting your change into an account.
- Analyze your accounts to identify peaks and valleys in your income and help you smooth it out.
- Know when you have enough money to pay a particular bill and let you pay it by swiping your finger.
- Link saving to opportunities to win prizes by incorporating lotteries.
- Know, via text message, if you're likely to overdraw your account in the next few days.
Recent research finds that these sorts of interventions can be effective. For example, in "Preventing Over-Spending: Increasing Salience of Credit Card Payments through Smartphone Interventions," the authors find that people who use an app that suggests weekly savings goals significantly reduce their expenditures. This trial took place with a small sample of Swiss credit card users. As part of the experiment, participants reviewed and classified every credit card transaction, thus making every payment more visible to them. On average, participants reduced their weekly spending by about 14 percent.
Of course, not only entrepreneurs but also economists, policymakers, and traditional institutions appreciate the importance of financial education. Increasing financial literacy makes for a stronger economy, and financial education is an important part of what the Fed does. Just last week, Atlanta Fed president and CEO Raphael Bostic spoke about the importance of financial literacy. You can read his remarks here.
If you, too, care about improving financial wellness for everyone and want to learn more, please reach out to share information and ideas.
By Claire Greene, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
- Looking for Partners in Safer Payments
- The Range of Un-Friendly Fraud
- Payments Webinar October 10: Cash in the 21st Century
- "Insuring" Ransomware Will Continue to Flourish
- Designing Disclosures to Be Read
- Is There a Generation Gap in Cash Use?
- What the Most Convenient Food Tells Us about Payments
- Is Friction in Payments Always Bad?
- Why Should You Care about PSD2?
- At the Intersection of FinTech and Financial Inclusion
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- account takeovers
- ATM fraud
- bank supervision
- banking regulations
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- credit cards
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- financial technology
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- online retail
- Payment Services Directive
- payments fraud
- payments innovation
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- skills gap
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workforce development
- workplace fraud