Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
January 10, 2011
Nonbanks and payments innovation: Because that's where the money is
In the past decade, nonbank companies have driven most payments innovations. For the most part, banks have left Silicon Valley startups and other third-party players to develop cool new payments gadgets and platforms that attract venture capital and YouTube views. While this dynamic and free market has allowed for great creativity, it has also meant that many of these new payments tools emerged outside the extensive system of regulations and consumer protections that exist in the banking industry.
This blog previously covered the lack of uniform regulation of the money services business (MSBs), a significant gap given the expansion of financial services offered by MSBs like Western Union and MoneyGram in recent years. While providing a vital service for money transfer, MSBs may be vulnerable to money laundering and fraud schemes, as they lack the robust regulatory oversight that governs mainstream financial institutions. Through a series of industry partnerships, MSBs and other less-regulated nonbank payment companies are integrating with bank operations. For example, CashEdge, a relatively new alternative payment service provider, and MoneyGram recently announced one such partnership that could have implications for anti-fraud efforts.
Last year, MoneyGram paid $18 million in a Federal Trade Commission (FTC) settlement that charged the company had known about fraud on their system but did not work to address it, disregarding law enforcement warnings and willfully ignoring customer fraud complaints against agents. Consumers reported $84 million in losses between 2004 and 2008, but it is likely that many victims did not come forward, and the FTC claims that losses may actually have run into the hundreds of millions of dollars. Since the settlement, MoneyGram has invested heavily in anti-fraud measures, including enhanced agent training, improved communication with consumers, and greater partnership with law enforcement and the FTC. In response to questions from the Connecticut Watchdog, MoneyGram explained that these efforts have prevented $30 million in fraud this year and resulted in a 75 percent decrease in fraudulent transactions between the United States and Canada.
However, con artists continue to exploit Americans, evidenced by the recent Make-A-Wish scam. This scam has already defrauded victims of $20 million, with the thieves again using Western Union and MoneyGram to receive payments. Although these companies provide a valuable service to those sending money abroad to family and others, they are still vulnerable to threats from bad actors.
In light of this vulnerability, MoneyGram's announcement this past fall of a partnership with CashEdge to integrate with their POPmoney service bears scrutiny. POPmoney is a bank-initiated peer-to-peer payments service that went live late in 2009 and allows users to send friends and family money through text, e-mail, or online banking. The product has been very popular, with more than 100 banks adopting the service within six months of launch. The new partnership means that POPmoney users will be able to transfer money not just to other bank accounts, but also to any MoneyGram location around the world. These POPmoney-to-MoneyGram transactions will likely be fast and irreversible, using CashEdge’s convenience and MoneyGram's global presence. Furthermore, users will initiate all transactions via online or mobile banking, funding them directly from their primary bank account. Although MoneyGram launched enhanced anti-fraud technology last year for scanning risky transactions, these online transfers would bypass live agents whose training is one line of defense against fraud.
Although there may be considerable risks in integrating MSBs directly to a financial institution's online banking services, doing so could also be an opportunity to fight fraud in these channels. If banks' extensive experience in fraud detection and mitigation were applied to the money transfer business, it could significantly improve consumer safety and experience. If there are lessons to be learned here, they could be applied to a variety of similar partnerships across the industry, improving banks' access to innovation and enhancing the risk management capabilities of new payments products.
By Jennifer C. Windh, a payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Nonbanks and payments innovation: Because that's where the money is:
January 3, 2011
Demand deposit accounts: Balancing convenience and risk
Today's demand deposit accounts (DDA) have multiple access points–online, mobile, and ATM–affording consumers a great deal of convenience. At the same time, though, they provide that many more ways for criminals to carry out fraud schemes, as hacking tools (PIN phishing and skimming) become more sophisticated and fraudsters more bold with their attempts to fleece DDAs. According to a white paper by Fiserv, banks are becoming increasingly concerned about DDA fraud. The paper mentions a survey by McKinsey & Co., which revealed that an estimated $5 billion to $7 billion in annual losses can be attributed to DDA fraud, a figure expected to grow at a annual rate of 7 percent.
DDA fraud can take many forms. When it occurs with debit cards, a fraudster can steal or skim the physical card, or use a phishing scheme to steal a PIN, then use that information to deplete the account. When fraud occurs with checks, a perpetrator can empty the DDA by forging check endorsements or drawer signatures, counterfeiting or altering checks, or carrying out check kiting schemes. According to the Fiserv paper, there is also cross-channel fraud, which occurs with accounts that have more than one access point. This type of DDA fraud is increasing most likely because of the introduction of new channels like mobile and account-to-account transfers.
Declining check use but rising check fraud
Interestingly, even as check use declines, losses from check fraud and attempts at such fraud rise. The decline in check usage was recently captured by the Federal Reserve's 2010 Payments Study, which showed that "in 2009 more than 75 percent of all U.S. noncash payments were made electronically, a 9.3 percent annual increase since the Federal Reserve’s last study in 2007."
According to a recent speech by an official from the Financial Crimes Enforcement Network (FinCEN), reports of scams involving checks increased 19 percent in the first six months of 2009, and 27 percent of all Suspicious Activity Reports (SAR) filed in 2009 were for fraud-related activities. Check fraud was one of only two categories—the other was money laundering—that had an increase in SARs between 1996 and 2009.
Another study that touched on the prevalence of check fraud is the 2009 Deposit Account Fraud Survey Report of the American Bankers Association, which estimated that check-related losses amounted to $1.024 billion in 2008, up from $969 million in 2006. Of the banks surveyed, 80 percent indicated that they had reported check fraud losses in 2008, the same percentage as in 2006.
Rising debit card use, rising fraud
Debit card fraud is usually carried out through point-of-sale signature, PIN, and ATM transactions. As debit card usage escalates, so does debit card fraud.
According to the Fed's 2010 Payments Study, debit card usage exceeds all other forms of noncash payments. In fact, the annual use of debit cards increased by over 12.8 billion payments, the largest increase by any payment type during the survey period, reaching 37.9 billion payments in 2009.
According to the ABA survey, commercial losses from debit card fraud reached an estimated $788 million in 2008. Approximately 92 percent of survey participants reported experiencing debit card fraud, not surprising given the prevalence of debit cards.
Addressing DDA fraud
With consumers more and more often using debit cards and other noncash payments at the point of sale, and with the continued growth of more sophisticated hacking schemes, early detection and mitigation are more critical than ever to resolving payments fraud. The management of DDA fraud risk will have to change in response to the creation of new access points to demand deposit accounts.
Notwithstanding the technological advances in software that help financial institutions prevent and detect DDA fraud, the self-vigilance of consumers can add significant value. As we move further away from paper-form and more towards all-electronic-forms of payments, ultimately, detecting and deterring demand deposit account fraud will continue to be a combined effort between the consumer and its financial institution.
By Ana Cavazos-Wright, senior payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed
December 6, 2010
Tough decisions: Fighting fraud in a free market
Over the past two years, despite a stagnant economy, the U.S. payments system has harvested the benefits of a free market: the generation of hundreds of innovative ideas. Mobile payment pilots, P2P offerings, remote banking services, small merchant credit card approval tools, and at-home remote deposit capture services for checks are only a sampling of the new ideas, many of which came from nonbank participants. Inevitably, this type of innovation and competition will result in more choices at more reasonable prices for American consumers and businesses.
This extraordinary explosion of payments system creativity stems not only from the benefits of free market capitalism, but also from the historical fact that our payments system enjoys substantially less oversight than other advanced economies. While we have a considerable array of consumer protection regulations in place in the United States, we do not have any specific government body charged with determining and enforcing overall payments policies and practices. Unlike much of Asia, Europe, the Far East, and Australia, there are no competition authorities, payments councils, commissions, or boards that set policy across payments channels. The Federal Reserve does not play as strong a role in governing payments as do the European Central Bank, the Bank of Japan, or the Reserve Bank of Australia. Congress has passed no comprehensive payments law such as the Payments Services Directive in Europe or the Payments Services Act in Japan. Predictably, then, we see the type of lively and innovative payments market in place in the United States today.
The downside of freedom
But, in the words of that great college football guru, Lee Corso, "Not so fast, my friends!" With the freedom to innovate also comes the freedom to do bad things. Said differently, there exists an inconsistent appreciation or concern for the necessary integrity of payments products and services. Entrepreneurs are not given the responsibility to ensure that their ideas can pass muster in the public policy arena. Their first concern is the marketability of their glitzy new product, not its protection against intrusion or susceptibility to fraud. While we can argue that banks by their very nature are more steeped in the tradition of focusing on integrity and security as key elements in payments services, the same is probably not as true for the large number of new nonbank players entering the payments world. Certainly, some such companies, particularly those run by experienced financial services professionals do get the message, but many do not. We can assume that as less secure products and services are deployed, bad things will happen and lessons will be learned that bring about a reformation. In the meantime, many consumers and businesses may be seriously impaired.
The likely result of such experiences, however, may be the further engagement of Congress—and, ultimately, government—to devise remedies for the failings of a highly innovative payments system. Over time, we have seen some of this in the form of targeted legislation intended to fix problems or reign in abuses. Payments-related controls are embedded in the Expedited Funds Availability Act (EFAA), the Patriot Act, the CARD (Credit Card Accountability Responsibility and Disclosure) Act, and the recent Financial Reform Act. But none of the past legislative efforts have been comprehensive. The EFAA focused on checks, the Patriot Act on cross-border payments, the CARD Act on credit cards, and the Durbin Amendment to the Financial Reform Act on debit cards. The specific rules and controls for operating our various payments systems are resident in the requirements of the card companies, the NACHA rules for ACH, and Fed and ECCHO (Electronic Check Clearing House Organization) rules for check image exchange. In essence, the integrity of our payments system relies as much on vigorous self-policing as it does on law making. In fact, one could argue that law making is the predictable successor to bad self-policing.
The challenge to self-police
So the challenge for the payments industry, in an era of explosive technological development and worldwide connectivity, is to become much more focused on the issues associated with protecting the integrity of the payments system. Such attention needs to encompass a wide range of concerns, including data privacy, fraud mitigation, and financial stability. We cannot continue to build solutions that allow customer accounts to be taken over, identities to be stolen, and terrorist financing and money laundering to prosper. If we do, than we can be certain that Congress will move to clamp down, either on a piecemeal basis or more comprehensively, following models in place elsewhere. Ultimately, it is up to the industry as a whole, through its individual parts and representative groups, to get serious about its deficiencies within and across silos. In difficult financial times, it is hard to contemplate spending more on protecting the payments system when so many other priorities call. But our ability to preserve the potential benefits of widespread innovation may depend on it. If we fail to spend on remedies now, we will inevitably spend on them later and probably with less efficiency in reaction to legislation and regulation.
By Rich Oliver, Executive Vice President of the Atlanta Fed and Director of the Retail Payments Risk Forum
TrackBack URL for this entry:
Listed below are links to blogs that reference Tough decisions: Fighting fraud in a free market:
November 15, 2010
Retail Payments Risk Forum publishes white paper on mobile payments
Everyone has a cell phone these days, and that ubiquity is paving the way for wide acceptance of mobile money person-to-person transfer services, also known as MMT. Emerging countries, where the mobile channel provides a safe, efficient environment for conducting financial transactions and improving financial inclusion, have been especially quick to adopt MMT. In contrast, mobile payment adoption in the United States has been slow, but many experts believe that, with more people acquiring smart phones and having access to all the applications that go with them, MMT is on the brink of becoming widely accepted.
As roaming agreements between wireless carriers and the globalization of commerce in general work together to render our world's geographic borders irrelevant, how quickly can we expect these services to migrate to the United States? More importantly, as various forms of electronic payment crimes emerge, what should the industry do to prepare for new mobile services in a cross-border environment?
To answer these questions, the Retail Payments Risk Forum recently published a white paper titled "Mobile money transfer services: The next phase in the evolution in person-to-person payments," which describes the current landscape for these services and examines the risk environment for mobile money for both developed and emerging countries as new business partnerships between bank and telecom firms take shape.
MMT has the potential to catalyze the mobile financial services market
Infrastructure developments to support MMTs could support the evolution of other financial services. According to the GSM Association, this infrastructure provides the basis for the concept of the mobile wallet, which will allow mobile phones users to conduct banking, proximity payments using the phone at a merchant's point-of-sale terminal, and remote mobile payments, including domestic and cross-border mobile transfers.
The mobile money risk environment
The risks inherent in all retail payments are also present in the mobile space, including money laundering, privacy and security, consumer protection, fraud, and credit and liquidity. As mobile financial services evolve, there will be a number of issues to consider for managing the new risks mobile phone-based payments stand to introduce. The emergence of more nonbank participants in the distribution of mobile payments, including telecom firms and their agents along with technology vendors, may create additional risk considerations for payment regulators. Since mobile technology-enabled payments do not require the face-to-face interaction that takes place with traditional banking, the resulting opaque, anonymous experience can also create more opportunity for criminal activity. This will be increasingly important in a future where mobile retail payments will occur rapidly and across geographic borders, potentially outside the purview of traditional regulatory oversight. Payments regulators have limited expertise and experience in identifying electronic payments crime in communication systems—so the potential for abuse is a real and imminent threat that is still abstract and not well understood in this early stage of the game.
Policy considerations for industry stakeholders, policymakers, and regulators
The integrity and safety of the world's retail payment systems rely on cooperative information sharing about service developments and potential gaps in regulation. A number of considerations should remain at the forefront of industry discussions.
- The new mobile landscape will require dialogue between the regulatory authorities for financial services and telecom firms. Financial and telecom sector regulators will need a comprehensive understanding of the emerging risks in mobile payments with a collective eye toward the potential need to establish new regulatory concepts of electronic money regulation. This may demand a program for routine communication to ensure that regulators understand payment system risk issues and provide effective risk-based supervision for payment services providers.
- An oversight infrastructure for mobile payments, including the financial services of telecom firms, should be established. This oversight might be established through a routinely convening workgroup representing applicable regulators or the creation of a new organization with expertise in the unique and dynamic risk issues in mobile services.
- Cross-border mobile payments may require improved customer-data sharing on an international basis. The anticipated growth in mobile remittances may demand a new environment of international cooperation and sharing of customer data and analysis.
- U.S. mobile payments services providers should be required to establish programs to mitigate the risk of money laundering. Mobile services will require new methods for detecting and monitoring data flows. All service providers, including telecoms, will need to establish risk management programs commensurate with the risk in their service offerings.
- Converged regulatory authorities should examiner consumer protection risks for potential gaps in regulatory oversight. In the United States, it may be necessary to reexamine the applicability of Regulation E protections to stored-value payments as they become more prevalent in the mobile channel, in order to prevent consumer confusion in error resolution scenarios.
The experts are right in saying that mobile adoption still low. But the rapid pace of change means that industry stakeholders, and especially regulators, need to be forward-looking and anticipate where the winds of change will blow. A rearview mirror approach to addressing emerging risks in mobile payments can be modified with proactive thinking, dialogue, and global collaboration.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum
- Will Payments Be Getting REAL?
- Financial Solutions for the Younger Generation
- Encouraging Password Hygiene
- Should We Throw in the Towel When It Comes to Data Breach Prevention?
- Looking for Partners in Safer Payments
- The Range of Un-Friendly Fraud
- Payments Webinar October 10: Cash in the 21st Century
- "Insuring" Ransomware Will Continue to Flourish
- Designing Disclosures to Be Read
- Is There a Generation Gap in Cash Use?
- November 2019
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- account takeovers
- ATM fraud
- bank supervision
- banking regulations
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- credit cards
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- financial technology
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- online retail
- Payment Services Directive
- payments fraud
- payments innovation
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- skills gap
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workforce development
- workplace fraud