About


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Take On Payments

February 19, 2019


Acute Audit Appendicitis

My son came home from school the other day and told me that his friend’s kidney had "popped." With great concern and further investigation, I found out that his friend had suffered from appendicitis but had since recovered. Luckily, fifth grade boys and most of the human race can get along fine without an appendix. And, as it turns out, there is another type of appendix people can live without: Appendix Eight—Audit Requirements—in the NACHA Operating Rules. NACHA members recently voted to cut this part out.

But wait—don’t celebrate too soon. The change doesn’t eliminate the requirement to conduct an annual ACH rules compliance audit. Rather, members voted to modify "the Rules to provide financial institutions [FI] and third-party service providers with greater flexibility in conducting annual Rules compliance audits." Specifically, the change—which was effective January 1, 2019—affected the following areas of the NACHA Operating Rules:

  • Article One, Subsection 1.2.2 (Audits of Rules Compliance): Consolidates the core audit requirements described within Appendix Eight under the general obligation of participating DFIs and third-party service providers/senders to conduct an audit.
  • Appendix Eight (Rule Compliance Audit Requirements): Eliminates the current language contained within Appendix Eight; combines relevant provisions with the general audit obligation required under Article One, Subsection 1.2.2.

FIs and ACH payment processors must still conduct, either internally or outsourced, an annual audit of their compliance with the ACH rules each year. They also must retain adequate proof of completion for no less than six years and may, during that term, need to provide proof to NACHA or a regulator. And they will have to adjust their audit methodologies to ensure that they comply with all relevant rules rather than just rely on the former Appendix Eight checklist.

The new audit process necessitates a risk-based approach, which is a strategy regulators have been encouraging in recent years. With so many emerging technologies, products, and services in the payments industry, FIs and ACH payment processors can no longer take a one-size-fits-all approach for compliance. They also no longer have a single access point to ACH—rather, they must consider many access points when auditing for Rules compliance.

These institutions may not have previously had to take into account other areas that touch payments. For example, the risk-based audit doesn’t explore just the deposit operations department; it analyzes how the whole enterprise interacts with ACH systems. Additionally, it may need to include loan operations, online account opening, person-to-person (P2P) products, investment management, and other new digital channels.

Life without Appendix Eight will be an adjustment, but its removal won’t be fatal. I think ACH participants will recover quickly and be even healthier—embracing the new risk-based compliance model will likely strengthen enterprise risk management and promote increased safety and stability in our payment systems.

Photo of Jessica Washington By Jessica Washington, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

February 19, 2019 in ACH , banks and banking , payments | Permalink | Comments ( 0)

February 11, 2019


AI and Privacy: Achieving Coexistence

In a post early last year, I raised the issue of privacy rights in the use of big data. After attending the AI (artificial intelligence) Summit in New York City in December, I believe it is necessary to expand that call to the wider spectrum of technology that is under the banner of AI, including machine learning. There is no question that increased computing power, reduced costs, and improved developer skills have made machine learning programs more affordable and powerful. As discussed at the conference, the various facets of AI technology have reached far past financial services and fraud detection into numerous aspects of our life, including product marketing, health care, and public safety.

In May 2018, the White House announced the creation of the Select Committee on Artificial Intelligence. The main mission of the committee is "to improve the coordination of Federal efforts related to AI to ensure continued U.S. leadership in this field." It will operate under the National Science and Technology Committee and will have senior research and development officials from key governmental agencies. The White House's Office of Science and Technology Policy will oversee the committee.

Soon after, Congress established the National Security Commission on Artificial Intelligence in Title II, Section 238 of the 2019 John McCain National Defense Authorization Act. While the commission is independent, it operates within the executive branch. Composed of 15 members appointed by Congress and the Secretaries of Defense and Commerce—including representatives from Silicon Valley, academia, and NASA—the commission's aim is to "review advances in artificial intelligence, related machine learning developments, and associated technologies." It is also charged with looking at technologies that keep the United States competitive and considering the legal and ethical risks.

While the United States wants to retain its leadership position in AI, it cannot overlook AI's privacy and ethical implications. A national privacy advocacy group, EPIC (or the Electronic Privacy Information Center), has been lobbying hard to ensure that both the Select Committee on Artificial Intelligence and the National Security Commission on Artificial Intelligence obtain public input. EPIC has asked these groups to adopt the 12 Universal Guidelines for Artificial Intelligence released in October 2018 at the International Data Protection and Privacy Commissioners Conference in Brussels.

These guidelines, which I will discuss in more detail in a future post, are based on existing regulatory guidelines in the United States and Europe regarding data protection, human rights doctrine, and general ethical principles. They call out that any AI system with the potential to impact an individual's rights should have accountability and transparency and that humans should retain control over such systems.

As the strict privacy and data protection elements of the European Union's General Data Privacy Regulation take hold in Europe and spread to other parts of the world, I believe that privacy and ethical elements will gain a brighter spotlight and AI will be a major topic of discussion in 2019. What do you think?

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

February 11, 2019 in consumer protection , emerging payments , fintech , innovation , privacy , regulations | Permalink | Comments ( 0)

February 4, 2019


So, How Often Do You Dip?

Remember how s-l-o-w dipping your payment card seemed when you were shopping back in 2015? Molasses? Honey? The dregs of the ketchup bottle? These days, I'm dipping more—that is, inserting my card into a chip reader—and complaining about it less. (I don't have a contactless card, so tapping isn't yet an option for me.) I still think swiping is faster, but familiarity means that dipping bugs me less. And it's become rare for me to encounter a jerry-rigged chip reader with the insert slot blocked by cardboard or duct tape, forcing me to swipe instead.

Turns out my shopping experiences—dipping more—line up with new data released by the Federal Reserve Payments Study in December 2018. The study reports some information on how in-person general-purpose card payments were authenticated in the United States in 2017.

For the first time, more than half of these payments by value were chip-authenticated in 2017. In contrast, just three percent of general-purpose card payments used chips in 2015—hence, my lack of familiarity with dipping back in the day. Because contactless chip cards were in use before the EMV-based dipping method began to take off in 2015, these data are an approximation of the increasing use of dipping, not an exact measure.

The chart below is based on figure 8 in the Federal Reserve Payments Study: 2018 Annual Supplement; it shows the substantial uptake in chip authentication at the point of sale from 2016 to 2017. (Check out the supplement for more detail.)

By-value-shares-of-in-person-general-purpose

Note: Chip payments were a negligible fraction in 2012.
Source: Federal Reserve Payments Study data (available here and here)

By number, more than 40 percent of general-purpose card payments were chip-authenticated. By card type, credit card payments are most likely to be chip-authenticated and prepaid card payments are least likely to be chip-authenticated (see the chart below). Prepaid cards are less likely to be chip-enabled, certainly a factor in the low shares of chip authentication, in part because of a business decision not to go to the expense of adding chips to low-value cards.

Shares-of-in-person-general-purpose-card-chart

By this time next year, my view of dipping could have changed again. A large card issuer has announced that all its credit cards will be tap-to-pay (that is, contactless) by mid-2019, so it's possible that my dipping will go the way of swiping.

For me, it feels more natural and faster to insert a chip card than it did a year ago. How about you?

Photo of Claire Greene By Claire Greene, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

 

February 4, 2019 in authentication , cards , chip-and-pin , credit cards , debit cards , EMV , payments study | Permalink | Comments ( 0)

January 28, 2019


A Cryptocurrency Primer

Every day, my newsfeed is full of stories about cryptocurrency, blockchain, and distributed ledger technology. I even see stories on how we can create our own digital currency, a notion that conjures up for me visions of my face on a coin, just like suffragette Susan B. Anthony. Could my own digital currency, known hereafter as the NEDNote, become a reality? My husband is a software engineer, so the technical piece is covered, but maybe offering a primer on the history of cryptocurrency and its confusing and rapidly changing nomenclature is the best place to start before I launch the NEDNote into the cryptographic biosphere.

The concept of virtual currency as a substitute for fiat currency dates back to the 1980s, with David Chaum being credited with introducing digital cash. (Fiat currency, often referred to in cryptocurrency discussions, is legal tender backed by a government or central bank.) Although early attempts at virtual currencies were made in the late ’90s, the anonymous white paper published in 2009 under the pseudonym Satoshi Nakamoto is credited for creating the first decentralized cryptocurrency, Bitcoin, and the blockchain database. And with that paper, a new lexicon began to emerge, some of which I define here.

  • Cryptocurrency, short for cryptographic currency, is a subset of digital currency.
  • Cryptography in the cryptocurrency world refers to the algorithms that encrypt data for transmission. In the analog world, think how the Navajo language was used to transmit secure messages during World War II.
  • Distributed ledger technology (DLT) refers to the infrastructure that allows a repeated digital copy of data to be available at multiple locations. With DLT, transactions take place over a peer-to-peer network, and do not require the use of a central administrator to govern or validate the transaction, but rather employ consensus algorithms to replicate the data across locations.
  • Blockchain is a type of DLT that organizes records in blocks, which are then linked with cryptographic hashes to create the chain. Each block consists of these hashes, data, and a unique timestamp. Because no trusted source or authority exists for the blockchain, it is necessary that data somehow be validated before anything can be added.
  • Validation protocols include “proof-of-work” and “proof-of-stake,” the two primary methods of validating transactions on a blockchain.
    • Proof-of-work involves mining and timestamping, which are key validation computations. Mining both validates transactions and obtains new cryptocurrency. The mathematical calculations performed in the mining process build the hash function that links the block to the chain. Miners are rewarded with new cryptocurrency for their contributions to the validation process. Timestamping tracks historical changes made to the data contained in the block.
    • Proof-of-stake employs a consensus method to determine ownership of the cryptocurrency. This method requires less computing power to complete than does proof-of-work validation but does not reward miners with new currency.
  • A crypto wallet provider is a cryptocurrency storage service that is online (hot wallet) or offline (cold storage). Hot wallets are connected to the internet and are frequently hosted by an online exchange platform. Cold storage, which is not connected to the internet, is viewed as more secure.

For many years, my husband allowed the SETI Institute to harness the excess processing power of our home computers in the search for extraterrestrial intelligence, when we could have been mining for cryptocurrency and making the NEDNote a reality. In my next post, I’ll talk about how cryptocurrencies are exchanged and some of the associated risks.

Photo of Nancy-Donahue  By Nancy Donahue, project manager in the Retail Payments Risk Forum  at the Atlanta Fed

January 28, 2019 in currency , fintech , innovation | Permalink | Comments ( 0)

January 22, 2019


Why Are Millennials So Risk-Averse?

Although millennials have been known to be the most charitable age group compared to earlier generations, they are, ironically, holding their money very close when it comes to taking financial risks. According to a recent study from the Federal Reserve, millennials are less well off than previous generations of young adults. They tend to have higher levels of student debt, lower incomes, and fewer assets to their name. In addition, millennials have grown up watching various financial crises in the United States and around the world, including the bursting of the housing bubble, the dot-com collapse, and the Great Recession. The last crisis was unfortunately around the time this generation began entering the workforce. Dealing with these financial obstacles has negatively impacted their attitude towards financial risk-taking, including investing and even opening up a new credit card. A 2017 survey, for example, found that millennials are more afraid of credit card debt than of dying or war.



Source: credible.com, "Survey: Millennials Fear Credit Card Debt  More Than Threat of War and Dying"

Millennials’ tend to see credit cards—mistakenly—only as one more way to take on additional debt. But are they doing themselves a disservice by not taking advantage of an opportunity to quickly build up or improve their credit? Doing so could better enable them to qualify for a loan to purchase a home or start a new business. Furthermore, using credit cards wisely could actually help millennials save money in the long run through rewards and cash-back programs. And when it comes to investments, millennials are opting out of long-term investments like mutual funds, preferring instead to spend their money on immediate experiences, such as traveling and going to concerts, where they can see the "return on their investment" instantly.

The misconceptions and overall distrust in the financial system from this generation speak to a need for more millennial-focused financial education tools and advisers, especially those who understand the struggles of this generation as they navigate through mounds of student debt. Tools and advice that are more dedicated to millennials’ specific needs—whether it’s through a millennial-focused financial management gaming app or a generation Y robo adviser—would go a long way toward helping millennials increase their financial literacy and begin to trust the financial system. The Federal Reserve has many financial education tools. For example, the Atlanta Fed offers financial tips, updated monthly, in the Atlanta Fed’s digital magazine Economy Matters. And check out these resources from the St. Louis Fed:

With some financial education, this generation might gain greater confidence and take more risks with their money so they could build more wealth.

Photo of Catherine Thaliath By Catherine Thaliath, project management expert in the Retail Payments Risk Forum at the Atlanta Fed

 

January 22, 2019 in credit cards , debit cards | Permalink | Comments ( 0)

January 14, 2019


Hiding in Plain Sight

Over the holidays when our family is all together, we always try to watch A Christmas Story. There are so many memorable moments in the movie, from the triple-dog-dare-you, tongue-frozen-to-the-flagpole scene to the leg lamp breakage. When the story revolves around Ralphie and the Little Orphan Annie secret decoder ring, it triggers my childhood memories of having a similar decoder ring that came with a pair of P.F. Flyers sneakers (think pre-Nike and Adidas). This year, our movie-watching led to a storytelling session of techniques worthy of any spy movie for passing secret notes. Many of the examples were like the decoder ring—they used some sort of secret alphanumeric table as a key to solve the cryptic message. In other words, we were talking about a rudimentary form of encryption, which, in today's technology, renders data useless to those without a key, whether they're bad guys or good guys.

But our conversation didn't stop there. I told a childhood story of dipping a toothpick in lemon juice and writing a message on paper. After the juice dried, the message became invisible, and I would then write an innocuous—and visible—message on the paper with pen or pencil. The recipient would carefully hold the paper over a flame to slowly reveal the hidden message. (Kids, try this only under adult supervision!) Little did I know I was using a technique called steganography—hiding a message within another message—that people also use today to protect information online.

Various forms of the technique date back to Greek civilization when untrusted messengers had to convey sensitive or classified information, or a message was at risk of being intercepted. (There is an entertaining and educational video on steganography by Richard Buckland, a professor at the University of New South Wales in Australia.) Today, technology has created a new technique in the form of digital steganography, which is the practice of hiding an image, audio, or data file within another image, audio, or data file.

A recent article in infoRisk Today highlighted the darker side of steganography, with its use by the criminal element. That article prompted me to conduct more research on the technique as a payments risk. From a cybersecurity standpoint, the greatest risk to consumers appears to be when the criminal hides a malware file within an image, audio, or other data file that, when opened, will load malware onto the device for future eavesdropping or control. Such an event could lead to the compromise of PII (or personally identifiable information), online credentials, or other sensitive information on the device without the owner's knowledge. In an August 2017 release, Kaspersky Lab warned about the difficulty for existing data protection processes to detect embedded malicious code.

Account takeover fraud is a major criminal activity that generally begins with the compromise of an individual's legitimate banking log-in credentials. A criminal who obtains this information can execute payment transaction fraud and, ultimately, synthetic identity fraud (see last week's post). While there are valid uses for steganography as an alternative to encryption, the criminal element will continue to develop uses of digital steganography to further their criminal operations and, as the infoRisk article notes, this usage is becoming more sophisticated and harder to detect.

Photo of David Lott By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

January 14, 2019 in crime , cybercrime , cybersecurity , data security , malware | Permalink | Comments ( 0)

January 7, 2019


A New You: Synthetic Identity Fraud

With the start of the new year, you may have resolved to make a change in your life. Maybe you've even gone so far as to pledge to become a "new you." But someone may have already claimed that "new you," stealing your credentials and using them to create a new identity. Identity theft is a growing problem, resulting in millions of dollars in damage around the world. And now there is a modern twist to this old and costly problem: synthetic identity fraud. Panelists at a forum convened by the Government Accountability Office (GAO) define this problem as a "crime in which perpetrators combine real and/or fictitious information, such as Social Security numbers and names, to create identities with which they may defraud financial institutions, government agencies, or individuals." (Read forum highlights on the GAO website.) According to the U.S. Federal Trade Commission, synthetic identity fraud is the "fastest growing and hardest to detect" form of identity theft.

This graphic from the GAO illustrates how this type of identity fraud differs from what we have traditionally defined as identity theft.

GAPSIF

As this image shows, in traditional identity fraud, the criminal pretends to be another (real) person and uses his or her accounts. In synthetic identity fraud, the criminal establishes a new identity using a person's real details (such as social security number), combining this information with fictitious information to create a new credit record.

The challenge for the payments industry is determining whether an identity is planted or legitimate. For example, parents with excellent credit histories sometimes add their children to their existing credit accounts to give their children the benefit of their positive financial behavior. This action allows the children to kick-start their own credit records. Similarly, a criminal could plant a synthetic identity in an existing credit account and from there build a credit history for this identity. (In many cases, the criminal works for years on building a strong credit history for that false identity before "cashing out" and inflicting financial damages on a large scale.)

So what can consumers do to protect themselves? Here are some simple ways to make it harder for a thief to steal your personal information:

  • Shred documents containing personal information.
  • Do not provide your social security number to businesses unless you absolutely have to.
  • Use tools that monitor credit and identity usage.
  • Freeze your credit account as well as that of any of your minor children.
  • Check your accounts regularly to ensure that all transactions are legitimate and report any suspicious activity immediately.

Staying informed about synthetic identity fraud tactics and taking these steps to protect yourself can help you get one step closer to (preventing) "a new you."

Photo of Catherine Thaliath By Catherine Thaliath, project management expert in the Retail Payments Risk Forum at the Atlanta Fed

January 7, 2019 in authentication , consumer fraud , consumer protection , data security , fraud , identity theft | Permalink | Comments ( 0)

December 17, 2018


Card Fraud Values Often above Average

Recent data from the Federal Reserve Payments Study remind me of my first experience with payments fraud as a 20-something college grad freshly arrived in Boston. I left my wallet in a conference room, and someone lifted my credit card. I still remember the metaphorical punch to the stomach when the telephone operator at the card company asked, "Did you spend $850 at Filene's Basement?" $850! That was more than twice my rent, and far more than I could conceive of spending at Boston's bargain hunters' paradise in a year, let alone on a one-night spree.

Decades later, the first thing I do to check my card and bank statements is to scan the amounts and pay attention to anything in the three digits. For noticing high-value card fraud, this is a pretty good habit.

That's because, on average, fraudulent card payments are for greater dollar values than nonfraudulent card payments. In 2016, the average value of a fraudulent credit card payment was $128, almost 50 percent more than $88 for a nonfraudulent credit card payment. For debit cards, the relationship was more pronounced: $75 for the average fraudulent payment, about twice the $38 average nonfraudulent payment, according to the Federal Reserve Payments Study.

Chart-average-value-per-payment-2016

Even to the noncriminal mind, this relationship makes sense: get as much value from the card before the theft or other unauthorized use is discovered. For a legitimate user, budgetary constraints (like mine way back when) and other considerations can come into play.

Interestingly, this relationship does not hold for remote payments. In 2016, the average dollar values of remote debit card payments, fraudulent and nonfraudulent, were the same: $68. And the average value of a nonfraudulent remote credit card payment, $151, exceeded that of a fraudulent remote credit card payment, $130. Why the switcheroo?

A couple of possibilities: Remote card payments include online bill payments, which often are associated with a verified street address and are of high value. So that could be pushing the non-fraudulent remote payments toward a high value relative to the fraudulent remote payments. Another factor could be that fraud detection methods used by ecommerce sites look for values that could be outliers, so perpetrators avoid making purchases that would trigger detection—and thus average values for remote fraud are closer to average values for remote purchases generally. But this is speculation. What do you think?

The relationships described here are depicted in figures 21 and 28 of the recent report of the Federal Reserve Payments Study, Changes in the U.S. Payments Fraud Landscape from 2012 to 2016. You can explore other relationships among average values of payments, and more, on the payments study web page.

Photo of Claire Greene By Claire Greene, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

December 17, 2018 in cards , cybercrime , cybersecurity , data security , debit cards , mobile banking , mobile payments , payments study | Permalink | Comments ( 0)

December 10, 2018


A Look in the Rearview Mirror of Payments for 2018

I'm sure just about everyone else in the payments industry would agree with me that 2018 was yet another exciting year for payments. The year was filled with a host of newsworthy events, but fintech most certainly took center stage in the financial services industry, including payments. Whether the news highlighted an announcement of a new product to increase financial access or discussed the regulatory challenges and associated concerns within the fintech space, it seemed that fintech made its way into the news on a daily basis. Still, for payments, 2018 will be remembered for more than just fintech.

The Retail Payments Risk Forum's last Talk About Payments webinar of 2018 will feature Doug King, Dave Lott, and Jessica Washington sharing their perspectives and memories on the year-in-payments in a round table discussion. Among the topics they will discuss are consumer payment preferences, the changing retail environment, and the state of fraud—and fintech, of course. We encourage financial institutions, retailers, payments processors, law enforcement, academia, and other payments system stakeholders to participate in this webinar. Participants will be able to submit questions during the webinar.

The webinar will be held on Thursday, December 20, from 1 to 2 p.m. (ET). Participation in the webinar is free, but you must register in advance. To register, click on the TAP webinar link. After you complete your registration, you will receive a confirmation email with all the log-in and toll-free call-in information. A recording of the webinar will be available to all registered participants in various formats within a couple of weeks.

We look forward to you joining us on December 20 and sharing your perspectives on the major payment themes of 2018.

Photo of Douglas King By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed


December 10, 2018 in banking regulations , banks and banking , crime , cybercrime , emerging payments , fintech , innovation , payments fraud | Permalink | Comments ( 0)

December 3, 2018


Building Blocks for the Sandbox

I just returned from a leave of absence to welcome my third child to this world. As I catch up on payments news, one theme emerging is the large number of state and federal regulatory bodies launching their own fintech sandboxes. Typically, these testing grounds allow businesses to experiment with various "building blocks" while they innovate. Some businesses are even allowed regulatory relief as they work out the kinks. As I've researched, I've found myself daydreaming about how my new little human also needs to work with the right building blocks, or core principles, to ensure he develops properly and "plays nice" in the sandbox.

But—back to work. What guidance do fintechs have available to them to grow and prosper?.

On July 31 of this year, the U.S. Department of the Treasury released a report suggesting regulatory reform to promote financial technology and innovation among both traditional financial institutions and nonbanks. The report in its entirety is worth a review, but I'll highlight some of it here.

The blueprint for a unified regulatory sandbox is still up for discussion, but the Treasury suggests a hierarchical structure, either overseen by a single regulator or by an entirely new regulator. The Treasury suggests that Congress will likely have to assist by passing legislation with the necessary preemptions to grant authority to the newly created agency or a newly named authoritative agency.

The report outlines these core principles of a unified regulatory sandbox:

  • Promote the adoption and growth of innovation and technological transformation in financial services.
  • Provide equal access to companies in various stages of the business lifecycle (e.g., startups and incumbents). [The regulator should define when a business could or should participate.]
  • Delineate clear and public processes and procedures, including a process by which firms enter and exit.
  • Provide targeted relief across multiple regulatory frameworks.
  • Offer the ability to achieve international regulatory cooperation or appropriate deference where applicable.
  • Maintain financial integrity, consumer protections, and investor protections commensurate with the scope of the project, not be based on the organization type (whether it's a bank or nonbank).
  • Increase the timeliness of regulator feedback offered throughout the product or service development lifecycle. [Slow regulator feedback is typically a deterrent for start-up participation.]

Clearly, the overarching intent of these principles is to help align guidance, standards, and regulation to meet the needs of a diverse group of participants. Should entities offering the same financial services be regulated similarly? More importantly, is such a mission readily achievable?

People have long recognized the fragmentation of the U.S. financial regulatory system. The number of agencies at the federal and state levels with a hand in financial services oversight creates inconsistencies and overlaps of powers. Fintech innovations even sometimes invite attention from regulators outside of the financial umbrella, regulators like the Federal Communications Commission or the Federal Trade Commission.

In the domain of financial services are kingdoms of industry. Take the payments kingdom, for example. Payments are interstate, global, and multi-schemed (each scheme with its own rules framework). And let's be honest, in the big picture of financial services innovations and in the minds of fintechs, payments are an afterthought, and they aren't front and center in business plans. Consumers want products or services; payments connect the dots. (In fact, the concept of invisible payments is only growing stronger.)

What is more, a fintech, even though it may have a payments component in its technology, might not identify itself as a fintech. And a business that doesn't see itself as a fintech is not going to get in line for a unified financial services regulator sandbox (though it might want to play in a payments regulator sandbox).

When regulatory restructuring takes place, I hope it will build a dedicated infrastructure to nurture the payments piece of fintech, so that all can play nice in the payments sandbox. (Insert crying baby.)

Photo of Jessica Washington By Jessica Washington, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

December 3, 2018 in bank supervision , emerging payments , financial services , fintech , innovation , regulations , regulators | Permalink | Comments ( 0)

Google Search



Recent Posts


Archives


Categories


Powered by TypePad