About


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Take On Payments

October 29, 2018


Remote Card Fraud: A Growing Concern

Where's the money in card payments? Despite all we hear about e-commerce and other kinds of remote payments, in-person payments remain strong. The total dollar value of in-person card payments exceeded the total dollar value of remote payments in both 2015 and 2016. In-person payments were 56 percent of all card payments by value in 2016, and 58 percent in 2015. By number, the race is not even close: 78 percent of card payments were in person in 2016.

Graph-one

Looking at change from 2015 to 2016, however, another story could be emerging. When we consider the growth in the value of card payments, remote payments grew by 11 percent from 2015 to 2016, compared to about 3 percent growth by value for in-person card payments. By number, in-person card payments increased 5 percent and remote by 17 percent.

It wasn't only remote payments that grew from 2015 to 2016—so did remote fraud. In fact, it grew faster than remote payments did overall. Remote fraud by value grew more than three times faster than the value of remote payments—35 percent compared to 11 percent. By number, remote fraud grew about twice as fast—32 percent compared to 17 percent.

In contrast to the mix of remote and in-person card payments overall, where in-person payments still are the majority, fraudulent remote card payments were more than half of all fraudulent card payments by both value and number in 2016.

Graph-two

These data suggest that remote card payments fraud is likely to be of increasing concern for the U.S. payments system going forward. Additional data are included in the report at www.federalreserve.gov/paymentsystems/fr-payments-study.htm.

To learn more about payments fraud, you can sign up for the Talk About Payments webinar on November 1 at 11 a.m. (ET). This webinar is open to the public but you must register in advance to participate.

Photo of Claire Greene By Claire Greene, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

 

October 29, 2018 in cards, consumer fraud, debit cards, fraud, identity theft, mobile payments, online retail, payments study | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

June 25, 2018


Down but Not Out

As I noted in my last post, consumer habits are sticky when it comes to cash. Despite the many ways to pay, consumers make almost one-third of payments (by number) in cash. But sometimes cash just isn't an option. You can't use cash to buy a snack on an airplane, for example. This week, I look at factors about merchants that constrain consumers' payment options, including their unwillingness to accept cash for in-person payments or their inability to accept cash for online payments. (My colleague Doug King touched on cashless locations a couple of weeks ago.)

At the in-person point of sale, merchants' willingness to accept a payment instrument could affect the prevalence of cash. Consumers obviously cannot use cash when merchants will not accept it. Recent headlines (here and here) suggest that some quick-service restaurants, coffee shops, and food trucks may be growing reluctant to accept cash. As an example, here's a picture of a sign on a San Francisco food cart in late May.

20180612_RPO_TOP_Cashless_image The flip side of a merchant's unwillingness to accept cash is the merchant's willingness to accept card payments for ever-lower dollar values. And indeed, the average dollar value of card payments is dropping. For instance, the average dollar value of an in-person, non-prepaid debit card purchase fell from $35 in 2012 to $32 in 2016 (Federal Reserve Payments Study: 2017 Annual Supplement). This trend could indicate that merchants are increasingly agreeable to accepting cards for small-dollar transactions.

Consumers show they are aware of evolving merchant acceptance. The 2017 Survey of Consumer Payment Choice reported that consumers rate credit and debit cards highest for acceptance, with cash coming in third. The survey asked respondents to rate how likely each payment method is to be accepted by stores, companies, online merchants, and other people or organizations.

At the online point of sale, cash is not an option. (However, Doug mentioned in that same post that at least one online retailer is trying to make cash possible.) The share of purchases made online is still small—just about 12 percent of retail goods and services by number (2017 Survey of Consumer Payment Choice). Yet over the past four years that share has steadily increased. Data about remote card purchases in the Federal Reserve Payments Study (2017 Annual Supplement ) show the growing importance of online purchases. As Jessica Washington noted in her post in early May, remote card purchases grew more rapidly from 2015 to 2016 than did in-person card purchases, measured by both number and value.

Despite these developments, cash continues to dominate quick purchases. In October 2016, consumers paid for about half of their fast food purchases with cash. They used cash for 62 percent of convenience store purchases (2016 Diary of Consumer Payment Choice).

Cash has had staying power over decades of technological innovation. It may be down, but it isn't out.

To learn more about consumer payment choices and preferences, visit the Federal Reserve Bank of Atlanta's new consumer payments web pages that house a variety of surveys, studies, and research reports on the topic.

Photo of Claire Greene By Claire Greene, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

June 25, 2018 in cards, currency, debit cards, emerging payments, mobile payments, online retail | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

June 18, 2018


Thinking about My Grandmother and Future-Proofing Payments

I often reminisce about times I spent with my grandmother. She passed away when I was only nine years old, but fortunately left me with a host of memories that I cherish. How I loved our trips to Walden Bookstore in the Hickory Ridge Mall whenever she'd visit us in my hometown of Memphis. We'd pick out a book or two and then return home to read them together. I often wonder what she would think about my family's book shopping and reading habits today. Online bookstores, e-readers, and audiobooks downloaded or streamed onto mobile phones would be completely foreign to her as the technology behind these was not even around during her lifetime! How could she ever have known how the world of books would evolve?

And this brings me to the notion of future-proofing payments. Mobile payments just might be the hottest topic when payment professionals get together to discuss the future of payments. It makes sense to think that maybe one day our mobile phones will replace our debit and credit cards and maybe even cash. But to date, the mobile phone has not done for cards and cash what it has done for mp3 players, digital cameras, and portable navigation devices, to list just a few things. Perhaps we need more time for mobile phones to transform payments—or could it be that payments as we know them today will be made over by a technology or device that is not yet widely available or even conceived? Is it possible that the primary payment methods we use today can withstand the test of time and remain our primary methods for many more years? Thinking about my grandmother and books, maybe future-proofing payments is a losing proposition and we should be nimble, ready to adapt to whatever changes come our way.

Join me for the Atlanta Fed's Retail Payments Risk Forum's latest Talk About Payments webinar on Thursday, June 28, from 1 to 2 p.m. (ET), when I will explore the future of mobile payments at the point of sale by first considering the debit card's long rise to prominence. Participation in the webinar is complimentary, but you must register in advance. After completing registration, you will receive a confirmation email with all the log-in and toll-free call-in information.

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

June 18, 2018 in banks and banking, emerging payments, mobile banking, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

June 11, 2018


Consumer Habits and Cash Use

As my colleague Doug King pointed out last month, cash is not going away anytime soon, Yanny/Laurel notwithstanding. By number, almost one-third of U.S. consumer payments were made in cash in 2017. Every year since 2008, the Survey of Consumer Payment Choice has found that cash is consumers' most popular or next-most-popular way to pay.

Many factors underlie cash's resilience, including access, current shopping habits, consumer ratings, and demographics.

Universal access. Paypal's chief financial officer commented to the Wall Street Journal earlier this year, "I don't think we will ever be entirely cashless, maybe in large part because I don't know if we will ever be in a world that every person has a smartphone or a mobile device."

Shopping habits. Most purchases—nine in 10—are made in person, not online (2015 Survey of Consumer Payment Choice). And when shopping in person, consumers prefer cash for small-dollar transactions. Two-thirds of U.S. consumers report that they prefer cash for in-person payments of less than $10 (2016 Dairy of Consumer Payment Choice). Forty percent prefer cash for in-person payments between $10 and $25.

Consumer ratings. Consumers say cash is the most cost-effective way to pay. The Survey of Consumer Payment Choice asks respondents to rate the cost of using a particular payment method, taking into account that fees, penalties, interest paid, etc. can raise the cost of a payment method, while discounts and rewards can lower it.

Demographics. People with fewer payment options use cash. That includes low-income people who have less access to credit cards as well as people without bank accounts who have no access to non-prepaid debit cards. It also includes millennials, who used cash for almost 30 percent of their payments in 2016 (Diary of Consumer Payment Choice).

You probably already know that card payments dwarf cash payments—almost 60 percent of consumer payments are made with some type of card, whether it's debit, prepaid, or credit. Yet cash persists. Recently, a new acquaintance told me he "never" uses cash. As evidence, he reported that he had no cash in his pocket, explaining "that's because I used my last $2 to buy coffee this morning."

Hmm. What does this say about the health of cash? What Dave Lott wrote in 2016 is still true today: not dead yet.

Next post: Merchant acceptance and the use of cash

To learn more about consumer payment choices and preferences, visit the Federal Reserve Bank of Atlanta’s new consumer payments web page that houses a variety of surveys, studies, and research reports on the topic.

Photo of Claire Greene By Claire Greene, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

June 11, 2018 in cards, currency, debit cards, emerging payments, mobile payments, payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

May 29, 2018


Laurel or Yanny? Cash or Card?

The latest and greatest trend on the Internet is the debate over whether you hear a recorded voice say "Laurel" or "Yanny." While I don't intend to get into the science of the phenomenon, I do find it fascinating (and completely ridiculous) that anyone would hear "Yanny." As I was thinking about this current crazed conundrum, the payments geek in me started to relate the Laurel-versus-Yanny debate to the payments industry.

It seems that we in the Retail Payments Risk Forum get asked at least monthly when the United States will become cashless. Our short answer is "never." Some people still prefer to pay with cash for many items, especially small-dollar purchases. In fact, a hamburger chain launched a cashless location during the past year only to find out that some of its customers were not happy that they were unable to pay with cash. And a large online retailer just announced a partnership that will allow its customers to use cash for purchasing gift cards to use on its website.

On the flip side, there are those (and I am smiling at one of my Risk Forum colleagues) who wince at the thought of making a paper-based payment, including cash, for anything. Here in the United States, we have embraced payments choice for consumers. And while I might be someone who prefers to pay with a credit card, I have close friends who prefer debit cards. I even know a few people who prefer to use their mobile phones.

Science can explain why people might hear a word differently. Perhaps we also need science to understand the factors that have a role in driving payment preferences—factors that might include past behavior and experiences, socioeconomic status, and incentives. Nevertheless, the fact remains that you will have your Laurels and your Yannys in payments, and oftentimes the two sides won't understand why the other would ever want to pay with their preferred method.

Research can get caught up in the hysteria that surrounds emerging payments and fintech and overlook established forms of payments. But let the Laurel-and-Yanny debate serve as a reminder that differences among consumers in payment preferences will always exist. Let's not lose sight of those established forms of payments that remain vitally important to commerce, even as the industry races to implement new technologies and systems.

To learn more about consumer payment choices and preferences, be on the lookout for the June 1 launch of the Federal Reserve Bank of Atlanta's new consumer payments web pages that house a variety of surveys, studies, and research reports on the topic.

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

May 29, 2018 in cards, fintech, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

May 21, 2018


Heading toward A New Era of POS Portability?

At recent conferences I've attended, exhibitors in the point-of-sale (POS) terminal and acquiring business were all showing off their portable devices. With one of these, a restaurant server could take a payment at the table or a retail employee could conduct a transaction in a store aisle. The exhibitors said that these devices allow for a more high-touch, personalized customer experience than traditional counter-top POS devices. In fact, while walking the exhibit floor, I noted that countertop POS devices were extremely hard to find.

The theme of POS portability was also evident in the session rooms. Multiple panel discussions and keynote speeches focused on the Payment Card Industry's (PCI) PIN-on-glass security standard, which would give already-in-the-marketplace devices for using mobile phones and tablets as card readers the ability to use PIN-based authentication. In essence, the standard allows customers to enter their PINs on merchants' commercial off-the-shelf (COTS) devices—such as bring-your-own-device tablets or phones—rather than on PCI-certified devices that a merchant owns or leases through its acquiring relationship. PIN on glass has been widely implemented in Australia and, based on what I've heard at these conferences, it is probably one to three years from making any headway here in the United States.

I first wrote about portable POS devices in the restaurant industry nearly six years ago. Since then, I can count on my hands the number of times I've swiped or dipped my card at a portable POS terminal (and several of these interactions occurred in Mexico). Most experiences were positive. On numerous occasions, I've used my card with a COTS device, also with mostly positive experiences. I have honestly never envisioned using or yearned to use a PIN for these transactions.

Little has changed in the way of mobile POS adoption since I wrote that post. So, do I believe we are moving towards a new era of POS mobility? Yes, but very slowly. With the proliferation of independent software providers and their mobile-based solutions for payment processing, I think the industry is now better positioned than it was six years ago for a change. However, I learned from speaking with others in the industry that the conversion process remains time consuming and costly. As far as PIN on glass goes, will the consumer be an obstacle to adoption? I'm not convinced that consumers will be comfortable entering their PIN on someone else's mobile device.

What is your take on the future of POS portability?

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

May 21, 2018 in biometrics, card networks, cards, debit cards, emerging payments, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 26, 2018


Convenience Always Wins, In One Form or Another

My colleagues and I often write about the frustration that security professionals have that consumer convenience will almost always win over the adoption of more secure practices. We've seen this over the decades with poor password and PIN management and the often lackadaisical approach consumers take to keeping their payment devices safe and secure. This post will take a slightly different tack—it will explore the influence convenience has on the payment card issuance strategy of U.S. financial institutions (FI) and how convenience always seems to win, though sometimes in unexpected ways.

When the various mobile pay wallets were being launched, many observers speculated that they might be the beginning of the end for plastic payment cards. Some, presuming that mobile was a more convenient way to pay, opined that the day would come when FIs would have no reason to continue issuing cards since everyone was going to be using their phones. Although adoption has been increasing, the reality is that mobile payments at the point of sale have been slow to gain traction. Recently released results of a survey of FIs in seven of the Federal Reserve Bank districts revealed that 75 percent of respondents thought it would be at least three years before consumer adoption rates of mobile payments would exceed 50 percent; 40 percent said it would take five years or longer. Consumer surveys consistently indicate that consumers aren't adopting mobile payments because they find their plastic payment card more convenient. So for mobile devices, convenience still has a ways to go.

Some financial-institution-owned ATM operators, continuing efforts to provide alternatives to plastic cards, have recently begun supporting cardless ATM transactions. With this service, you use your FI's mobile banking application to set up or stage an ATM withdrawal, identifying the account and amount to be dispensed. The details of the various technologies differ, but they all work like this: you go to the FI's ATM, select the cardless ATM function, and use a smartphone to either scan a QR bar code or enter a one-time transaction code. (Sometimes you may have to use a PIN.) Nice and convenient! And you don't have to worry about damaged or forgotten cards, or getting your card skimmed. We'll have to wait to see how consumers react to this feature's convenience.

Some FIs currently issue, or plan to issue, dual interface cards when it's time for customers to replace their existing chip card. While costlier to the FI, the new cards include a contactless feature that allows an NFC-enabled terminal such as an ATM or point-of-service device to read the data on the chip when you pass the card within a couple of inches of the reader. Contactless transactions, which are quite popular in Canada and Europe and greatly desired by mass transit systems in the United States, are faster. And we all know that faster means more convenience—right? Like cardless ATM transactions, contactless offers some security benefits. But merchant terminal acceptance remains a concern, just as it has been for the various pay wallet applications.

So it seems that convenience comes in different forms, and it appears that many FIs are betting that, like currency and checks, the plastic payment card is going to be around for quite some time. Perhaps that is the best strategy: offer a wide range of options and let the customers decide for themselves which are the most convenient.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

March 26, 2018 in cards, debit cards, mobile banking, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 19, 2018


Mobile Banking and Payments' Weakest Link: Me

What's the biggest hole in mobile banking security? As my colleague Dave Lott reported in January, bankers say it's consumers' lack of protective behavior when using mobile devices. That means you and me.

In response, financial institutions (FI) have implemented controls including inactivity timeouts and multifactor authentication, as noted in Mobile Banking and Payment Practices of U.S. Financial Institutions, which reported the findings of a 2016 Federal Reserve survey.

Baking these controls into mobile apps makes sense because research on consumer behavior suggests that expecting consumers to independently take steps to protect their accounts and data is not realistic. Take as one example: I co-wrote a paper with Joanna Stavins for the Boston Fed reporting the results of our investigation into consumers' responses to the massive Target data breach. We found that while consumers do react to reports of fraud, their reactions can be short-lived. In addition, consumers' opinions may change, but their behavior may not. In other words, considerations aside from security could take priority. (See also a report on the 2012 South Carolina Department of Revenue breach.)

Debit and credit card data for 40 million cards used in Target stores were stolen in late 2013. The breach was widely reported in the news media and caused many financial institutions to reissue cards. Because it was primarily a debit card breach, one might reasonably expect consumers to take a jaundiced view of debit cards after the breach.

And, indeed, that was the case. The Survey of Consumer Payment Choice was in the field at the time of the Target breach. Some consumers answered questions about the security of debit cards before the breach became public. Others answered after.

Consumers who rated card security after the breach rated debit cards more poorly relative to the average rating of the other payment instruments—cash, paper checks, ACH methods, prepaid cards, and credit cards. So in that sense, they reacted to the news.

One year later, consumers in 2014 rated the security of debit cards more poorly both relative to their ratings of other payment instruments and absolutely (that is, a greater percentage of consumers rated debit cards as risky or very risky). In contrast, compared to 2013, the absolute security ratings of cash improved. There was no change in the security ratings of credit cards.

The more important question: Did consumers change their behavior in response to this massive and widely reported data breach? The answer: not according to this survey data. There was no statistically significant change in consumers' method of payment mix in 2014. Debit cards remained the most popular payment instrument among consumers in 2014, accounting for almost one-third of their payments per month.

What does this mean for financial institutions? Realism about my willingness to take action is well placed. You can't count on me.

Photo of Claire Greene By Claire Greene, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

March 19, 2018 in account takeovers, banks and banking, cards, debit cards, identity theft, mobile banking, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 12, 2018


Webinars Discuss Mobile Banking and Payments Survey Results

Earlier this year, I wrote a post highlighting some of the Mobile Banking and Payments Survey results that were consolidated from the seven Federal Reserve districts that conducted the survey: Atlanta, Boston, Cleveland, Dallas, Kansas City, Minneapolis, and Richmond. The 706 responding financial institutions gave us valuable information about their current and planned services as well as security features for their mobile banking and mobile payments products. (You can download a copy of the report from the Boston Fed's website.)

You can get a more detailed review of the survey findings when the Boston Fed's Payment Strategies Group conducts two webinars on March 21 and March 22.

Attendees will learn about:

  • Current developments in mobile financial services
  • Practices, products, and trends related to consumer mobile banking and payment services
  • Financial Institution perspectives on mobile security, concerns, and mitigation tools

There is no charge for the webinars but you must register. To view both webinars, you must register for both. Select a link below, then click the Register button. After you have registered, you will receive a confirmation email with the access information.

REGISTER for Part I: Consumer Mobile Banking, Wednesday, March 21, 2018 at 2 p.m. (EDT)

REGISTER for Part 2: Consumer Mobile Payments, Thursday, March 22, 2018 at 2 p.m. (EDT)

Feel free to share this post with any of your colleagues who may wish to attend. If you have any questions about the webinars, please email elisa.tavilla@bos.frb.org.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

March 12, 2018 in banks and banking, mobile banking, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

February 12, 2018


If the Password Is Dying, Is the PIN Far Behind?

Back in January, I wrote a post that highlighted the rising incidence of lost-and-stolen card fraud in the United Kingdom. I concluded that the decades-old PIN solution for the card-present environment is now showing signs of weakness. Results of a recent Minneapolis Fed survey of 283 financial institutions offer some validity to my conclusion: the survey found that losses on PIN-based debit increased by 50 percent from 2015 to 2016. In fact, 81 percent of the respondents reported fraud losses from PIN-based debit, compared to only 77 percent for credit cards.

The news wasn't all bad for PIN-based debit. Signature-based debit and credit cards still had more fraud attempts than any other payment instrument. At 63 percent, signature debit fraud actually had a higher increase in fraud losses from 2015 to 2016 than did PIN debit. The PIN is a far superior verification method for card payments, but I'm willing to bet that the PIN, much like the password, has become less effective.

Is this coming at a time when the PIN is about to become more prominent? In late January, the PCI Security Standards Council announced a new security standard for software-based PIN entry, also known as "PIN on glass." This standard specifies the security requirements for accepting a PIN on a mobile point-of-sale device such as a Square card reader.

As an aside, I am a bit surprised by this announcement. Apparently, mobile phones are safe enough for entering PINs, but when someone uses a pay wallet such as Apple Pay or Samsung Pay, the card's PAN, or primary account number, is tokenized for security purposes. I'll save a discussion of this inconsistency for another post.

People have been talking for years now about how the password has passed its prime as a standalone authentication solution. Yet it continues to live, and it's as difficult as ever to mitigate its vulnerabilities. In my opinion, attempts to do so have increased customer friction and had minimal impact. I think the PIN is following a similar path. It creates customer friction (especially for me as I now have different PINs for multiple cards that I struggle to keep straight) and is losing its effectiveness, according to the data I mentioned in the first paragraph. But it appears that, with the PCI's recent announcement, the PIN could become even more prevalent for cardholders. Is it time, in the name of security and customer friction, for us to replace PINs and passwords with more modern authentication technologies such as biometrics?

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

February 12, 2018 in authentication, banks and banking, cards, chip-and-pin, consumer fraud, debit cards, EMV, mobile payments | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

Google Search



Recent Posts


Archives


Categories


Powered by TypePad