About


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Take On Payments

August 15, 2011


Lessons from the Mario Brothers: Finding the Keys to Fighting Fraud

It is a fortunate thing that video games were not yet invented when I was a youngster because I was clearly a candidate for addiction. Even as an adult, I have been sucked into many hours of PacMan (remember?), Mario Brothers, Medal of Honor, Tiger Woods (remember?) Golf, and a wide range of Wii games. Many of these games involve negotiating difficult challenges to get to certain destinations or achieve certain goals necessary to advance to the next level of the game. Jumping, fighting, racing, searching, and other actions were pivotal to avoiding obstacles and a myriad of evildoers to achieve eventual victory.

Although pursuing visionary goals in the payments world is hardly a game, negotiating the landscape of today's payments systems has many of the same challenges and, perhaps, prerequisite skills to achieve success. Focusing the analogy a bit more tightly, the goal of evolving to a "fraud-efficient" or "risk-efficient" payments system is constantly obstructed by any number of challenges and bad actors. It's tempting to hope that we can discover the one secret key that allows us to advance to a new level, but it's increasingly obvious to me that several high-level strategic initiatives must be adopted to vanquish our demons. Let me illustrate.

Measuring the level of distress is critical
A key survival strategy in many video games that involve fighting or racing is to measure what resources you have left. A visible "meter" of strength or inventory of weapons is available, and certain actions can replenish resources. In the U.S. payments system, we are constantly engaged in addressing new attacks and making investments of resources, but for the most part, we do not have good measures of the level of fraud costs and fraud losses, nor do we have a very good appreciation of the magnitude of future risks. Some of this confusion is just environmental uncertainty, but some comes from the lack of any type of comprehensive and statistically credible fraud data that can then be used to assess future investment options. Progress in addressing the lack of central data, whether it comes from industry- or government-led initiatives, will be a pivotal element in driving future actions.

Realigning incentives and disincentives can rationalize change
A lot of electronic games provide incentives to players to take somewhat riskier courses of action in order to obtain bonus points, protective gear, or more powerful weapons that can lower future risks. Those who choose not to do so are generally exposed to greater vulnerabilities or liabilities than those who have invested. The same holds true in payments, where those who have invested more aggressively in fraud mitigation tend to have better results, while others suffer more heavily. However, many of the current approaches to absorbing risk do not seem to allocate the costs of fraud management to those who are in the best position to prevent it, thereby distorting business cases for change. Historically, markets in the aggregate react rationally and predictably to the proper use of incentives and disincentives directed at achieving specific strategic goals. Given increasing fraud trends and the changing economics of the payments industry, it is time for all parties to rebase their business cases around fraud and consider the use of meaningful incentives to drive behavior.

Removing silo walls to pursue overall industry goals
Rigid silos of operation and responsibility have hampered recent efforts to enhance the efficiency and integrity of the payment system within individual organizations and across payment options. Many organizations, particularly in the banking space, find themselves organized to promote the attainment of very specific goals within business silos, as opposed to maximizing the bottom line of the whole organization. Many video games teach us to find allies of like mind to strengthen our forces—or, in games like SimCity (or FarmVille!), to acquire various diverse resources and blend them into a greater whole. Creating an organizational structure with one executive responsible for all payments and related risk will ensure that everyone pursues the overall corporate strategies and financial goals rather than the goals of individual units. At the industry level, fostering better sharing of fraud information across industry payment silos is needed to attack bad actors that simply move to the channel of least resistance.

Self-regulation versus government help: The best defense is a good offense
Over the past three years, we have witnessed a greater enthusiasm in Washington to address emerging problems in our payments systems. This is largely because the outcry about unfair practices reached the halls of Congress, which then acted by passing the CARD Act, overdraft legislation, and the Durbin interchange amendment. Most video games I have played reward smart offensive action as opposed to defensive approaches. It is increasingly clear to me that there is room for the payments industry to develop guidelines, rules, and best practices that can mitigate the possibility that government might choose to "help," particularly in the area of protecting consumers and even as the Consumer Financial Protection Bureau gears up to implement their new rule. Taking the offensive with creative "self-regulation" has resulted in better outcomes in other countries.

Getting it done
The question then becomes, "Who should instigate these actions?" It is tempting to answer, "Anyone who cares." However, a better and more directed answer might be: key industry players or associations that represent widespread constituencies and can bring the power of aggregate thinking and decision making to the table.

Visa just announced that it would be moving to EMV-compliant chip technology for cards and mobile phones. This decision is a clear example of an effort to move the ball in the direction I just talked about. Don't get me wrong. Not everyone in the ecosystem will be happy about the way that Visa is going about it, but Visa is defining a roadmap for implementing more secure technologies—the company is clearly playing offense—and creating a system of incentives that will help the program move forward.

Photo of Rich OliverBy Rich Oliver, executive vice president of the Atlanta Fed and director of the Retail Payments Risk Forum

August 15, 2011 in consumer protection, fraud, payments systems, regulators, risk, risk management | Permalink

TrackBack

TrackBack URL for this entry:
https://www.typepad.com/services/trackback/6a01053688c61a970c0154348a930e970c

Listed below are links to blogs that reference Lessons from the Mario Brothers: Finding the Keys to Fighting Fraud:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

May 23, 2011


The dilemma of measuring fraud in the U.S. payments system

Growing up, I was fascinated with books about animals, particularly those focusing on totally unique and strange Australian animals. Kangaroos, wallabies, duck-billed platypuses, and spiny echidnas caught my fancy because they were unique, existing nowhere else on the planet. Perhaps one reason I am so fascinated with the U.S. payments system is that it is totally unique and replicated nowhere else in the world.

Limited government engagement in payments system policies
While part of its uniqueness stems from its size and scope, the true novelty of the U.S. payments system lies in its exceedingly free market roots. That is, relative to most other developed countries, our system is very lightly regulated. Certainly, there are a reasonable number of regulations that afford consumer protection, but in the nearly 30 years from 1980 to 2009, Congress only occasionally addressed payments system issues, most notably with the Expedited Funds Availability Act of 1988 and the Check Truncation Act of 2003. One would normally expect infrequent legislative engagement in situations where a strong government regulator was in place, making legislative activity unnecessary, but there is no government agency specifically charged with regulating the overall U.S. payments system.

This arrangement has created an environment where innovation flourishes, but it also has allowed for a bit of a void when the evolution of the payment system creates public policy issues, either internally or with respect to global compatibility. Recent history bears witness to this point as Congress has suddenly become more engaged in passing the CARD Act of 2009, the overdraft legislation of 2009, and the debit card interchange legislation housed in the Durbin Amendment to the Dodd-Frank financial reform legislation of 2010. While each of these efforts was directed at increasing transparency and promoting choice for consumer and business users of the payments system, there has been little effort to address another important public policy issue—the increasing concern over risk and fraud in the payments system.

Through the creation of the National Strategy for Trusted Identities in Cyberspace, the current administration has proactively addressed growing concerns over ID theft in an increasingly electronic and globally accessible payments system. But many other tangential and separate fraud issues loom on the horizon. In tough economic times, however, organizations make difficult choices about the business case behind any fraud mitigation investments. Individual organizations generally have the data necessary to conduct such assessments, but from a broader national viewpoint, precious little data exist on which to base needed public policy analysis. For example, when the Federal Reserve Board, via the aforementioned Durbin Amendment, was handed the responsibility to oversee debit card interchange and fraud management issues, they had no choice but to begin their work by developing and distributing extensive surveys so they could get a handle on experiences in the marketplace.

Lack of a public fraud measurement systems
Much of what exists publicly today in terms of payments system measurements and metrics for fraud comes from independent survey work initiated by trade associations or consultants, such as the American Bankers Association, the Independent Community Bankers Association, and the Association for Financial Professionals. While the data flowing from these efforts is extremely helpful, each survey has its own focus, methodologies differ, and voluntary participation levels vary the statistical accuracy of results.

In other countries, the government, central bank, or bank-centered payments authorities systematically and accurately gather and report fraud data, and then publish such data for all to use as they go about managing their payments portfolios and making investment decisions in technology. Recently, I have engaged in discussions with many payments leaders about the dilemma of not having good data on which to base fraud-mitigation decisions related to growing concerns about the use of chip-and-pin card technology being implemented across the globe versus the magnetic-stripe technology used in the United States.

As a result, U.S. decision makers have to examine instances of card fraud mitigation in the United Kingdom, or the Netherlands, or Brazil, or Canada, and opine on whether these foreign experiences are pertinent to this country. Moreover, while we have seen some results of surveys looking at fraud losses, there is almost no public data with respect to the perhaps more critical factor of the costs of managing fraud.

Is it time to address the issue?
I have heard increasing industry concern about this lack of data, to the point where it may be time to ask how such a limitation can be addressed. My sense is that any voluntary private sector effort will continue to be snubbed by respondents who have neither the time nor the inclination to share data that they fear may be made public at the individual respondent level. Additionally, entities that could conduct such work are not positioned to address fraud across all channels, but are likely to focus on a single channel, such as check or credit card.

Perhaps it is time for the government or collective industry groups to address this shortcoming and organize an effort to design and support an approach to collecting statistically accurate, cross-channel payments fraud data to be publically shared. Metrics stemming from a data-gathering initiative could go a long way toward helping a troubled industry wrestle with the business case behind more aggressive fraud-management efforts.

Photo of Rich OliverBy Rich Oliver, executive vice president of the Atlanta Fed and director of the Retail Payments Risk Forum

May 23, 2011 in fraud, payments systems | Permalink

TrackBack

TrackBack URL for this entry:
https://www.typepad.com/services/trackback/6a01053688c61a970c01538ea8aee5970b

Listed below are links to blogs that reference The dilemma of measuring fraud in the U.S. payments system:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

April 18, 2011


Can electronification close tax loopholes opened by cash?

Happy Tax Day! Today is the deadline for paying 2011 federal taxes. Those of us who have waited until the last minute still have until midnight tonight to file our returns electronically. Although the vast majority of Americans will pay their taxes voluntarily, a small minority of evaders do not. According to a study conducted by the IRS for tax year 2001, for example, tax evasion resulted in a $345 billion federal tax gap. More than 70 percent of this gap can be attributed to individual small businesses, who the IRS estimates report only 43 percent of their income, with particularly low reporting of income received as cash. Underreporting is possible because cash payments are invisible to authorities, and therefore the social burden of tax evasion needs to be considered a risk of a cash payment system.

For those of us who do voluntarily pay our taxes, tax evasion by a few seems unfair and even immoral. Indeed, 87 percent of Americans feel that it is never acceptable to cheat on your taxes. Tax advocate Nina Olson further notes that "[t]he tax gap has real victims. Individuals and businesses that evade tax impose a significant burden on those who comply with their tax obligations." Evaders tend not to see the issue in terms of morality, however. The academic literature suggests that the primary driver of small businesses tax evasion is opportunity.

The temptation of cash income
Previously, I covered some of the risks of cash acceptance to small businesses: threats of robbery, employee theft, and counterfeit bills. Nevertheless, many small businesses seem to prefer cash. This is partly to avoid credit card processing fees and the risk of bad checks. But the greatest allure of cash to many small businesses may be its low visibility to tax authorities. Cash transactions do not automatically generate a paper trail and as such comprise the bulk of unreported income. The IRS's tax gap analysis actually understates the extent of evasion by limiting their estimate to federal income tax losses. Evaders are also dodging state income and employment taxes, as well as state and local sales taxes on the unreported income. A small merchant might be willing to accept some risk of theft in order to avoid such a hefty tax burden!

The burden of tax evasion
To achieve these illicit benefits, tax evaders take major risks and bear significant costs. The IRS conviction rate in the cases they pursue has never fallen below 90 percent. When caught in evasion, business owners often have to pay large fines and serve prison sentences. Even if they never face enforcement actions, tax evaders must invest considerable resources and change behaviors in order to avoid detection. The business owners may have to share illicit gains with a complicit accountant or spend significant time and effort to manufacture false numbers and backup documentation for claimed income. They also cannot deposit funds in a bank account, because doing so establishes a paper trail, so they must find other places to store the cash they receive. Not only do these tax-evading business owners risk theft and destruction of their hoarded cash, but they also are unable to use their unclaimed income to secure credit from banks. Furthermore, they run the risk of someone reporting their large cash purchases to the IRS or the Financial Crimes Enforcement Network, which would increase and the risk of an audit.

The costs and benefits to small businesses of underreporting cash

In addition to the costs borne by the evader, tax evasion imposes externalities on others. Businesses that voluntarily pay taxes operate at a competitive disadvantage, which results in a market distortion. Despite their having to charge market prices for their products, compliant businesses have higher costs than their tax-evading competitors.

The IRS takes action
We have a strong interest in collecting this revenue and correcting the market failures caused by tax evasion. Other countries have responded to unreported cash income in a variety of ways. Mexico has a two percent tax on large cash bank deposits to capture informal market activity. As part of their recent austerity plans, both Italy and Greece have banned high-value cash transactions in order to limit tax evasion. In the United States, the IRS will be using the electronic payments system to address underreporting of cash income: IRS rule 6050W will require merchant processors—the companies that process credit and debit card payments for businesses—to report their clients' receipts to the IRS annually. The IRS will use this data to improve audit algorithms. Third-party income reporting is a classic technique for increasing compliance. 6050W went into effect for tax year 2011, and the IRS will begin receiving the relevant data in January 2012.

Increasing electronification of both payments and tax administration should lead to increased transparency of small businesses income. This greater transparency might result in a natural decline in tax evasion over time. Is there a role for the payments industry in ensuring compliance? Cooperation among industry processors, compliant businesses, and regulators may represent an opportunity to lower the social cost of cash payments, and thereby mitigate risk in the payments system.

By Jennifer C. Windh, a payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed

April 18, 2011 in law enforcement, payments systems | Permalink

Comments

One of the arguments for the continuing usage of cash has been the lack of an alternative for the unbanked. I believe this has been answered by the dual functions of pre-paid debit cards and of mobile phone-based payments. As long as these are available at cost-effective alternatives - the program developed by our not for profit group for developing countries has a maximum fixed cost of $0.25 per transaction - it becomes increasingly likely that any continuance of cash-based transactions is for tax evasion.
The time has come for tax authorities to be proactive in this regard. If you buy goods or services and are asked to pay in cash, you should get a receipt which shows the amount of tax added to the transaction; in the US this will be Sales Tax, while in most of the rest of the world it is VAT.
As the buyer, you may have a way to protect yourself from any suggestion of aiding and abetting an illegal act, by submitting a report of the transaction to the relevant tax authority. Indeed, you may be entitled to a reward if the report assists the tax authority in fining/ prosecuting the tax-evading merchant.
The merchant can protect itself by making a payment to the tax authority at the end of each day, with full support data to show on which transactions it had accepted cash.
This policy, in conjunction with real time fraud analysis of all electronic transactions, can encourage all businesses to report their income correctly. The analysis can provide valuable data by comparing similar companies and their tax settlements.
As you point out, it is not fair for some to get away with evasion, which always means the honest merchant and customer have to pay more in the end. Technology is now available to stop such cheats - and tax authorities should act cohesively to achieve this end.

Posted by: christopher williams | May 1, 2011 at 05:31 AM

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 14, 2011


Why U.S. issuers might be reluctant to adopt the EMV standard

A hot topic for Portals and Rails and the Retail Payments Risk Forum has been the replacement of magnetic-stripe cards with chip-and-pin cards in the United States. In fact, a recent industry blog labeled my colleague Rich Oliver "the first U.S. banking industry executive to publicly declare that a U.S. migration to the EMV payments standard is inevitable." Many countries around the globe have adopted or are in the process of adopting the EMV standard, but the United States has not budged, despite a recent European Payments Council resolution suggesting an end to mag stripe. Meanwhile, U.S. industry participants, including a large payment network and issuer, are investing in improving mag-stripe cards.

Let's consider the migration to EMV from an issuing perspective using recently collected debit card information by the Federal Reserve Board to assist with its responsibilities under the Durbin Amendment.

Current status of EMV in the United States
With the recent announcement that the Raleigh, N.C.-based State Employees Credit Union will convert its debit card portfolio to EMV by year's end, there are now two (yes, two!) small financial institutions in the United States committed to converting their portfolios to the EMV standard. If reports on fraud reduction since implementing the EMV standards in countries such as the United Kingdom are true, why then are U.S. issuers slow to convert to EMV? In last week's blog, Rich states that, given current fraud loss levels and fraud management and mitigation costs, there may not yet be a near-term business case for the migration to EMV. However, peeling back the onion another layer, a key difference in the authorization environments of the United States to other markets, such as the U.K., has led to lower levels of fraud, albeit at significant investment levels, and a fundamental reason behind issuers' reluctance to migrate.

Online versus offline authorization
Nearly all card transactions in the United States are authorized online. In this environment, the transaction authorization uses telecommunications at the time of a sale to route a merchant's authorization request to the issuer to approve or decline, based on a number of factors such as available funds or credit limit and multiple fraud prevention and mitigation checks. U.S. issuers and networks have invested heavily in fraud prevention and mitigation controls for online authorization programs. As a result, issuers have recognized relatively low levels of card fraud—approximately $.02 per debit transaction, or 5.4 basis points of transaction value. For PIN-based debit transactions, these numbers are even lower: $.01 per transaction, or 3.3 basis points of transaction volume.

Unlike the United States, the United Kingdom has primarily been an offline authorization market. In this scenario, the transactions are not authorized at the time of sale, but rather are batched throughout a given time period and transmitted to the issuers. Most importantly, this type of authorization process does not support PIN debit transactions using magnetic-stripe technology. While the EMV standard supports both online and offline authorizations, the reduction of fraud for offline authorizations was a key driver of implementation in the United Kingdom, as EMV allows for offline authorization at the time of sale.

According to analysis of data from the UK Payments Administration, fraud rates on all cards at the end of 2004 (near the beginning of the EMV implementation) were significantly higher than fraud levels currently seen on debit cards in the United States. However, by June of 2010, fraud in the United Kingdom has fallen by more than 50 percent to £.03 per transaction, or 6.6 basis points of transaction volume, which is still higher than debit card fraud rates experienced in the United States today.

Will there be a case for U.S. issuers to adopt the EMV Standard?
With approximately 500 million debit cards in circulation in the United States, relatively low levels of fraud, and significant investments into current authorization systems, it seems reasonable that debit issuers currently have little appetite for investing in the EMV standard today. While recognizing that the credit card story might paint a different picture with higher fraud losses, the fact remains that both issuers and networks have made significant investments in authorization systems to prevent and mitigate credit card fraud from which they don’t appear to be ready to walk away.

In light of U.S. issuers' shunning the EMV standard to date, here are some questions for industry participants to ponder. Will there be a tipping point for the United States to adopt the EMV standard? If so, what will that tipping point be? Can the global card payment market exist in an environment similar to the electrical market, whereby the United States uses 110-volt electricity while most of the world uses 220 volt? Can chip-and-pin prepaid cards such as the Travelex Cash Passport Currency Card address differences in global payment standards for U.S. issuers in a way that electrical adapters address the voltage issue?

By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

March 14, 2011 in chip-and-pin, EMV, payments systems | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

February 14, 2011


Can mobile address the rising tide of fraud in card-not-present transactions?

Combating fraud in credit and debit card payments is a challenge for all payment system participants, from the banks that issue the cards to the merchants that accept those cards as payments for goods and services. One particularly troubling channel, with a rising incidence of card fraud, is on the Internet. Retailers are increasing their efforts to attract customers online with discounts, online-only specials, and free shipping and returns. While the use of cards for website payments, also known as card-not-present (CNP) transactions, is inherently riskier than face-to-face transactions at a merchant's point-of-sale, the dramatic rise in e-commerce suggests it is a trend that is here to stay. As the mobile channel develops for card payments, can the security capabilities of mobile handsets protect consumers against CNP fraud?

CNP fraud: The U.K. experience
While data regarding fraud loss and mitigation costs are hard to come by in the United States, the U.K. Card Association gathers information that we can use as a good proxy for gauging experiences in other markets. This organization found that as the Internet environment has become an increasingly hospitable environment for commerce, CNP has risen dramatically, from just 16 percent in 1999 to 60 percent of total card fraud losses in 2009.


As we noted in an earlier 2010 post, CNP fraud escalated when the U.K. migrated from magnetic stripe technology to credit cards with microcomputer chips. Consequently, the more secure technology at the point of sale drove fraudsters to the more vulnerable online channel.


However, the U.K. took quick action against CNP fraud, implementing better screening and detection tools and, in 2009, U.K. CNP fraud actually declined 19 percent.

Though not directly measurable, CNP fraud, industry experts agree, has made its way to the United States, where the magnetic stripe card technology remains prevalent. In fact, according to the U.K. Card Association's 2010 report, the majority of online payment fraud involves the use of card data obtained through illicit means such as card skimming, a crime that is actually mitigated with chip technology.

Growing Internet sales and CNP: A perfect storm?
According to a report by Javelin Strategy & Research, which forecasts online retail payments, the United States has fostered a robust online transaction market in recent years despite the economic downturn. This trend is expected to continue as consumers and merchants alike become increasingly comfortable conducting e-commerce for everyday goods and services.


The proliferation of smartphone applications for retailer websites along with a broader use of social media to distribute coupons and loyalty rewards are working together to drive consumers to shop online where card payments are widely accepted.

As merchants embrace a rise in retail sales, how do we mitigate the growing threat of CNP fraud in the United States?

Mobile security advantages
One benefit of a contactless mobile payments system is the potential to reduce fraud by eliminating magnetic stripe technology in favor of more intelligent chip technology, which has better security features for combating CNP fraud. The future mobile payments system introduces the ability to layer security tools unique to both the hardware and software resident in the mobile handset. Furthermore, the chip that enables the payment can contain account credentials and additional authentication factors, including location awareness applications, which can enhance the security of the payments transaction.

It is time that merchants, issuers, and payment regulators seriously consider the growing threat of CNP fraud in the debate on how and when to move to more secure payment methods.

Photo of Ana Cindy MerrittBy Cindy Merritt, assistant director of the Retail Payments Risk Forum

February 14, 2011 in chip-and-pin, contactless, fraud, payments systems | Permalink

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

December 6, 2010


Tough decisions: Fighting fraud in a free market

Over the past two years, despite a stagnant economy, the U.S. payments system has harvested the benefits of a free market: the generation of hundreds of innovative ideas. Mobile payment pilots, P2P offerings, remote banking services, small merchant credit card approval tools, and at-home remote deposit capture services for checks are only a sampling of the new ideas, many of which came from nonbank participants. Inevitably, this type of innovation and competition will result in more choices at more reasonable prices for American consumers and businesses.

This extraordinary explosion of payments system creativity stems not only from the benefits of free market capitalism, but also from the historical fact that our payments system enjoys substantially less oversight than other advanced economies. While we have a considerable array of consumer protection regulations in place in the United States, we do not have any specific government body charged with determining and enforcing overall payments policies and practices. Unlike much of Asia, Europe, the Far East, and Australia, there are no competition authorities, payments councils, commissions, or boards that set policy across payments channels. The Federal Reserve does not play as strong a role in governing payments as do the European Central Bank, the Bank of Japan, or the Reserve Bank of Australia. Congress has passed no comprehensive payments law such as the Payments Services Directive in Europe or the Payments Services Act in Japan. Predictably, then, we see the type of lively and innovative payments market in place in the United States today.

The downside of freedom
But, in the words of that great college football guru, Lee Corso, "Not so fast, my friends!" With the freedom to innovate also comes the freedom to do bad things. Said differently, there exists an inconsistent appreciation or concern for the necessary integrity of payments products and services. Entrepreneurs are not given the responsibility to ensure that their ideas can pass muster in the public policy arena. Their first concern is the marketability of their glitzy new product, not its protection against intrusion or susceptibility to fraud. While we can argue that banks by their very nature are more steeped in the tradition of focusing on integrity and security as key elements in payments services, the same is probably not as true for the large number of new nonbank players entering the payments world. Certainly, some such companies, particularly those run by experienced financial services professionals do get the message, but many do not. We can assume that as less secure products and services are deployed, bad things will happen and lessons will be learned that bring about a reformation. In the meantime, many consumers and businesses may be seriously impaired.

The likely result of such experiences, however, may be the further engagement of Congress—and, ultimately, government—to devise remedies for the failings of a highly innovative payments system. Over time, we have seen some of this in the form of targeted legislation intended to fix problems or reign in abuses. Payments-related controls are embedded in the Expedited Funds Availability Act (EFAA), the Patriot Act, the CARD (Credit Card Accountability Responsibility and Disclosure) Act, and the recent Financial Reform Act. But none of the past legislative efforts have been comprehensive. The EFAA focused on checks, the Patriot Act on cross-border payments, the CARD Act on credit cards, and the Durbin Amendment to the Financial Reform Act on debit cards. The specific rules and controls for operating our various payments systems are resident in the requirements of the card companies, the NACHA rules for ACH, and Fed and ECCHO (Electronic Check Clearing House Organization) rules for check image exchange. In essence, the integrity of our payments system relies as much on vigorous self-policing as it does on law making. In fact, one could argue that law making is the predictable successor to bad self-policing.

The challenge to self-police
So the challenge for the payments industry, in an era of explosive technological development and worldwide connectivity, is to become much more focused on the issues associated with protecting the integrity of the payments system. Such attention needs to encompass a wide range of concerns, including data privacy, fraud mitigation, and financial stability. We cannot continue to build solutions that allow customer accounts to be taken over, identities to be stolen, and terrorist financing and money laundering to prosper. If we do, than we can be certain that Congress will move to clamp down, either on a piecemeal basis or more comprehensively, following models in place elsewhere. Ultimately, it is up to the industry as a whole, through its individual parts and representative groups, to get serious about its deficiencies within and across silos. In difficult financial times, it is hard to contemplate spending more on protecting the payments system when so many other priorities call. But our ability to preserve the potential benefits of widespread innovation may depend on it. If we fail to spend on remedies now, we will inevitably spend on them later and probably with less efficiency in reaction to legislation and regulation.

By Rich Oliver, Executive Vice President of the Atlanta Fed and Director of the Retail Payments Risk Forum

December 6, 2010 in innovation, payments systems, risk management | Permalink

TrackBack

TrackBack URL for this entry:
https://www.typepad.com/services/trackback/6a01053688c61a970c0147e06c270d970b

Listed below are links to blogs that reference Tough decisions: Fighting fraud in a free market:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

Google Search



Recent Posts


Archives


Categories


Powered by TypePad