About


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Take On Payments

September 3, 2019


Is Friction in Payments Always Bad?

Numerous posts in this blog have noted the conventional wisdom that the less friction there is for a consumer in making a payment, the likelier it is that the consumer will have a good experience. Merchants, especially ecommerce retailers, point to studies consistently showing that when customers are required, for stronger authentication, to enter more information than they're used to during a payment, the cart abandonment rate increases and merchants lose sales. I have learned from my own conversations with merchants that some have backed away from adding more risk management tools because they would rather take the financial loss from a fraudulent transaction than discourage an otherwise legitimate sale. This balancing act between reducing friction for the customer and reducing fraud risk to the merchant or payment card issuer is a constant challenge.

Many merchants have incorporated mobile devices' biometric authentication features into their mobile apps to keep the customer from having to provide additional authentication data. Some other vendors have recently developed risk mitigation and authentication tools that work completely in the background and give them more confidence that the individual conducting the transaction is legitimate. These tools range from behavioral analytics that rely on patterns of previous transactions—whether they're based on a specific customer or on a group of customers with a similar profile—to electronic device information, called device fingerprinting, that validates that the device being used is actually the customer's. The customer is unaware that these tools are being used, so experiences lower friction.

A new term being used for what is regarded as an improved payment experience is the invisible payment transaction. This happens when a payment is triggered automatically without any customer intervention at the time of the transaction. The best examples of invisible transactions are in the sectors of subscription or card-on-file services. Subscription services include any service where the customer has provided, for example, a payment card or deposit account for a transaction and authorized the merchant or service provider to make future payments using that account. Online retailers, rideshare services, and recurring payments for health clubs, parking garages, utility companies, and charitable organizations are all types of businesses that use subscription services. A relatively recent entrant in the invisible payment segment is the computer/camera monitored shopping experience at some retailers.

So do invisible payments mean we've achieved nirvana? While they certainly provide the lowest level of customer interaction, they also have some possible disadvantages. Consumer advocates are concerned about the impact such payments might have on an individual's budget management. What if they forget about a subscription payment, and when it's deducted from their account, it creates an overdraft or insufficient funds return? Will invisible payments result in increased spending by the consumer? And then there is the bother of updating a bunch of subscriptions if the consumer changes the funding account.

While research has shown that consumers see convenience as a positive factor, they also want to be confident that there is a security process that will make them less likely to be victims of fraud. Will we ever reach the place of total payments peace and happiness with the right balance of security and convenience? Please let us know what you think.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

September 3, 2019 in consumer protection, fintech, innovation, mobile banking | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

December 17, 2018


Card Fraud Values Often above Average

Recent data from the Federal Reserve Payments Study remind me of my first experience with payments fraud as a 20-something college grad freshly arrived in Boston. I left my wallet in a conference room, and someone lifted my credit card. I still remember the metaphorical punch to the stomach when the telephone operator at the card company asked, "Did you spend $850 at Filene's Basement?" $850! That was more than twice my rent, and far more than I could conceive of spending at Boston's bargain hunters' paradise in a year, let alone on a one-night spree.

Decades later, the first thing I do to check my card and bank statements is to scan the amounts and pay attention to anything in the three digits. For noticing high-value card fraud, this is a pretty good habit.

That's because, on average, fraudulent card payments are for greater dollar values than nonfraudulent card payments. In 2016, the average value of a fraudulent credit card payment was $128, almost 50 percent more than $88 for a nonfraudulent credit card payment. For debit cards, the relationship was more pronounced: $75 for the average fraudulent payment, about twice the $38 average nonfraudulent payment, according to the Federal Reserve Payments Study.

Chart-average-value-per-payment-2016

Even to the noncriminal mind, this relationship makes sense: get as much value from the card before the theft or other unauthorized use is discovered. For a legitimate user, budgetary constraints (like mine way back when) and other considerations can come into play.

Interestingly, this relationship does not hold for remote payments. In 2016, the average dollar values of remote debit card payments, fraudulent and nonfraudulent, were the same: $68. And the average value of a nonfraudulent remote credit card payment, $151, exceeded that of a fraudulent remote credit card payment, $130. Why the switcheroo?

A couple of possibilities: Remote card payments include online bill payments, which often are associated with a verified street address and are of high value. So that could be pushing the non-fraudulent remote payments toward a high value relative to the fraudulent remote payments. Another factor could be that fraud detection methods used by ecommerce sites look for values that could be outliers, so perpetrators avoid making purchases that would trigger detection—and thus average values for remote fraud are closer to average values for remote purchases generally. But this is speculation. What do you think?

The relationships described here are depicted in figures 21 and 28 of the recent report of the Federal Reserve Payments Study, Changes in the U.S. Payments Fraud Landscape from 2012 to 2016. You can explore other relationships among average values of payments, and more, on the payments study web page.

Photo of Claire Greene By Claire Greene, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

December 17, 2018 in cards, cybercrime, cybersecurity, data security, debit cards, mobile banking, mobile payments, payments study | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

November 19, 2018


Smaller FIs Weigh In on Mobile Financial Services

I have previously written several posts on the Sixth District's 2016 Mobile Banking and Payments Survey results as well as the consolidated results of the 2016 survey involving financial institutions (FIs) in the Atlanta Fed's district and six other Federal Reserve districts. Readers will recall that the primary goal of the survey was to allow the Federal Reserve and industry stakeholders to better understand the status of financial institutions' strategies with regard to mobile banking and payments products and services.

As a follow-up to this work, the Federal Reserve districts of Atlanta, Boston, Cleveland, Kansas City, Minneapolis, and Richmond conducted a "quick-hit" survey in June 2018 of the FIs that did not respond to the detailed 2016 survey. The survey consisted of just five questions pertaining to mobile financial service offerings. It also gathered some demographic data. A total of 565 FIs responded, representing an 11.7 percent response rate. You can find a report that the Payment Strategies Group at the Federal Reserve Bank of Boston prepared on the Boston Fed website.

As a group, the FIs responding to the 2018 survey were smaller in asset size than were respondents to the 2016 survey.

Chart-one

Some of the key takeaways in the report include:

  • Of the 2018 respondents, 88 percent of banks and 81 percent of credit unions currently offer mobile banking services or plan to offer them by the end of 2018.
  • Fifty-five percent of the respondents reported that more than 20 percent of their customers were active mobile banking users.
  • Surprisingly, 14 percent of the respondents indicated they have no plans to offer mobile banking services. All but one of the FIs that have no plans to offer mobile banking had assets under $500 million. These FIs were almost evenly split between credit unions (33) and banks (36).
  • Not tracking or being unwilling to reveal customer usage levels of mobile banking services remains an issue; 29 percent of the respondents did not answer the question. My opinion is that it's the latter reason, given that a standard reporting option of mobile banking systems is to be able to track enrollment and unique sign-on activity.
  • Offerings of mobile payment services continue to lag significantly behind mobile banking. Of the 2018 responses, 57 percent currently offer or plan to offer them, while 43 percent have no plans to offer them or were undecided.

We will be conducting the detailed Mobile Banking and Payments survey in early 2019 and look forward to sharing the results with you.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

November 19, 2018 in mobile banking, mobile payments, payments study | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

June 18, 2018


Thinking about My Grandmother and Future-Proofing Payments

I often reminisce about times I spent with my grandmother. She passed away when I was only nine years old, but fortunately left me with a host of memories that I cherish. How I loved our trips to Walden Bookstore in the Hickory Ridge Mall whenever she'd visit us in my hometown of Memphis. We'd pick out a book or two and then return home to read them together. I often wonder what she would think about my family's book shopping and reading habits today. Online bookstores, e-readers, and audiobooks downloaded or streamed onto mobile phones would be completely foreign to her as the technology behind these was not even around during her lifetime! How could she ever have known how the world of books would evolve?

And this brings me to the notion of future-proofing payments. Mobile payments just might be the hottest topic when payment professionals get together to discuss the future of payments. It makes sense to think that maybe one day our mobile phones will replace our debit and credit cards and maybe even cash. But to date, the mobile phone has not done for cards and cash what it has done for mp3 players, digital cameras, and portable navigation devices, to list just a few things. Perhaps we need more time for mobile phones to transform payments—or could it be that payments as we know them today will be made over by a technology or device that is not yet widely available or even conceived? Is it possible that the primary payment methods we use today can withstand the test of time and remain our primary methods for many more years? Thinking about my grandmother and books, maybe future-proofing payments is a losing proposition and we should be nimble, ready to adapt to whatever changes come our way.

Join me for the Atlanta Fed's Retail Payments Risk Forum's latest Talk About Payments webinar on Thursday, June 28, from 1 to 2 p.m. (ET), when I will explore the future of mobile payments at the point of sale by first considering the debit card's long rise to prominence. Participation in the webinar is complimentary, but you must register in advance. After completing registration, you will receive a confirmation email with all the log-in and toll-free call-in information.

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

June 18, 2018 in banks and banking, emerging payments, mobile banking, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

April 23, 2018


Paying with PlasticMetal

I recently had the opportunity to watch a panel of eight millennials discuss their thoughts on money and payments. (The Pew Research Center defines a millennial as anyone born between 1981 and 1996.) While realizing that a sample size of eight young adults is far from representative, I was completely caught off guard at times by what they had to say based on everything I have read or heard about this generation's banking and payment preferences. None of these people lived with their parents and all of them held full-time jobs. So what did I learn from these eight millennials?

  • Demand deposit accounts (DDA) with financial institutions are still important. I was surprised that all eight panelists maintain a DDA.
  • Credit card reward programs are strong drivers of payment usage. Six out of the eight panelists stated that credit cards were their preferred method of payment, primarily because of the rewards that their cards offered. One panelist preferred debit cards while another panelist preferred cash. Of the six credit card-preferring millennials, all stated they were purely transactors that pay off their monthly balance, opting not to revolve them.
  • Another strong driver of credit card usage is card design. All of the panelists raved about metal cards. They love how metal cards feel and they love the sound that they make when they drop them on a counter or table to pay. Several expressed that they wanted cards to be even thicker and heavier. In general, the panel thought that paying with a metal card was "cooler" than paying with a mobile phone.
  • Person-to-person (P2P) wallets and applications are used extensively, but primarily for transacting between individuals, not for storing money. All of the panelists use a P2P mobile wallet or application on their phone. However, none maintain a significant balance in their preferred wallet. They opt to transfer their balance to their DDA. A primary reason for not holding funds in a mobile wallet is concern over security. They feel their money is safer with a financial institution.
  • Mobile phones are vital to their livelihood, yet mobile proximity payments have not fully caught on with them. Half of the panel uses their phone at point-of-sale terminals that accept mobile payments; one panelist mentioned the rewards that he receives from his mobile wallet as driving his mobile payment usage. A majority expressed enthusiasm about mobile order-ahead functionality and use it whenever it's available. However, the availability of mobile payments does not drive decisions to shop at specific stores. All use mobile phones for comparison shopping, oftentimes in a physical store.

A key takeaway from synthesizing all of this information is that it's not just mobile phones that pose a major threat to paying with plastic—it's also metal cards. They certainly seem to appeal to the millennials that I heard on stage and drive loyalty from a usage perspective. And while I don't have data to back up this claim, I do think this metal phenomenon spans generations, as I have had people of all ages show off their metal cards to me. Cards as a form factor are here to stay, but could plastic (especially for credit cards) be on its way out?

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

April 23, 2018 in banks and banking, cards, debit cards, mobile banking | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 26, 2018


Convenience Always Wins, In One Form or Another

My colleagues and I often write about the frustration that security professionals have that consumer convenience will almost always win over the adoption of more secure practices. We've seen this over the decades with poor password and PIN management and the often lackadaisical approach consumers take to keeping their payment devices safe and secure. This post will take a slightly different tack—it will explore the influence convenience has on the payment card issuance strategy of U.S. financial institutions (FI) and how convenience always seems to win, though sometimes in unexpected ways.

When the various mobile pay wallets were being launched, many observers speculated that they might be the beginning of the end for plastic payment cards. Some, presuming that mobile was a more convenient way to pay, opined that the day would come when FIs would have no reason to continue issuing cards since everyone was going to be using their phones. Although adoption has been increasing, the reality is that mobile payments at the point of sale have been slow to gain traction. Recently released results of a survey of FIs in seven of the Federal Reserve Bank districts revealed that 75 percent of respondents thought it would be at least three years before consumer adoption rates of mobile payments would exceed 50 percent; 40 percent said it would take five years or longer. Consumer surveys consistently indicate that consumers aren't adopting mobile payments because they find their plastic payment card more convenient. So for mobile devices, convenience still has a ways to go.

Some financial-institution-owned ATM operators, continuing efforts to provide alternatives to plastic cards, have recently begun supporting cardless ATM transactions. With this service, you use your FI's mobile banking application to set up or stage an ATM withdrawal, identifying the account and amount to be dispensed. The details of the various technologies differ, but they all work like this: you go to the FI's ATM, select the cardless ATM function, and use a smartphone to either scan a QR bar code or enter a one-time transaction code. (Sometimes you may have to use a PIN.) Nice and convenient! And you don't have to worry about damaged or forgotten cards, or getting your card skimmed. We'll have to wait to see how consumers react to this feature's convenience.

Some FIs currently issue, or plan to issue, dual interface cards when it's time for customers to replace their existing chip card. While costlier to the FI, the new cards include a contactless feature that allows an NFC-enabled terminal such as an ATM or point-of-service device to read the data on the chip when you pass the card within a couple of inches of the reader. Contactless transactions, which are quite popular in Canada and Europe and greatly desired by mass transit systems in the United States, are faster. And we all know that faster means more convenience—right? Like cardless ATM transactions, contactless offers some security benefits. But merchant terminal acceptance remains a concern, just as it has been for the various pay wallet applications.

So it seems that convenience comes in different forms, and it appears that many FIs are betting that, like currency and checks, the plastic payment card is going to be around for quite some time. Perhaps that is the best strategy: offer a wide range of options and let the customers decide for themselves which are the most convenient.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

March 26, 2018 in cards, debit cards, mobile banking, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 19, 2018


Mobile Banking and Payments' Weakest Link: Me

What's the biggest hole in mobile banking security? As my colleague Dave Lott reported in January, bankers say it's consumers' lack of protective behavior when using mobile devices. That means you and me.

In response, financial institutions (FI) have implemented controls including inactivity timeouts and multifactor authentication, as noted in Mobile Banking and Payment Practices of U.S. Financial Institutions, which reported the findings of a 2016 Federal Reserve survey.

Baking these controls into mobile apps makes sense because research on consumer behavior suggests that expecting consumers to independently take steps to protect their accounts and data is not realistic. Take as one example: I co-wrote a paper with Joanna Stavins for the Boston Fed reporting the results of our investigation into consumers' responses to the massive Target data breach. We found that while consumers do react to reports of fraud, their reactions can be short-lived. In addition, consumers' opinions may change, but their behavior may not. In other words, considerations aside from security could take priority. (See also a report on the 2012 South Carolina Department of Revenue breach.)

Debit and credit card data for 40 million cards used in Target stores were stolen in late 2013. The breach was widely reported in the news media and caused many financial institutions to reissue cards. Because it was primarily a debit card breach, one might reasonably expect consumers to take a jaundiced view of debit cards after the breach.

And, indeed, that was the case. The Survey of Consumer Payment Choice was in the field at the time of the Target breach. Some consumers answered questions about the security of debit cards before the breach became public. Others answered after.

Consumers who rated card security after the breach rated debit cards more poorly relative to the average rating of the other payment instruments—cash, paper checks, ACH methods, prepaid cards, and credit cards. So in that sense, they reacted to the news.

One year later, consumers in 2014 rated the security of debit cards more poorly both relative to their ratings of other payment instruments and absolutely (that is, a greater percentage of consumers rated debit cards as risky or very risky). In contrast, compared to 2013, the absolute security ratings of cash improved. There was no change in the security ratings of credit cards.

The more important question: Did consumers change their behavior in response to this massive and widely reported data breach? The answer: not according to this survey data. There was no statistically significant change in consumers' method of payment mix in 2014. Debit cards remained the most popular payment instrument among consumers in 2014, accounting for almost one-third of their payments per month.

What does this mean for financial institutions? Realism about my willingness to take action is well placed. You can't count on me.

Photo of Claire Greene By Claire Greene, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

March 19, 2018 in account takeovers, banks and banking, cards, debit cards, identity theft, mobile banking, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 12, 2018


Webinars Discuss Mobile Banking and Payments Survey Results

Earlier this year, I wrote a post highlighting some of the Mobile Banking and Payments Survey results that were consolidated from the seven Federal Reserve districts that conducted the survey: Atlanta, Boston, Cleveland, Dallas, Kansas City, Minneapolis, and Richmond. The 706 responding financial institutions gave us valuable information about their current and planned services as well as security features for their mobile banking and mobile payments products. (You can download a copy of the report from the Boston Fed's website.)

You can get a more detailed review of the survey findings when the Boston Fed's Payment Strategies Group conducts two webinars on March 21 and March 22.

Attendees will learn about:

  • Current developments in mobile financial services
  • Practices, products, and trends related to consumer mobile banking and payment services
  • Financial Institution perspectives on mobile security, concerns, and mitigation tools

There is no charge for the webinars but you must register. To view both webinars, you must register for both. Select a link below, then click the Register button. After you have registered, you will receive a confirmation email with the access information.

REGISTER for Part I: Consumer Mobile Banking, Wednesday, March 21, 2018 at 2 p.m. (EDT)

REGISTER for Part 2: Consumer Mobile Payments, Thursday, March 22, 2018 at 2 p.m. (EDT)

Feel free to share this post with any of your colleagues who may wish to attend. If you have any questions about the webinars, please email elisa.tavilla@bos.frb.org.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

March 12, 2018 in banks and banking, mobile banking, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

January 8, 2018


Consolidated Mobile Banking and Payments Survey Results Published

In earlier posts, we published highlights of the 2016 Mobile Banking and Payments Survey of Financial Institutions in the Sixth District results as well as a supplement showing the results by financial institution (FI) asset size. The survey was designed to determine the level and type of mobile financial services that FIs offered and to find out what plans FIs had to offer new services.

Six other Federal Reserve Banks also conducted the survey in their districts, and we've combined all the data into a single report. Marianne Crowe and Elisa Tavilla of the Boston Fed's Payment Strategies group led the team that consolidated the data. The report—now available on the Boston Fed's website—addresses mobile banking and payment services from the perspective of the FI. The report offers additional value with its inclusion of a large number of small banks and credit unions (under $500 million in assets), a group from which data are often difficult to obtain.

Consolidated-survey-respondents-by-asset-size

The seven districts participating were Atlanta, Boston, Cleveland, Dallas, Kansas City, Minneapolis, and Richmond. A total of 706 FIs responded.

Here are some of the key learnings from survey responses regarding mobile banking:

  • Retail mobile banking offerings are approaching ubiquity across financial institutions in the United States. Eighty-nine percent of respondents currently offer mobile banking services to consumers, and 97 percent plan to offer these services by 2018.
  • By the end of 2018, 77 percent of bank and 47 percent of credit union respondents will be providing mobile banking services to nonconsumers including commercial and small businesses, government agencies, educational entities, and nonprofits. Commercial and small businesses will be the most prevalent.
  • Among FIs offering and tracking business mobile banking adoption, more than half still have adoption rates of less than 5 percent.
  • The most important mobile banking security concern that respondents cited is the consumer's lack of protective behavior. In response, FIs have implemented a range of mitigating controls. To enhance security and help change consumer behavior, more than 80 percent of respondents support inactivity timeouts and multi-factor authentication (MFA) as well as mobile alerts.

And here are some important findings regarding mobile payments:

  • Implementation of mobile payment services is growing as FIs respond to competitive pressure and industry momentum. In addition to the 24 percent already offering mobile payments, 40 percent plan to do so within two years. However, the current offering level fell substantially short of the expected 57 percent predicted by the responses to the 2014 survey.
  • Mobile wallet implementations are increasing steadily, with Apple Pay as the current leader.
  • Enrollment and usage remain low. Eighty-one percent of the respondents had fewer than 5 percent of their customers enrolled and actively using their mobile payment services.
  • Asset size makes a difference in many areas: larger FIs have greater resources to expend on new services, implementations, and security technologies and controls.
  • Banks and credit unions often differ in approaches and strategies for mobile payments.

We will conduct the survey again this year and are eager to see how the mobile banking and payments landscape has changed. If you have any questions about the survey results, please let us know.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

January 8, 2018 in banks and banking, mobile banking, mobile payments, payments study | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

January 2, 2018


2017 Year-End Review

In December 2013, the Retail Payments Risk Forum began an annual tradition of authoring an end-of-year post highlighting what we consider to be the most significant payment topics or events of the year. We continued that tradition this year, but we changed our platform, instead covering our top events in our Talk About Payments webinar series. Watch a recording of the webinar's presentation.

We encourage you to listen to the webinar, during which we discussed in more detail the following key payment stories of 2017:

  • Fraud schemes
  • Data breaches
  • Chip migration
  • Payments security
  • Same-day ACH–phase II
  • Person-to-person payments
  • Fintech
  • Mobile payments
  • Virtual currency/Distributed ledger

As we begin 2018, we in the Risk Forum look forward to continuing our efforts to mitigate payments risks through industry collaboration and convening. We will also continue to offer our insights using multiple platforms, including this weekly blog and our quarterly webinar series, Talk About Payments. As always, we value your feedback and comments, so do not hesitate to reach out to any of the Risk Forum team members.

Best wishes for a happy, and fraud-free, new year from all of us at the Retail Payments Risk Forum!

Photo of Mary Kepler
Mary Kepler
Photo of Julius Weyman
Julius Weyman
Photo of Doug King
Doug King
Photo of David Lott
Dave Lott
Photo of Jessica Trundley</span>
</div>
Jessica Washington
Photo of Steven Cordray
Steven Cordray

 

January 2, 2018 in chip-and-pin, mobile banking, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

Google Search



Recent Posts


Archives


Categories


Powered by TypePad