About


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Take On Payments

November 27, 2017


How Intelligent Is Artificial Intelligence?

At the recent Money20/20 conference, sessions on artificial intelligence (AI) joined those on friction in regulatory and technological innovation in dominating the agenda. A number of panels highlighted the competitive advantages AI tools offer companies. It didn't matter if the topic was consumer marketing, fraud prevention, or product development—AI was the buzzword. One speaker noted the social good that could come from such technology, pointing to the work of a Stanford research team trying to identify individuals with a strong likelihood of developing diabetes by running an automated review of photographic images of their eyes. Another panel discussed the privacy and ethical issues around the use of artificial intelligence.

But do any of these applications marketed as AI pass Alan Turing's 1950s now-famous Turing test defining true artificial intelligence? Turing was regarded as the father of computer science. It was his efforts during World War II that led a cryptographic team to break the Enigma code used by the Germans, as featured in the 2014 movie The Imitation Game. Turing once said, "A computer would deserve to be called intelligent if it could deceive a human into believing that it was human." An annual competition held since 1991, aims to award a solid 18-karat gold medal and a monetary prize of $100,000 for the first computer whose responses are indistinguishable from a real human's. To date, no one has received the gold medal, but every year, a bronze medal and smaller cash prize are given to the "most humanlike."

Incidentally, many vendors seem to use artificial intelligence as a synonym for the terms deep learning and machine learning. Is this usage of AI mostly marketing hype for the neural network technology developed in the mid-1960s, now greatly improved thanks to the substantial increase in computing power? A 2016 Forbes article by Bernard Marr provides a good overview of the different terms and their applications.

My opinion is that none of the tools in the market today meet the threshold of true artificial intelligence based on Turing's criteria. That isn't to say the lack of this achievement should diminish the benefits that have already emerged and will continue to be generated in the future. Computing technology certainly has advanced to be able to handle complex mathematical and programmed instructions at a much faster rate than a human.

What are your thoughts?

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

 

November 27, 2017 in emerging payments, innovation, payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

November 20, 2017


Webinar: Key Payment Events in 2017

This year has been an exciting one for the payments industry. Topics such as block chain and distributed ledger, card-not-present fraud, and chip-card migration continued to be in the news, and new subjects such as behavioral biometrics and machine learning/artificial intelligence made their way into the spotlight.

In the past, the Retail Payments Risk Forum team has coauthored a year-end post identifying what they believed to have been the major payment events of the year. This year, we are doing something a little bit different and hope you will like the change. Taking advantage of our new webinar series, Talk About Payments, the RPRF team will be sharing our perspectives through a round table discussion in a live webinar. We encourage financial institutions, retailers, payments processors, law enforcement, academia, and other payments system stakeholders to participate in this webinar. Participants will be able to submit questions during the webinar.

The webinar will be held on Thursday, December 14, from 1 to 2 p.m. (ET). Participation in the webinar is complimentary, but you must register in advance. To register, click on the TAP webinar link. After you complete your registration, you will receive a confirmation email with all the log-in and toll-free call-in information. A recording of the webinar will be available to all registered participants in various formats within a couple of weeks.

We look forward to you joining us on December 14 and sharing your perspectives on the major payment events that took place in 2017.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

November 20, 2017 in banks and banking, biometrics, emerging payments, EMV, innovation | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

November 13, 2017


The Future of Wearables

My wife and I took our children to a Florida theme park for their recent fall break. While I would love to spend the next few paragraphs opining on why I think our school calendar is crazy or giving a review of the most phenomenal ride that I have ever experienced, it doesn't really fit the mission or purpose of Take On Payments. Fortunately, the trip did provide some fodder and thought for a blog post, thanks to a much-discussed and written-about wearable NFC—or near-field-communication—device that the theme park offers.

These bands were introduced in 2013 to create an awesome customer experience. This experience is much bigger than a payment platform and has absolutely nothing to do with a rewards program around which so many mobile wallet and payment applications are being developed. The band's functionality certainly includes payments, but the device also replaces room keys, park entry cards, and ride-specific tickets known as fast passes. As an additional feature, it is waterproof, which proves handy for a trip to the water park. I was able to spend the week without ever having anything in my pockets (yes, I even left my phone in the room). My wife commented how fantastic it would be to take the NFC band experience outside of the park because it was just so easy and convenient.

Ease and convenience–isn't that what a lot of us are after? If you have to give me something to get me to open an application and tap my phone in place of a payment card, is that really providing ease and convenience? I am now 100 percent convinced that rewards programs aren't going to drive mobile commerce to any significant degree. Experiences that provide ease and convenience will drive mobile commerce. Hello, mobile order-ahead. Hello, grocery delivery. And hello, wearable of the future.

It isn't hard to imagine a wearable device, like an open-loop band, transforming our lives. After my theme park experience, I long for the day when a wearable will be the key to my vehicle—which I won't have to drive, either—and to my house, my communication device, and my payment device (or wallet). Of course, we'll have to consider the security issues. Even the bands incorporate PINs and fingerprint biometrics in some cases to ensure that the legitimate customer is the one wearing the band.

Is this day really so far-fetched? I can already order a pizza through a connected speaker, initiate a call from the driver's seat of my car without touching my phone, or tap my phone to pay for a hamburger. The more I think about these possibilities, I have to ask myself, is it crazy to question whether or not using mobile phones for payments just might become obsolete before long? Or maybe mobile phones will provide that band functionality?

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

 

November 13, 2017 in banks and banking, innovation | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

November 6, 2017


My Fingertips, My Data

I am not a user of old-style financial services. While I remember learning how to balance a checkbook, I never had to do it, since I never had checks. Recently, my financial adviser suggested several mobile applications that could help me manage my finances in a way that made sense to me. I researched them, evaluated a few, and decided which one I thought would be the best. I'm always excited to try new apps, hopeful that this one will be the one that will simplify my life.

As I clicked through the process of opening an account with my new financial management app, I entered the name of my financial institution (FI), where I have several accounts: checking, savings, money market, and line of credit. The app identified my credit union (which has over $5 billion in assets and ranks among the top 25) and entered my online banking credentials—and then I was brought up short. The app was asking for my routing and account number. As I said, I don't own any checks and I don't know how to find this information on my credit union's mobile app. (I do know where to find it using an internet browser.) I stopped creating my account at this point and have yet to finish it up.

I later discovered that if I banked with one of the larger banks, for which custom APIs have been negotiated, I would not have been asked for a routing and account number. I would have simply entered my online login details, and I'd be managing my finances with my fingertips already. I started digging into why my credit union doesn't have full interoperability.

In the United States, banking is a closed system. APIs are built as custom integrations, with each financial institution having to consent for third parties to access customer data. However, many FIs haven't been approached, or integration is bottlenecked at the core processor level. It is bottlenecked because if they deny access to customer data (which some do), the FI has no choice in the matter.

New Consumer Financial Protection Bureau (CFPB) guidance on data sharing and aggregation addresses the accessibility and ownership issue. The upshot of the CFPB's guidance is that consumers own their financial data and FIs should allow sharing of the data with third-party companies. But should doesn't equal will or can.

The CFPB guidance, though not a rule, is in the same vein as the European Union's PSD2 (or Directive on Payments Services II) regulation, whereby FIs must provide access to account information with the consumer's permission. This platform, which represents an open banking approach, standardizes APIs that banks can proactively make available to third parties for plug-and-play development.

While open banking is a regulatory requirement in Europe, market competition is driving North American banks to be very interested in implementing open banking here. An Accenture survey recently found that 60 percent of North American banks already have an open banking strategy, compared to 74 percent of European banks.

It is no surprise that bankers are becoming more comfortable with the shift-in-ownership concept. FIs have been increasingly sharing their customers' data with third parties. Consumer data are what fuel organizations like credit agencies, payment fraud databases, identity and authentication solutions, and anomaly detection services, to name a few. As these ownership theories change, we will also need to see new approaches to security. What are your thoughts about open banking?

Photo of Jessica Washington  By Jessica Washington, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

 

November 6, 2017 in banks and banking, data security, emerging payments, innovation, mobile banking | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

August 21, 2017


Are Our Wallets About to Get Thinner?

In February 2011, I was in Salt Lake City for the annual Smart Card Alliance conference, and a representative from the now-defunct Isis Mobile Wallet was delivering the keynote address. As part of the keynote, the speaker played a video clip from the Seinfeld show that famously depicts the "Costanza wallet," a wallet so overstuffed that it gave George a backache from sitting on it. The conference speaker had us imagining a world where our mobile phones replaced our physical wallets. Six-and-a-half years later, that world remains a dream. But are we closer to it, with private-label cards possibly leading the way?

As I was paying for my coffee this morning through a mobile phone app, it dawned on me that I haven't used a physical card for this specific retailer in at least three years. The retailer's mobile app has replaced my physical card, a private-label prepaid card, as my payments credential. I no longer have a need for the card at this retailer, nor do I want one—I'd prefer to keep my wallet from becoming a "Costanza wallet." And while my example describes a prepaid card, I believe that this retailer's model is indicative of what's on the horizon for private-label store credit cards as well.

I usually quickly turn down any offers for private-label credit cards at retailers. Even though these cards come with some sweet deals and benefits, I just don't want more plastic in my wallet. But what if this credential could be issued directly within the retailer's mobile application without ever issuing a plastic card? Sign me up!

I remain skeptical about the future of the so-called "pay wallets," but continue to believe that the future of mobile payments will be driven by retailers' mobile apps. And I think these mobile apps present these retailers the ideal opportunity to drive their private-label prepaid or credit adoption and usage without ever having to issue a plastic credential. If the credential that retailers issued were in electronic form, such as a token or virtual card, it could disrupt the plastic card industry—approximately 360 million credit and 4.5 billion prepaid cards in 2015, according to the Nilson Report. Plus, merchants would benefit by avoiding the cost of issuing and distributing cards.

So back to my original question: Are we closer to a world with thinner wallets, and with private-label cards possibly leading the way? I don't think our physical wallets will ever go away, but I do believe that they will slim down as we witness a substantial rise in the issuance of private-label virtual credentials in the future on a wide range of connected devices. In fact, I'm willing to go out on a limb and suggest that these credentials will eventually overtake the number of physical cards. What do you think on the future of plastic in the private-label space? And what new challenges, if any, will the virtualization of plastic have on the personalization and authentication of payment credentials?

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

August 21, 2017 in cards, innovation | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

July 24, 2017


FIDO Tightens Authentication's Leash

Our blog often covers user authentication challenges confronting financial institutions and merchants. We feel this topic is essential given that consumers are increasingly going online to make payments and their passwords tend to be weak. Financial institutions and merchants face a difficult balancing act. They must be confident that their authentication tools effectively confirm the legitimacy of the individual attempting a transaction, but they also have to make sure these tools don't create a bad experience for the customer.

A meeting in 2009 between a fingerprint-sensor manufacturer and a global, third-party payment provider to fingerprint-enable online payments quickly turned into a conversation on how to develop an industry standard for the general use of biometrics to identify online users. Ultimately, this meeting led to the formation of the FIDO (Fast IDentity Online) Alliance in 2012. FIDO currently has a global membership of more than 250 companies and agencies spanning the payments, mobile, PC, and transaction security industries.

FIDO's principal effort has been to develop a set of specifications and certifications covering consumer devices, mobile and web applications, and biometric authentication methods for e-commerce applications. Products certified to these authentication specs reduce password dependence, transaction friction, and stolen password attacks such as phishing, man-in-the middle attacks, and transaction replays.

FIDO initially focused on mobile devices—which allow authentication with the fingerprint sensor, microphone, and camera—and developed the Universal Authentication Framework. This framework provides enhanced security using public-key cryptography, with the keys and biometric templates remaining on the mobile device. The user goes through a device registration process that creates the biometric template and a cryptographic key pair on the device and registers only the public key with the online service. To perform a transaction, the customer uses one of the phone's biometric sensors to unlock the private key on the device.

To expand these strong cryptographic authentication capabilities to second-factor use cases on the web, FIDO established a second set of specifications known as FIDO U2F, or Universal Second Factor protocol. With this protocol, the user inserts a certified U2F device, also known as a security key, into a device's USB port or uses the device's Bluetooth or near-field communication features. The application running in a FIDO-compliant web browser first challenges the user for a password and then authenticates the user with the cryptographic private key on the U2F device.

Authentication of customers, especially on a remote basis, will always be a challenge as criminals find more and more ways to spoof identities. The industry's efforts to increase the security of remote payments remain ongoing and the cooperative work demonstrated by groups such as the FIDO Alliance plays an important part in that effort.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

July 24, 2017 in banks and banking, biometrics, consumer fraud, consumer protection, identity theft, innovation, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

July 17, 2017


Staging the ATM

As the installation of the first automated teller machine (ATM) recently reached its 50th anniversary (48 years since the first U.S. installation), the core functionality of the present-day ATMs has changed very little. They remain primarily designed to provide customers with cash at their convenience, but now most full-function ATMs also accept deposits with image capture and currency counting capability. Sure, the machines of today are much more technologically sophisticated and reliable than the initial ones that were more mechanical in operation. The industry, however, has undergone some major changes.

Accessed by a magnetic stripe or chip card and authenticated using a PIN, the ATM has served consumers and financial institutions well. The 2016 Federal Reserve Payment Study showed that ATM withdrawal volume remained flat from 2012 through 2015 at approximately 5.8 billion transactions valued at $700 billion, or an average transaction value of $122.

Banks in a number of South American and Asian-Pacific countries have installed biometric sensors in their ATMs either to eliminate the need for payment cards and PINs or to serve as an additional authentication factor. However, a couple of major U.S. banks have taken a different path in a quest to eliminate the payment card and PIN; they have developed a staged transaction process using the customer's mobile phone. While there are some variations from bank to bank, the process generally works as follows:

  • The customer opens the mobile banking application using the normal authentication process.
  • The customer selects the ATM withdrawal option then identifies the ATM location and amount of withdrawal.
  • When at the designated ATM, the customer selects the function button on the ATM for a cardless transaction.
  • The next step depends on the particular bank.
    • Some banks display a 2D barcode on the ATM screen, which the mobile phone's camera reads to validate the transaction and dispense the requested amount of cash.
    • Other banks, to complete the transaction, may require the customer to enter both the normal payment card PIN and a numeric token value that the application sent to their phone when they made the transaction selection.

This technology offers banks a number of financial benefits over biometric readers. The barcode or token process requires only software development within the mobile banking application and ATM, so banks don't have to purchase, install, and maintain biometric hardware sensors. A drawback is that only the ATMs of the customer's own financial institution supports the staged transaction. In addition, card readers will have to remain a key component of ATMs to service customers of other banks as well as the bank's own customers who wish to continue to use their cards. Because criminals continue to insert card-skimming devices and cameras to capture card data and customer PINs—an industry-wide and global problem—the new functionality will only minimize, not prevent, such fraudulent activity.

Many financial institutions seem to be making a concerted effort to migrate customers from payment card-based transactions to options such as mobile pay wallets and now staged ATM transactions. Mobile wallet adoption rates by consumers have been low to date, so it will be interesting to see if the adoption rate of cardless ATM transactions will be any different. What do you think?

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

July 17, 2017 in banks and banking, innovation | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

July 10, 2017


Can Migrants Teach Us Anything about Millennials?

While attending a recent conference, I became involved in a discussion regarding millennials and their alleged rejection of banks. The other people in this conversation thought that this millennial mindset is negatively affecting banks and other financial institutions (FIs). One person cited a Goldman Sachs report that said 53 percent of millennials surveyed indicated they have no need for a bank in the near future. Another mentioned the Millennial Disruption Index, which found that 71 percent of millennials would prefer to go to the dentist than listen to what banks are saying.

It would come as no surprise to those who know me or have read some of my previous blogs on similar topics that I was the outlier in the conversation. And after reading Inter-American Dialogue's May 2017 report, On the Cusp of Change: Migrants’ Use of the Internet for Remittance Transfers, I feel as strongly as ever that this generation will, in fact, need banking relationships.

While the survey behind the report focused on migrants' use of remittance transfers, Inter-American Dialogue also surveyed migrants on bank account ownership. The survey found that over 70 percent of Mexican migrants in the United States own a bank account, up from only 29 percent in 2005. The report concludes, with support from additional survey data, that bank account ownership is predominantly a function of years being in the United States; those migrants here for 10 years or longer are much likelier to own a bank account.

While millennials may not need traditional FI products today as they wait longer to purchase homes and start families than did previous generations, I believe the day will come when they find they need FIs. Only then will we know whether that wait is shorter or longer than the 10 years it takes for most Mexican migrants to establish banking relationships. Millennials have a host of alternative financial products to choose from—and to ignore—but so do migrant workers. Yet we know that, eventually, most migrant workers recognize they need banks.

I am not suggesting that financial institutions simply wait for millennials to realize their need for a banking relationship. FIs should be actively pursuing new products or developing strategies to attract millennials to traditional products. As millennials establish themselves and grow more prosperous, I believe they will realize banking relationships are extremely important to that process. The notion that millennials never need banks is one that I am not buying (not even with my bitcoins). Are you?

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

July 10, 2017 in banks and banking, innovation | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

June 5, 2017


Responsible Innovation Part 1: Can Community Banks Remain Competitive?

The Atlanta Fed's Retail Payments Risk Forum recently co-hosted a summit with the United Kingdom's Department for International Trade to discuss faster payments and their effects on community financial institutions (FIs). In a series of three posts, I will share summaries of the lessons and implications that payments industry stakeholders discussed at the summit. A major theme of these discussions was whether community FIs can remain competitive independent of how they access a faster payments network. This post tackles this theme.

What networks were discussed at the summit?
United States United Kingdom
ACH (NACHA) ACH (Bacs)
Real-Time Payments (The Clearing House) Faster Payments (Faster Payments Scheme Ltd.)

The Faster Payments Scheme, or FPS, opened in the United Kingdom in 2008. The summit was a good opportunity to hear first-hand from one community banker's experience with the still-new system. A panelist from the first retail community bank to join the FPS discussed how access options played a role in the bank's ability to compete with large FIs.

  • In the beginning, the only way a community bank could access the FPS was through a sponsoring bank.
  • This option was expensive, hindering, and much like a newborn baby who needed attention all day and night (even on weekends), according to the panelist.
  • The FPS sends messages 24/7, in near-real time, but her bank's access model often caused a delay of 15 to 30 minutes, making the bank less than competitive.
  • Last year, the bank was able to join as a "Direct Participant" under the New Access Model,, an experience that the panelist compared to parenting a toddler who allows her to sleep through the night, even as it runs 24/7/365. The new model was also much more affordable and provided her community bank the near-real time model larger banks received. (The New Access Model that gives payment service providers and community FIs direct connection began in 2014, six years after the FPS began.)
  • The panelist did note a serious obstacle to this access model for the smaller banks: the onerous 12-month certification process to become a Direct Participant is tailored to large banks. The process required significant resources and strained other areas of her bank. She suggested that the certification take a risk-based approach.

Two developments on the way may affect future access options: (1) plans are set to consolidate Bacs, FPS, and Cheque; and (2) the Bank of England plans to grant settlement services to nonbank payment service providers.

The United States is facing a similar challenge: community FIs will have to choose how to access faster payment systems. Some community FIs have begun to offer same-day ACH and will likely consider real-time payments later this year.

Representatives from the Clearing House's Real-Time Payments initiative shared some details on their access model:

  • FIs of all sizes will be able to connect directly or through third-party service providers.
  • Regional payments associations will play an important role as they collectively represent all U.S. financial institutions plus third-party processors.
  • The speed will be the same for all participants.
  • Indirect participation will not be available.
  • Payments can be made 24/7/365.

While direct access is available for both same-day ACH and Real-Time Payments, some FIs may choose to use a sponsor or correspondent access model. To remain competitive, community FIs will have to understand the advantages and limitations that each access model provides.

The next installment in this series will discuss the U.S. market appetite for faster payments; the one after that will look at the impacts of adoption.

Photo of Jessica Washington  By Jessica Washington, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

June 5, 2017 in banks and banking, financial services, innovation | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 28, 2016


Continuing Education in Mobile Payments Security

Just over a year ago, I wrote a post raising the question of which stakeholder or stakeholders in the payments ecosystem had the responsibility for educating consumers regarding payments security. As new payment technologies such as mobile devices, wearables, and the Internet of things gain acceptance and increased usage, who is stepping up not only to teach consumers how to use the devices but also how to do so in a safe and secure manner?

Since it is generally financial institutions that have the greatest financial risk for payment transactions because of the protective liability legislation that exists in the United States, this responsibility has fallen largely to them. However, this educational effort has become increasingly difficult since consumers generally acquire these new products at retail outlets or mobile carrier stores, where the financial institution has no direct contact with the consumer.

The Consumer Federation of America (CFA) recently continued its ongoing efforts to provide educational information to consumers with the release of a guide to mobile payments. The guide is comprehensive, covering issues such as privacy, security of the mobile device, the dangers of malware, error resolution, and dispute procedures for mobile payments, and concludes with a humorous animated video that recaps some of the risks with mobile phones if they are not secured and used properly.

As an example, in its section on privacy, the guide offers the following tips:

  • Read the privacy policies of the companies whose services you are using to make mobile payments and the companies that you are paying.
  • If you don't like a company's privacy policy, take your business elsewhere.
  • Don't voluntarily provide information that is not necessary to use a product or service or make a payment.
  • Take advantage of the controls that you may be given over the collection and use of your personal information.
  • Since mobile payments, like all electronic payments, leave a trail, if there are transactions that you would prefer to make anonymously, pay with cash.

Kudos to the CFA for its work on this effort. I hope you will read the guide and spread the word about the availability of this valuable resource. It is through the combined efforts of the payments stakeholders that we can work to improve the knowledge level of all parties involved and promote secure usage.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

March 28, 2016 in consumer protection, innovation, mobile banking, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

Google Search



Recent Posts


Archives


Categories


Powered by TypePad