About


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Take On Payments

July 8, 2019


A Tip for Summer Travel

Because I study payments, people like to brag to me about the ways they pay. "I never use cash." "I don't carry cash, even when I travel." "I buy a pack of gum with my phone." "I haven't seen a dollar bill in five years." Et cetera.

Lots of times, I get these comments while I'm traveling. Like me, the people I chat with are traveling. Handing over a bag to a skycap. Getting housekeeping services in a hotel. Eating a burger at the bar.

So please tell me, all you smartphone-carrying, thin-wallet sophisticates, how do you tip?

When I was a kid, hotel rooms had tiny paper envelopes "for the maid," my father said. Filling the envelope was the last step before loading kids and caboodle into the car. Before we got to drink Tang and eat powdered-sugar donuts, we thanked the housekeeper. Like Tang, those envelopes are becoming an artifact of the past, with the result that you might expect: declining tip income for service workers.

Plea to app developers: find a way to make it easy to tip on the go. There are plenty of tipping apps out there, and from my point of view, they work fine for relationship tips—for example, an app payment to a hair stylist. But what about the one-time tip? When I'm running for the subway I can't (or won't) stop to open or download an app and key in a dozen letters or numbers to thank Keytar Bear, a busker who performs here and there in Boston.

This brings up a key obstacle to apps for tipping: not only do I have to have the app, but the service person does also.

What could be easier to adopt and use than the $2 bill I keep in the outside pocket of my backpack for Carlos, the best guitar player in Harvard Square? I don't have to ask, "Do you accept this or that?" I don't scan or key. I just wave to Carlos, drop the cash, and keep moving.

To tip in cash, we need to carry cash. About 20 percent of respondents to the 2017 Diary of Consumer Payment Choice reported that they carried no cash on any of their three reporting days. My Atlanta Fed colleague Oz Shy cites Rule #1 of tipping: "There are no rules about tipping." So I'll offer a guideline, not a rule: "Carry a bit of cash."

If you haven't found a cashless solution, go to a bank or credit union and get yourself a stack of $2 bills (Thomas Jefferson on the front, signing of the Declaration of Independence on the back, so appropriate in July). Stash them with your carryon bag.

It's summer travel season. In 40 states, the minimum wage requirements are lower for tipped workers. How do you thank the people who made your stay clean and comfortable? How do you tip?

Photo of Claire Greene By Claire Greene, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

July 8, 2019 in cards , credit cards | Permalink | Comments ( 0)

July 1, 2019


Ransomware: Hopefully Not Coming Soon to a Computer Near You

In March 2018, the city of Atlanta fell victim to a ransomware attack. Criminals gained access to the city's computer network and loaded SamSam Ransomware, a malicious software. The criminals demanded a payment of approximately $51,000 in virtual currency to provide the decryption keys necessary to regain access to the infected and locked systems. The attack laid siege to the city by rendering police, utility billing, traffic court, and other systems unusable. The city refused to pay the ransom, and has since spent at least $6 million in forensic and remediation work with as much as an additional $11 million earmarked for system upgrades and other resources to combat future attacks.

Ransomware attacks have been a growing threat. While studies such as the Symantec Internet Threat Security Report  show that the overall incident rate has decreased slightly, they also indicate that the range of targets has shifted. From 2013 until last year, consumers were the most frequent targets, with ransom requests in the hundreds of dollars. In the early years of these attacks, individuals would get a message that their computers had been infected and they had to pay a fee to download a fix. In many cases, the infection claim was false. Beginning in 2018, businesses—including municipalities, hospitals, and health care networks—have become primary targets, with ransom demands in the tens or hundreds of thousands of dollars. Typically, the criminals demand that the ransom be paid in cryptocurrency (nearly always bitcoin). As in the Atlanta case, these attacks often prevent customers from making payments, whether for traffic violations, business permits, or even marriage licenses.

Should ransomware targets pay the ransom? Law enforcement communities officially say "no." In some cases, when victims pay the ransom, they never receive the decryption keys to regain access to their data, or the keys don't work. There is concern that payments only encourage the criminals to commit further attacks, sometimes against the same business and demanding additional money. It is not illegal for a business to make ransomware payments, and many, including Newark, New Jersey ($30,000), have done so.

Is your computer or network prepared to defend against such an attack? Ransomware attacks typically exploit weak passwords or known security vulnerabilities in applications and operating systems. But a common entry point is through phishing of an employee to compromise legitimate system access credentials. As in business email compromise, the criminal conducts surveillance to learn about the different systems in operation and plans the initial attack to have the greatest possible impact. As we have stressed so often, prevention starts with employee education and the adoption of security best practices. In a future post, I will write about more prevention and mitigation best practices.

As for the Atlanta ransomware attack, last December, a federal grand jury returned indictments against two foreign nationals for the attack. The grand jury indicated these two people were also behind the April 2017 attack on Newark, New Jersey. There was hope in the law enforcement and cybersecurity communities that the arrest of these individuals would dampen enthusiasm for this threat vector, but attacks this year against Akron, Ohio (January), Albany, New York (March), and Baltimore, Maryland (May) suggest otherwise. None of these cities made any ransom payments.

Photo of David LottBy David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

July 1, 2019 in cybersecurity | Permalink | Comments ( 0)

June 24, 2019


Moving towards Electronic Social Security Number Verification

Earlier this year, a colleague wrote a Take on Payments post about synthetic identity fraud. Throughout the year, we've found ourselves talking often with representatives from law enforcement and financial institutions about the growth of this particular type of fraud. There are different estimates that try to catalogue the damage, but one that strikes me is that synthetic identity fraud could account for as much as 5 percent of uncollected debt and be responsible for approximately 20 percent of credit losses.

A major challenge to mitigating this fraud is the difficulty financial institutions and other lenders have in confirming that a social security number (SSN) being presented actually belongs with the name of the person presenting it and that their date of birth actually matches the SSN. Prior to June 2011, the first three numbers of the SSN provided geographical clues to the number holder's birth state, which allowed for some basic verification, but the Social Security Administration (SSA) now randomizes all numbers making this minimal form of verification impossible for any SSN issued after this date. Currently, the SSN verification process requires that the requester complete a wet signature consent form that is submitted in hard copy to the SSA. Hardly a speedy process in a day and age when financial institutions and lenders are striving to make many lending decisions in hours or minutes, not days! But change from the SSA is in the air.

On June 7, the SSA published a notice to the Federal Register announcing initial enrollment for a new electronic consent-based SSN verification service. The notice is full of details about this program and its initial enrollment is open to all financial institutions (FI) and FI service providers as defined by the SSA. Participation in the pilot program requires that enrollees pay an initial administrative fee followed by volume-based pricing according to the annual number of transactions. The initial enrollment period opens on July 17 and will run through July 31. Following this period, the SSA will select a limited number of enrollees across several different categories for participation in the program, which is set to begin June 2020. Even if an applicant company is not selected to participate in the initial program, it would be eligible to participate when the program expands. Otherwise, new applicants will have to wait until the next enrollment period, which could be as long as two years.

This new SSA program would be a positive step toward reducing synthetic identity fraud. However, there is a balancing act between the costs for combating fraud and the actual cost of fraud. It will be interesting to follow the enrollment figures and other metrics to determine how effective this measure turns out to be. How do you feel about these efforts by the SSA?

June 24, 2019 in identity theft | Permalink | Comments ( 0)

June 17, 2019


Performing and Paying in the Gig Economy

Bobby Short at the Café Carlyle in New York City. Hank Williams at Nashville's Grand Ole Opry. A trumpet player in the pit, a pianist at a bar. All these musicians have been gigging—that is, they've performed live for pay. The term gig is thought to be shorthand for engagement and has been around since the early years of the 20th century.

Nowadays, it seems that a lot more workers—not just musicians—gig. In the gig economy, independent workers perform short-term jobs for companies or individuals. Many of us presume that most of those jobs are somehow enabled by technology. Now some counterintuitive data about the gig economy comes from the Federal Reserve's Survey of Household Economics and Decisionmaking (SHED).

The SHED finds that three in 10 U.S. adults did some gig work at least once in the month prior to the survey. The survey defines gigging as selling goods online or renting out property, as well as providing personal services like yard work or ride sharing. Among gig activities, child- and elder-care, cleaning, and property maintenance were most common. Half of gig workers indicated they spent five hours or less on gig work in the month prior.

One finding that surprised me: the gig economy is an offline economy. Compared to the 30 percent of adults who did some gig work, just 3 percent of adults used a website or mobile app to find that work. Said another way, that means that just one in 10 gig workers engage in what this paper from the Boston Fed calls "internet platform-based work."

My immediate reaction: how can that be? I took 15 ride shares in April, one every other day. Surely there are more Uber and Lyft drivers out there. My second thought: my mom gets rides, too. When Mom wants a ride, she makes a call on her landline phone to a gig worker for a local agency that helps seniors live independently. As the SHED report puts it, "Most of [gig] activities predate the internet." Driving, housekeeping, babysitting, and lawn maintenance all have been around for a long time.

And, in fact, the SHED estimate of internet platform-based work is higher than some others, because the work is not limited to providing services. It includes, as noted above, selling stuff via online marketplaces. In comparison, the Contingent Worker Supplement from the U.S. Bureau of Labor Statistics (BLS) finds that in May 2017, 1 percent of workers engaged in "electronically mediated work," defined as "short jobs or tasks that workers find through websites or mobile apps that both connect them with customers and arrange payment for the tasks." (Note that the SHED estimate is a share of adults and the BLS is a share of workers ["employed persons," defined here].)

Like the gigs, some ways to pay for gig work predate the internet. My mom pays her driver directly on the same day with paper. And, in fact, the 2017 Survey of Consumer Payment Choice found that 70 percent of person-to-person (P2P) payments were made with cash or checks.

I pay the ride-share app with a fingerprint through an intermediary. The driver, paid indirectly by me, gets an ACH credit to a bank account or a prepaid card load. Many get paid the same day or right after the ride. About half of those I speak with don't mind the 50 cent fee to get paid sooner.

Two ways to arrange a ride. Two ways to pay. Both relevant in the 21st century.

Photo of Claire Greene By Claire Greene, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

June 17, 2019 in payments study | Permalink | Comments ( 0)

June 10, 2019


The ABCs of Elder Financial Exploitation

In 2011, the World Health Organization designated June 15 as World Elder Abuse Awareness Day. So each year, a number of organizations supporting the elderly run educational campaigns throughout the month of June aimed at increasing awareness of elder abuse. This crime has a number of different forms: physical, emotional, or sexual abuse, neglect and abandonment, and financial exploitation.

We covered the growing impact of elder financial abuse in terms of numbers in a post last August. That growth is being driven by a double whammy: the surge in the senior population and the proliferation of available exploitation attack channels, thanks to the internet. Because none of this is likely to slow down for some time, education is critical. As the Retail Payments Risk Forum has stressed before, education is an important element in curbing fraud, and this area is no exception.

Here are some of the more common financial scams targeting the elderly:

  • Charity: The victim receives a request, usually over the telephone or in a public place, for donations for natural disaster relief or other good causes, but the funds are not used for such purposes.
  • Sweepstakes/lottery: The victim receives a letter, email, or telephone call with the news that they have won a lottery or cash sweepstakes—but they have to pay a tax or administrative fee in advance.
  • Home repairs: Someone tells the victim that some aspect of their property needs repair—for example, the driveway, roof shingles, or gutters—and it can be done inexpensively since there is a "crew already in the area." The victim must pay by cash or check in advance, but the crew never appears to do the work.
  • Romance: The fraudster, often posing under a false identity, makes romantic overtures and eventually asks the victim to send money so he or she can travel to meet them.
  • Tax: The victim receives a phone call from the fraudster claiming to be an IRS agent pursuing back taxes and unless the victim sends funds immediately, they will be subject to arrest. A variant of this scam involves the perpetrator posing as a police officer pursuing unpaid traffic tickets or other infractions.
  • Virus: A "technical support" company calls the victim, claiming that a virus has infected the victim’s computer. For the payment of a "modest fee," the company can download software that can kill the virus and protect the computer against future attacks. Often, the software downloaded actually contains some form of malware that may allow the criminal to compromise the banking credentials of the victim.
  • Other advance fee fraud: The fraudster requests money to help a relative in jail or stranded on the roadside. The situations are completely false but might contain some element of truth as the scammer may have found information on social media providing a name or that the named individual is out of town.
  • Identity theft: The criminal communicates with the victim through social media, telephone, or email to obtain bank account or other information allowing them to attempt a wide variety of fraudulent activities including credit applications, unauthorized account transactions, and more.
  • Investments: The victim is convinced to purchase an annuity or some other investment with a supposed lucrative payback.

Sadly, most elder financial abuse is committed by family or other people who are trusted with care of the elderly, which makes the crime more difficult to detect. Such abuses range from the transfer of property or securities to the theft of liquid assets through check writing or ATM withdrawals.

While researching this issue, I was heartened to learn that various organizations are developing or improving software products to help spot potential financial exploitation or to provide training materials. The American Association of Retired Persons recently launched a pilot program for financial institutions called BankSafe. It is a free online training program with educational material presented in different formats, including video games, distributed by the Independent Community Bankers of America and the Credit Union National Association, and, directly, by some financial institutions. In addition, a recent Dow Jones Institutional News article highlighted some fintech products designed to alert trustees of unusual or suspicious activity.

If you know of any valuable programs or organizational efforts to increase awareness of elder financial abuse, please let us know.

Photo of David LottBy David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

June 10, 2019 in crime , identity theft , theft | Permalink | Comments ( 0)

June 3, 2019


Hitting the Brakes on the Cashless Society

"Reverse ATMs" is a term I learned from reading my colleague Oz Shy's new working paper, "Cashless Stores and Cash Users." At venues that don't accept cash at the register, the patron puts cash into the reverse ATM and a loaded prepaid card comes out. Mercedes-Benz Stadium in Atlanta, for example, is one of the latest venues to adopt this practice.

Speaking of "reverse," I'm sure you know that some states and municipalities are seeking to reverse what may—or may not—be a trend toward brick-and-mortar retailers not accepting cash. Refusing to accept cash has been illegal in Massachusetts, where I live, since 1978. More recent developments:

  • Philadelphia will ban cashless stores beginning in July.
  • In March, New Jersey outlawed cashless restaurants and stores.
  • In May, the San Francisco Board of Supervisors voted to require brick-and-mortar businesses to accept cash.
  • Also in May, Representative David Cicilline (D-RI) introduced the Cash Buyer Discrimination Act, which would require businesses all across the United States to accept cash.

These and other proposed laws are predicated on the idea that people without access to payment cards or digital payments are harmed when they cannot make purchases using their payment instrument of choice: cash. Oz's paper adds to the conversation by examining the choices consumers make at the point of sale, depending on their access to different ways to pay.

Using data from the 2017 Diary of Consumer Payment Choice, Oz found that consumers who own different mixes of payment instruments use cash with different intensity to make in-person purchases:

  • Diary respondents who own neither a credit card nor a nonprepaid debit card made almost 9 in 10 of their in-person payments with cash, on average. The median share of cash purchases was 100 percent.
  • Diary respondents who own at least one credit card and one nonprepaid debit card make about one-third of their in-person payments with cash, on average. The median share was 20 percent.

Oz goes on to calculate the cost to the cash payers who do not have credit or nonprepaid debit cards of switching from cash to a prepaid card. He finds that, all things being equal, for some consumers, using cash would have to cost twice as much as using a prepaid card for the cash users to be indifferent to switching. Oz's conclusion: "A complete transition to cashless stores imposes a measureable burden on consumers who do not have credit or [nonprepaid] debit cards." For perspective, 8.5 percent of respondents with household income below the U.S. median ($61,000) did not have a credit card or nonprepaid debit card in 2017, according to the diary.

As this research shows, cash is important to some consumers. The cashless society could be on a collision course with reality.

June 3, 2019 in cards , consumer protection , credit cards , currency | Permalink | Comments ( 0)

May 20, 2019


Could Federal Privacy Law Happen in 2019?

Some payments people have suggested that this could be the year for mobile payments to take off. My take? Nah. I gave up on that thought several years ago, as I've made clear in some of my previous posts. I'm actually wondering if this will be the year that federal privacy legislation is enacted in the United States. The effects of the European Union's General Data Protection Regulation (GDPR) that took effect a year ago (see this Take on Payments post) are being felt in the United States and across the globe. The GDPR essentially has created a global standard for how companies should protect citizens' personal data and the rights of everyone to understand what data is being collected as well as how to opt out of this collection. While technically the GDPR applies only to EU citizens, even when traveling outside the European Union, most businesses have taken a cautious approach and are treating every transaction—financial or informational—that they process as something that could be covered under the GDPR.

A tangible impact of the GDPR in the United States is that the state of California has passed a data privacy law known as the California Consumer Privacy Act of 2018Off-site link (CCPA) that is partly patterned after the GDPR. The CCPA gives California residents five basic rights related to data privacy:

  • The right to know what personal information a business has collected about them, where it was obtained, how it is being used, and whether it is being disclosed or sold to other parties and, if so, to whom it is being disclosed or sold
  • The right to access that personal information free of charge up to two times within a 12-month period
  • The right to opt out of allowing a business to sell their personal information to third parties
  • The right to have a business delete their personal information, except for information that is required to effect a transaction or comply with other regulatory requirements.
  • The right to receive equal service and pricing from a business, even if they have exercised their privacy rights under the CCPA.

According to the National Conference of State Legislatures (NCSL) 17 statesOff-site link have mandated that their governmental websites and access portals state privacy policies and procedures. Additionally, other states have privacy laws related to privacy, such as children's online privacy, the monitoring of employee email, and e-reader policies.

Take On Payments has previously discussed the numerous efforts to introduce federal legislation regarding privacy and data breach notification with little traction. So why do I think change is in the air? The growing trend of states implementing privacy legislation is putting pressure on Congress to take action in order to have a consistent national policy and process that businesses operating across state lines can understand and follow.

What do you think?

Photo of David LottBy David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

-payments">Retail Payments Risk Forum at the Atlanta Fed

May 20, 2019 in data security , privacy , regulations | Permalink | Comments ( 0)

May 13, 2019


What Can We Learn about Fraud from the United Kingdom?

In many of my discussions around emerging payments, two topics generally always come up: contactless and real-time payments. And given my interest in payments fraud, the discussion usually steers into two questions: Will contactless payments result in increased card fraud? And do faster payments mean faster fraud? While only time and data will ultimately reveal those answers, we can look to the UK Finance's Fraud the Facts 2019 report  for some insight into those questions since the United Kingdom is further along on their contactless and real-time payments journeys than we are.

In the United Kingdom, in-person contactless payments have not led to an increase in card fraud losses. Contactless POS payments, through either a mobile device or a card, represented 36 percent of all card transactions in 2018, yet they accounted for less than 3 percent of overall card fraud losses (and just under 28 percent of the face-to-face fraud losses). The fraud rate on contactless transactions has remained steady and low for three consecutive years at 2.7 basis points, or 2.7 pence (£0.027) for every £100 spent. This compares very favorably to the overall card fraud rate of 8.4 basis points, or 8.4 pence (£0.084) for every £100 spent. Fraud for contactless transactions has been mitigated in the United Kingdom through the establishment of floor limits above which a PIN is required, the requirement of PIN verification after a cumulative spend threshold is reached, and the implementation of a security feature that randomly requires cardholders to input a PIN during a transaction to prove that the cardholder is in fact in possession of the card.

The fraud situation for faster payments in the United Kingdom is not quite as rosy as that of contactless payments. Since 2017, UK Finance began reporting on authorized push payment (APP) fraud. In this type of fraud, which includes email account compromise, a victim is tricked into sending money from their bank account to a fraudster's account. In 2018, APP fraud represented 30 percent of the total reported fraud losses. And of the APP fraud, faster payments was used in 93 percent of the fraudulent transactions and 71 percent of the fraudulent value.

I can't claim that faster payments is driving APP fraud or leading to "faster fraud," but it is rather obvious that faster payments is the preferred payment method of fraudsters conducting APP fraud. This should be an alarm for the payments industry in the United States as we continue on our faster payments journey. To mitigate APP fraud with faster payments in the United Kingdom, the industry is working to implement a new-account name-checking service that Pay.UK has introduced. Confirmation of Payee checks the name associated with a routing and account number. This service is not a perfect solution—it won't help if the fraudster uses or opens an account under the name of the actual intended recipient. But it definitely will prevent fraud losses in cases where the account information does not match the name of the intended recipient, which is currently more often the case than not.

So as we continue moving toward contactless and faster payments in the United States, I think we can learn from those across the pond about the need for controls to mitigate fraud in these emerging payments. Floor limits for PINless transactions and velocity controls are part of the U.S. contactless payments experience, but what about faster payments? Does a name-checking service like the one being implemented in the United Kingdom make sense? What controls should be implemented to help prevent fraudsters from using faster payments to commit APP-related frauds, especially email account compromise?

May 13, 2019 | Permalink | Comments ( 0)

May 6, 2019


Business Email Compromise Moves Mainstream

The Retail Payments Risk Forum has blogged extensively on business email compromise (BEC) over the past few years. With losses attributed to BEC already in the billions of dollars and the number of attacks increasing over 475 percent from fourth-quarter 2017 to fourth-quarter 2018, the topic warrants continued attention. As the "business email" part of the phrase suggests, businesses and executives of businesses have been the primary targets of this type of fraud. The goal of most of these incidents is to trick businesses into moving funds into the criminals' accounts using wire transfers.

When perpetrators of this fraud scheme experienced great success with businesses and executives as their primary targets, they quickly moved to include ordinary individuals. That is, the fraud has gone mainstream, evolving beyond businesses and executives with wire transfers as the key payment platform. As the scheme has begun to involve employees as victims and reached the person-to-person payment arena, fraudulent transactions are occurring more often using ACH, not just wire transfers. Since BEC is not just for businesses and their executives anymore, BEC is sometimes more aptly referred to as EAC—that is, email account compromise.

In April, CNBC reported a new scheme whereby the fraudsters are targeting the human resources function of businesses to change employees' direct deposit payroll information to an account held by the fraudster. The fraudster either spoofs an employee's email account or gets access to it and then sends a message to human resources requesting a change to the banking account associated with their direct deposit. While the amounts fraudulently transferred in this scheme are generally well below those of the traditional BEC scheme, they are simple and cheap to execute and could become more attractive for criminals.

In more troubling news on this fraud scheme, the Association for Financial Professionals (AFP) reported that the number of businesses reporting that they had been victims of actual or attempted fraud increased significantly for both ACH credit and debit transactions, while instances of fraud involving checks, cards, and wire transfers declined. And what could be the reason behind this increase in ACH fraud? According to a representative with the AFP, "a likely explanation for the higher fraud lies in the popularity of ACH…for schemes like business email fraud."

And as I mentioned earlier, fraudsters aren't limiting this scheme to businesses. In fact, I was a target of an EAC scam earlier this year when fraudsters took control of a relative's email account. But for a bit of good news (at least for me), I was immediately suspicious and a phone call to the relative confirmed that my gut feeling was accurate. This image is a screenshot of the text conversation I had with my "relative."

IM screenshot

To piggyback on a recent post by my colleague on using discipline to fight BEC: having the discipline to make a follow-up call to the person emailing a request for funds or a change to bank account information can make the difference between being a victim and being a spoiler.

How are you attacking this growing threat, and what are you doing to educate your employees and customers?

May 6, 2019 in ACH , data security , P2P , wire transfer fraud | Permalink | Comments ( 0)

April 29, 2019


Next-Gen Security

In early April in Boston, I happened by the annual conference and competition of the Massachusetts School Bank Association (MSBA). Two hundred eighty-four students from 30 high schools competed in three segments: product design, marketing, and a quiz show that covered financial literacy topics. The MSBA is an association of schools with financial literacy programs and financial institutions that operate educational branch offices in schools.

I learned that next-gen security is firmly within the sights of the next gen of Massachusetts bankers. The conference theme of “personal financial security” played out in each segment. It was clear that the organizers—high school teachers and executives at financial institutions—had the financial safety of the next gen firmly in view:

  • The trivia contest consisted of general banking and personal finance questions including questions related to identity theft awareness, financial fraud, and financial cybersecurity.
  • The marketing challenge tackled the need to educate customers about security and, according to the prompt, "the need to use good security practices and tools to protect [customers] from identity theft and/or fraudulent use of their accounts."
  • In product design, the winning team from Taunton High School designed an app to help students determine if they were more or less likely to be victims of identity theft.

I chatted with students from Chelsea High School about their app: "Are you smarter than a fraudster?" Teaching others is a good way to learn yourself, and these young people were on top of best practices for protecting their payments cards (don't give out info in email or on the phone), preventing identity theft (shred documents), and keeping email safe (don't click on links from unknown parties).

When they aren't designing apps, the Chelsea students work as interns at the Chelsea High School branch of Metro Credit Union.

What is your bank doing to educate the next gen of security ninjas?

April 29, 2019 in consumer fraud , consumer protection , cybersecurity , identity theft , payments fraud | Permalink | Comments ( 0)

Google Search



Recent Posts


Archives


Categories


Powered by TypePad