Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
August 12, 2019
At the Intersection of FinTech and Financial Inclusion
Technological innovation is booming, and many financial institutions and financial service providers, including mobile phone providers, are increasingly adopting financial technology, or fintech, to offer easier and faster payments to consumers. In other words, the consumers who have traditional banking services such as checking and savings accounts naturally have access to solutions such as online or mobile bill pay, account and P2P money transfers, and customized saving options. But what about the people who don't have a bank account?
According to the Federal Reserve's Report on the Economic Well-Being of U.S. Households in 2018, approximately 6 percent of adults do not have a bank account, and approximately 22 percent are either unbanked or underbanked (having a bank account but relying on alternative financial services). How does the payments industry make sure that, in the words of the World Bank, all "individuals and businesses have access to useful and affordable financial products and services that meet their needs"? How can the industry help boost financial inclusion, which is "a key enabler to reducing poverty and boosting prosperity" (also in the words of the World Bank)?
Join us for the Atlanta Fed's latest episode in our Talk About Payments webinar series on Thursday, August 22, from 1 to 2 p.m. (ET). A panel of payments experts will focus on how fintech aims to improve financial inclusion by giving people who are un- or underbanked access to the payments system. Panel members will also discuss current research on financial inclusion and programs intended to support economic mobility.
Panel members are:
- Dr. Sophia Anong, associate professor, financial planning, housing and consumer economics, University of Georgia
- Nancy Donahue, Federal Reserve Bank of Atlanta
- Catherine Thaliath, Federal Reserve Bank of Atlanta
Participation is free, but you must register in advance. After you've registered, you'll receive a confirmation email with the login and toll-free call-in information. We hope you and your colleagues will join us and be part of the discussion as we delve into the ways financial technology is helping to meet the needs of the underserved.
By Catherine Thaliath, project management expert in the Retail Payments Risk Forum at the Atlanta Fed
August 5, 2019
A Call to Action on Friendly Card Fraud and Loss?
I have recently had two conversations about the topics of friendly fraud and loss, one from a merchant's perspective and another from a financial institution's issuer perspective. Friendly fraud is often used interchangeably with first-party fraud, as was the case in the conversations, but they are quite different. First-party, sometimes called "bust-out," fraud occurs when an individual applies for and receives a loan or credit line with no intention of ever making a payment. (The term "bust-out" comes from when the individual maxes out the credit, getting as much "free" stuff as possible and making no plans to pay.) First-party fraud is generally considered credit fraud and not payment fraud.
Friendly fraud occurs when a cardholder disputes a transaction that the cardholder never intended to pay even though products or services were properly rendered. Sometimes cardholders dispute legitimate transactions that they honestly do not recognize or remember—think of an annual recurring charge that might slip a cardholder's mind, or the merchant name on the statement is the parent company and not the more easily recognized d/b/a store name. If the resolution of such a dispute is such that either the merchant or issuer takes a loss, this is not true payment card fraud but should be classified as a loss rather than fraud.
The two conversations were clearly around friendly fraud and loss situations that are transaction fraud rather than credit account fraud. Both the merchant and financial institution claimed that friendly fraud and loss transactions are growing rapidly yet are not necessarily being properly captured or categorized. One of the organizations even went so far as to suggest that third-party card fraud is being greatly overstated because a significant portion of that fraud is actually friendly fraud and loss, and this mismeasurement is directing fraud discussions and mitigation decisions away from creating ways to better identify and mitigate friendly card fraud and loss.
So I issue a call to action for Take on Payments readers with multiple questions:
- What is your experience with friendly fraud and loss?
- Are you able to track these independently of third-party fraud?
- If so, are you seeing growth in friendly fraud and loss, as the merchant and financial institution stated was happening?
- What's the driving force in the friendly fraud and loss that you are experiencing?
- Does this particular fraud warrant more discussion by the industry, and in particular the Risk Forum, as it has not been an area of focus of ours relative to third-party card fraud?
Feel free to email me at firstname.lastname@example.org or use the comment button below. I would greatly value your thoughts on this topic.
By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
July 29, 2019
You Can't Manage What You Can't Measure
Peter Drucker famously applied the adage you can't manage what you can't measure to widgets at General Motors. Researchers, fintech entrepreneurs, elected leaders, and others who are trying to ensure economic mobility for all would do well to remember this advice. To be able to interpret or conclude that real improvements are occurring due to financial innovation, it is important to understand the metrics used for assessing economic mobility.
One important resource for data on financial inclusion is the Group of Twenty (G20) Global Partnership for Financial Inclusion (GPFI). This group has produced a number of excellent documents on financial inclusion. I want to bring special attention to the G20 Financial Inclusion Indicators and the interactive dashboard.
These indicators grew out of the original Basic Set of Financial Inclusion Indicators, which was created in 2012. Updated this past April, the indicators are meant to measure achievements and disparities in the use of digital financial services along with the technology or environment that is needed to enable use of these services. The dashboard interprets recent data collected for certain indicators. You can download country-level raw data based on variables that you customize. Also on the G20 site is an interactive data visualizer that will let you see how the United States compares to other countries by each indicator.
There are three dimensions to the measurement: (1) access to financial services, (2) use of financial services, and (3) quality of products and service delivery. Here are some indicator categories related specifically to payments:
- Retail cashless transactions
- Adults using digital payments
- Mobile phone or Internet-based payments
- Payments using a bank card
- Debit card ownership
- Proximity to physical points of service (i.e. branches, ATMs, access to internet)
- Enterprises that send or receive digital payments
- Received wages or government transfers into an account
The GPFI encourages individual countries to supplement the G20 Indicators with country-specific metrics. Following are several additional sources contributing to measurements of financial inclusion for the United States:
- U.S. Financial Health Pulse by the Financial Health Network: Measures financial health using the Center for Financial Services Innovation Financial Health Score measurement methodology, consumer surveys, and transactional records.
- The Opportunity Atlas by the U.S. Census Bureau and Opportunity Insights: Maps the neighborhoods in the United States that offer children the best chance to rise out of poverty.
- Small City Economic Dynamism Index by the Federal Reserve Bank of Atlanta: Provides a snapshot of the economic trajectory and current conditions of 816 small and midsized cities across the United States. It includes 13 indicators of economic dynamism for metropolitan and micropolitan areas with populations above 12,000 and below 500,000.
- Payment Volume Charts Treasury-Disbursed Agencies> by Bureau of the Fiscal Service:: Offers downloadable reports that compare monthly and cumulative electronic funds transfer payment volumes for different time periods.
- Model Safe Accounts by the Federal Deposit Insurance Corporation: Offers an overview and report of a pilot program designed to evaluate the feasibility of financial institutions offering safe, low-cost transactional and savings accounts that are responsive to the needs of underserved consumers.
Keeping data at the forefront of the discussion on financial inclusion will better inform strategies, help organizations and entrepreneurs build better products and services, and help policymakers and many others monitor the effect of initiatives.
By Jessica Washington, AAP, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
July 22, 2019
Ransomware Attacks Continue
Ransomware attacks have only continued since I addressed the problem in a recent post, and they've continued to target municipal and state agencies. Riviera Beach (May) and Lake City (June), both in Florida, were successfully attacked. Lake City paid a bitcoin ransom of approximately $470,000 while Riviera Beach paid about $600,000, also in bitcoin. These attacks took place soon after the one in Jackson County, Georgia, whose government paid $400,000 for decryption keys. While law enforcement officials recommend that victims not pay ransom for fear that doing so encourages the criminals to continue their attacks, the affected agencies often view paying the ransom as a cost-effective way to restore operations as soon as possible. Moreover, Lake City and Riviera Beach were both insured against such attacks, with a $10,000 and a $25,000 deductible, respectively. It appears that in all three of these instances, when they got their ransom, the criminals supplied the necessary data that allowed officials to regain control of the systems.
So how can governments, schools, hospitals and doctors' offices, financial services, and consumers best protect their systems from these nefarious attacks? It's not easy—criminals are constantly developing new malware to get into systems. However, here are some critical guidelines from IT security professionals that can help us all avoid or minimize the impact of a ransomware attack.
- Perform data backups at least daily, and keep at least one backup copy offsite or on portable storage devices not connected to the network.
- Avoid using end-of-life operating systems and software that cannot be updated to address known vulnerabilities.
- Install software updates and security patches as soon as possible, and follow established change control guidelines.
- Evaluate segmenting your network into separate zones to minimize the spread of a ransomware infection.
- Train and test employees regularly about how criminals use phishing attacks to load malware onto computers that can then compromise system access credentials.
- Require employees to use strong passwords.
- The IT security community is divided about how frequently passwords should be changed, but do so at least every six months.
- Maintain comprehensive access controls so that only the employees that require access to individual system have such rights, especially regarding remote access.
- Use reliable security software and, as the second bulleted item recommends, keep it updated. Evaluate adding special trusted anti-ransomware tools, some of which are free.
- Evaluate your cybersecurity insurance policy in terms of its ransomware coverage.
In addition, every agency and organization should develop a ransomware response plan that can be implemented as soon as an attack has been detected. While the immediate focus should be on minimizing the impact of the attack, elements for business continuity, law enforcement notification, media communications must also be part of the plan.
We hope you won't be a victim, but simply keeping your fingers crossed isn't an effective plan.
By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
July 15, 2019
The Future of Fraud in a Post-EMV Chip Environment
"Doug: Your conclusion has me worried about credit-push in an environment where payments are irrevocable." I received this brief email a few days after my latest paper was published on the Atlanta Fed website. In this paper, I explore fraud trends in countries with a fully mature, or close to it, EMV chip card environment—trends we are likely to see in the United States as our EMV chip card implementation matures.
When the topic of EMV chip card fraud comes up, the conversation nearly always makes its way to the documented shift from counterfeit card fraud to card-not-present (CNP) fraud. While that is a fair and valid conversation, times are changing, and we just may need to refocus the fraud conversation, as this email indicates—my emailer was referring to credit-push payments and the fraud that can happen, and is happening, in this environment.
Data clearly show that when countries such as the United Kingdom, France, and Australia migrated to EMV chip cards, CNP fraud rose—in some instances, dramatically. And where the data are available, we can see that the fraud rate for CNP transactions also initially rose. But over the last several years something interesting has happened. Both absolute CNP fraud and CNP fraud rates are declining in some of the countries. While these countries did not have many CNP fraud prevention techniques and tools at their disposal when they first migrated to EMV chip cards, the technology is catching up and they have more tools now. If there was any benefit for the United States from being an EMV laggard, perhaps this is it: we are better equipped to deal with CNP fraud.
But back to push payments. Authorized push payment (APP) fraud, which is a form of credit-push fraud, is a growing problem. In the United Kingdom, the real-time payment system is being used extensively to carry out this type of fraud. Just as other countries didn't have many tools to fight CNP fraud in early EMV chip adoptions, we don't have all the tools yet to mitigate APP fraud.
At the heart of APP fraud is business email compromise, which we've covered in this blog and which was the featured topic in the Atlanta Fed's most recent Economy Matters podcast episode . To read more about this particular fraud trend and other trends the U.S. payments industry should be wary of as our EMV chip card environment matures, be sure to read the paper .
Back to the email I received—it was short, but my reply was even shorter: "You should be worried."
July 8, 2019
A Tip for Summer Travel
Because I study payments, people like to brag to me about the ways they pay. "I never use cash." "I don't carry cash, even when I travel." "I buy a pack of gum with my phone." "I haven't seen a dollar bill in five years." Et cetera.
Lots of times, I get these comments while I'm traveling. Like me, the people I chat with are traveling. Handing over a bag to a skycap. Getting housekeeping services in a hotel. Eating a burger at the bar.
So please tell me, all you smartphone-carrying, thin-wallet sophisticates, how do you tip?
When I was a kid, hotel rooms had tiny paper envelopes "for the maid," my father said. Filling the envelope was the last step before loading kids and caboodle into the car. Before we got to drink Tang and eat powdered-sugar donuts, we thanked the housekeeper. Like Tang, those envelopes are becoming an artifact of the past, with the result that you might expect: declining tip income for service workers.
Plea to app developers: find a way to make it easy to tip on the go. There are plenty of tipping apps out there, and from my point of view, they work fine for relationship tips—for example, an app payment to a hair stylist. But what about the one-time tip? When I'm running for the subway I can't (or won't) stop to open or download an app and key in a dozen letters or numbers to thank Keytar Bear, a busker who performs here and there in Boston.
This brings up a key obstacle to apps for tipping: not only do I have to have the app, but the service person does also.
What could be easier to adopt and use than the $2 bill I keep in the outside pocket of my backpack for Carlos, the best guitar player in Harvard Square? I don't have to ask, "Do you accept this or that?" I don't scan or key. I just wave to Carlos, drop the cash, and keep moving.
To tip in cash, we need to carry cash. About 20 percent of respondents to the 2017 Diary of Consumer Payment Choice reported that they carried no cash on any of their three reporting days. My Atlanta Fed colleague Oz Shy cites Rule #1 of tipping: "There are no rules about tipping." So I'll offer a guideline, not a rule: "Carry a bit of cash."
If you haven't found a cashless solution, go to a bank or credit union and get yourself a stack of $2 bills (Thomas Jefferson on the front, signing of the Declaration of Independence on the back, so appropriate in July). Stash them with your carryon bag.
It's summer travel season. In 40 states, the minimum wage requirements are lower for tipped workers. How do you thank the people who made your stay clean and comfortable? How do you tip?
By Claire Greene, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
July 1, 2019
Ransomware: Hopefully Not Coming Soon to a Computer Near You
In March 2018, the city of Atlanta fell victim to a ransomware attack. Criminals gained access to the city's computer network and loaded SamSam Ransomware, a malicious software. The criminals demanded a payment of approximately $51,000 in virtual currency to provide the decryption keys necessary to regain access to the infected and locked systems. The attack laid siege to the city by rendering police, utility billing, traffic court, and other systems unusable. The city refused to pay the ransom, and has since spent at least $6 million in forensic and remediation work with as much as an additional $11 million earmarked for system upgrades and other resources to combat future attacks.
Ransomware attacks have been a growing threat. While studies such as the Symantec Internet Threat Security Report show that the overall incident rate has decreased slightly, they also indicate that the range of targets has shifted. From 2013 until last year, consumers were the most frequent targets, with ransom requests in the hundreds of dollars. In the early years of these attacks, individuals would get a message that their computers had been infected and they had to pay a fee to download a fix. In many cases, the infection claim was false. Beginning in 2018, businesses—including municipalities, hospitals, and health care networks—have become primary targets, with ransom demands in the tens or hundreds of thousands of dollars. Typically, the criminals demand that the ransom be paid in cryptocurrency (nearly always bitcoin). As in the Atlanta case, these attacks often prevent customers from making payments, whether for traffic violations, business permits, or even marriage licenses.
Should ransomware targets pay the ransom? Law enforcement communities officially say "no." In some cases, when victims pay the ransom, they never receive the decryption keys to regain access to their data, or the keys don't work. There is concern that payments only encourage the criminals to commit further attacks, sometimes against the same business and demanding additional money. It is not illegal for a business to make ransomware payments, and many, including Newark, New Jersey ($30,000), have done so.
Is your computer or network prepared to defend against such an attack? Ransomware attacks typically exploit weak passwords or known security vulnerabilities in applications and operating systems. But a common entry point is through phishing of an employee to compromise legitimate system access credentials. As in business email compromise, the criminal conducts surveillance to learn about the different systems in operation and plans the initial attack to have the greatest possible impact. As we have stressed so often, prevention starts with employee education and the adoption of security best practices. In a future post, I will write about more prevention and mitigation best practices.
As for the Atlanta ransomware attack, last December, a federal grand jury returned indictments against two foreign nationals for the attack. The grand jury indicated these two people were also behind the April 2017 attack on Newark, New Jersey. There was hope in the law enforcement and cybersecurity communities that the arrest of these individuals would dampen enthusiasm for this threat vector, but attacks this year against Akron, Ohio (January), Albany, New York (March), and Baltimore, Maryland (May) suggest otherwise. None of these cities made any ransom payments.
By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
June 24, 2019
Moving towards Electronic Social Security Number Verification
Earlier this year, a colleague wrote a Take on Payments post about synthetic identity fraud. Throughout the year, we've found ourselves talking often with representatives from law enforcement and financial institutions about the growth of this particular type of fraud. There are different estimates that try to catalogue the damage, but one that strikes me is that synthetic identity fraud could account for as much as 5 percent of uncollected debt and be responsible for approximately 20 percent of credit losses.
A major challenge to mitigating this fraud is the difficulty financial institutions and other lenders have in confirming that a social security number (SSN) being presented actually belongs with the name of the person presenting it and that their date of birth actually matches the SSN. Prior to June 2011, the first three numbers of the SSN provided geographical clues to the number holder's birth state, which allowed for some basic verification, but the Social Security Administration (SSA) now randomizes all numbers making this minimal form of verification impossible for any SSN issued after this date. Currently, the SSN verification process requires that the requester complete a wet signature consent form that is submitted in hard copy to the SSA. Hardly a speedy process in a day and age when financial institutions and lenders are striving to make many lending decisions in hours or minutes, not days! But change from the SSA is in the air.
On June 7, the SSA published a notice to the Federal Register announcing initial enrollment for a new electronic consent-based SSN verification service. The notice is full of details about this program and its initial enrollment is open to all financial institutions (FI) and FI service providers as defined by the SSA. Participation in the pilot program requires that enrollees pay an initial administrative fee followed by volume-based pricing according to the annual number of transactions. The initial enrollment period opens on July 17 and will run through July 31. Following this period, the SSA will select a limited number of enrollees across several different categories for participation in the program, which is set to begin June 2020. Even if an applicant company is not selected to participate in the initial program, it would be eligible to participate when the program expands. Otherwise, new applicants will have to wait until the next enrollment period, which could be as long as two years.
This new SSA program would be a positive step toward reducing synthetic identity fraud. However, there is a balancing act between the costs for combating fraud and the actual cost of fraud. It will be interesting to follow the enrollment figures and other metrics to determine how effective this measure turns out to be. How do you feel about these efforts by the SSA?
June 17, 2019
Performing and Paying in the Gig Economy
Bobby Short at the Café Carlyle in New York City. Hank Williams at Nashville's Grand Ole Opry. A trumpet player in the pit, a pianist at a bar. All these musicians have been gigging—that is, they've performed live for pay. The term gig is thought to be shorthand for engagement and has been around since the early years of the 20th century.
Nowadays, it seems that a lot more workers—not just musicians—gig. In the gig economy, independent workers perform short-term jobs for companies or individuals. Many of us presume that most of those jobs are somehow enabled by technology. Now some counterintuitive data about the gig economy comes from the Federal Reserve's Survey of Household Economics and Decisionmaking (SHED).
The SHED finds that three in 10 U.S. adults did some gig work at least once in the month prior to the survey. The survey defines gigging as selling goods online or renting out property, as well as providing personal services like yard work or ride sharing. Among gig activities, child- and elder-care, cleaning, and property maintenance were most common. Half of gig workers indicated they spent five hours or less on gig work in the month prior.
One finding that surprised me: the gig economy is an offline economy. Compared to the 30 percent of adults who did some gig work, just 3 percent of adults used a website or mobile app to find that work. Said another way, that means that just one in 10 gig workers engage in what this paper from the Boston Fed calls "internet platform-based work."
My immediate reaction: how can that be? I took 15 ride shares in April, one every other day. Surely there are more Uber and Lyft drivers out there. My second thought: my mom gets rides, too. When Mom wants a ride, she makes a call on her landline phone to a gig worker for a local agency that helps seniors live independently. As the SHED report puts it, "Most of [gig] activities predate the internet." Driving, housekeeping, babysitting, and lawn maintenance all have been around for a long time.
And, in fact, the SHED estimate of internet platform-based work is higher than some others, because the work is not limited to providing services. It includes, as noted above, selling stuff via online marketplaces. In comparison, the Contingent Worker Supplement from the U.S. Bureau of Labor Statistics (BLS) finds that in May 2017, 1 percent of workers engaged in "electronically mediated work," defined as "short jobs or tasks that workers find through websites or mobile apps that both connect them with customers and arrange payment for the tasks." (Note that the SHED estimate is a share of adults and the BLS is a share of workers ["employed persons," defined here].)
Like the gigs, some ways to pay for gig work predate the internet. My mom pays her driver directly on the same day with paper. And, in fact, the 2017 Survey of Consumer Payment Choice found that 70 percent of person-to-person (P2P) payments were made with cash or checks.
I pay the ride-share app with a fingerprint through an intermediary. The driver, paid indirectly by me, gets an ACH credit to a bank account or a prepaid card load. Many get paid the same day or right after the ride. About half of those I speak with don't mind the 50 cent fee to get paid sooner.
Two ways to arrange a ride. Two ways to pay. Both relevant in the 21st century.
By Claire Greene, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
June 10, 2019
The ABCs of Elder Financial Exploitation
In 2011, the World Health Organization designated June 15 as World Elder Abuse Awareness Day. So each year, a number of organizations supporting the elderly run educational campaigns throughout the month of June aimed at increasing awareness of elder abuse. This crime has a number of different forms: physical, emotional, or sexual abuse, neglect and abandonment, and financial exploitation.
We covered the growing impact of elder financial abuse in terms of numbers in a post last August. That growth is being driven by a double whammy: the surge in the senior population and the proliferation of available exploitation attack channels, thanks to the internet. Because none of this is likely to slow down for some time, education is critical. As the Retail Payments Risk Forum has stressed before, education is an important element in curbing fraud, and this area is no exception.
Here are some of the more common financial scams targeting the elderly:
- Charity: The victim receives a request, usually over the telephone or in a public place, for donations for natural disaster relief or other good causes, but the funds are not used for such purposes.
- Sweepstakes/lottery: The victim receives a letter, email, or telephone call with the news that they have won a lottery or cash sweepstakes—but they have to pay a tax or administrative fee in advance.
- Home repairs: Someone tells the victim that some aspect of their property needs repair—for example, the driveway, roof shingles, or gutters—and it can be done inexpensively since there is a "crew already in the area." The victim must pay by cash or check in advance, but the crew never appears to do the work.
- Romance: The fraudster, often posing under a false identity, makes romantic overtures and eventually asks the victim to send money so he or she can travel to meet them.
- Tax: The victim receives a phone call from the fraudster claiming to be an IRS agent pursuing back taxes and unless the victim sends funds immediately, they will be subject to arrest. A variant of this scam involves the perpetrator posing as a police officer pursuing unpaid traffic tickets or other infractions.
- Virus: A "technical support" company calls the victim, claiming that a virus has infected the victim’s computer. For the payment of a "modest fee," the company can download software that can kill the virus and protect the computer against future attacks. Often, the software downloaded actually contains some form of malware that may allow the criminal to compromise the banking credentials of the victim.
- Other advance fee fraud: The fraudster requests money to help a relative in jail or stranded on the roadside. The situations are completely false but might contain some element of truth as the scammer may have found information on social media providing a name or that the named individual is out of town.
- Identity theft: The criminal communicates with the victim through social media, telephone, or email to obtain bank account or other information allowing them to attempt a wide variety of fraudulent activities including credit applications, unauthorized account transactions, and more.
- Investments: The victim is convinced to purchase an annuity or some other investment with a supposed lucrative payback.
Sadly, most elder financial abuse is committed by family or other people who are trusted with care of the elderly, which makes the crime more difficult to detect. Such abuses range from the transfer of property or securities to the theft of liquid assets through check writing or ATM withdrawals.
While researching this issue, I was heartened to learn that various organizations are developing or improving software products to help spot potential financial exploitation or to provide training materials. The American Association of Retired Persons recently launched a pilot program for financial institutions called BankSafe. It is a free online training program with educational material presented in different formats, including video games, distributed by the Independent Community Bankers of America and the Credit Union National Association, and, directly, by some financial institutions. In addition, a recent Dow Jones Institutional News article highlighted some fintech products designed to alert trustees of unusual or suspicious activity.
If you know of any valuable programs or organizational efforts to increase awareness of elder financial abuse, please let us know.
By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
- Is There a Generation Gap in Cash Use?
- What the Most Convenient Food Tells Us about Payments
- Is Friction in Payments Always Bad?
- Why Should You Care about PSD2?
- At the Intersection of FinTech and Financial Inclusion
- A Call to Action on Friendly Card Fraud and Loss?
- You Can't Manage What You Can't Measure
- Ransomware Attacks Continue
- The Future of Fraud in a Post-EMV Chip Environment
- A Tip for Summer Travel
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- December 2018
- account takeovers
- ATM fraud
- bank supervision
- banking regulations
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- credit cards
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- financial technology
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- online retail
- Payment Services Directive
- payments fraud
- payments innovation
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- skills gap
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workforce development
- workplace fraud