Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
July 19, 2010
Soccer balls and payment cards: A push for global standards
I am generally not a soccer fan but over the past few weeks I found myself curiously engaged in that nationalistic spectacle called the World Cup. Despite my general disinterest in low-scoring games and Oscar-quality performances by slightly injured players, I got caught up in the intensity of play and extraordinary skill levels displayed by these world class athletes. Then one day a debate erupted regarding standards. Apparently, soccer balls are not standardized and the one being used seemed hard and "skitterish." How bizarre!
Of course, my thoughts immediately turned to a more consequential global-standards issue taking place in the payments card world—the debate about the United States' reliance on the magnetic-stripe card standard as opposed to the chip-and-pin standard being adopted throughout the world, including in neighboring Canada.
Chip-and-pin technology has been deployed in Europe over the last decade as a means of reducing fraud by using the enhanced capabilities of a computer chip embedded in the plastic card to store and manage customer authentication data. Its success has been widely documented in recent fraud studies. This standard has been implemented using a specification called EMV, an acronym of Eurocard, MasterCard, and VISA, the original founders of the standard. In fact, EMV is now a corporation whose ownership has been expanded to include JCB (a Japanese card company) and American Express. So, what's the big deal? We survived the soccer ball dispute, so can't we survive the fact that the United States is not on board with the emerging global payments card standard? The answer may be a resounding "No!"
Various reports from payments research firms such as AITE have suggested that as many as 10 million U.S. travelers experienced difficulties with incompatible card technologies when traveling abroad during the past year. I learned some time ago that the least expensive and most secure way to acquire cash overseas is from an ATM machine. I now foresee a time when I will have to ask a European hotel concierge for the location of an American ATM (one capable of reading mag stripes), only to find out the nearest one is two miles away.
So why doesn't the United States adopt the emerging global standard? While there are many technological and political issues in play, the bottom line is that the overall cost of deployment to the U.S. payments system as a whole, and to merchants specifically, is a staggering number made even more daunting by the current state of the economy and available investment dollars. The Smartcard Alliance estimates that as many as six million merchant terminal devices may need to be replaced or upgraded to embrace chip-and-pin technology, with the bulk of the cost falling on the shoulders of merchants. Consequently, we are left to assume that we are likely to have to travel a long and winding road to migrate to the emerging global standard.
This observation is not in itself calamitous since past roads to worldwide standards are littered with the relics of failure (remember the push to implement the metric system?), but the stakes here are considerably higher in two important ways. First, we may become the only substantial economic power dependent on a payments standard that is less secure than that of the rest of the world. That means that criminals, intent on profiting from card fraud, will continue to migrate to the United States in growing numbers. The second issue is that chip-and-pin technology is a critical element in progressing toward an even more secure and visionary goal—the deployment of mobile phone-based payments capabilities using a chip embedded in the phone. Industry conference agendas are crowded with sessions describing the way a smartphone can be waved near or tapped against a merchant terminal device using radio wave-based near-field communications (NFC) technology to capture the customer's payment credentials. Chips embedded in the phone, coupled with applications loaded on the phone from card-issuing banks, will create the effect of a "mobile wallet" that promises to be more convenient and, yes, more secure than what we use today.
So what should we do about this mess of the United States being out of step with respect to payments card technology? I would suggest that this issue could eventually reach the public policy level. Perhaps it is time for policymakers to consider whether migrating to an increasingly adopted world standard is in our best national interest. After all, we just mandated a move to digital television. While this change facilitated my ability to watch the World Cup in high definition, it cannot possibly be of the same importance as this brewing card issue. If we want to mitigate the possibility of the United States being a center of card fraud and enable our consumers and business folks to travel abroad more easily, it may be time to charge someone in government with developing a well-thought-out, participatory, multi-year plan to move this country to the emerging global payments card standard.
By Rich Oliver, executive vice president, FRB Atlanta's Retail Payments Risk Forum
TrackBack URL for this entry:
Listed below are links to blogs that reference Soccer balls and payment cards: A push for global standards:
July 12, 2010
The confluence of payments, social networks, and malware: Elements of a perfect storm?
Thanks to a rapid increase in functionality and convenience, consumers are becoming more comfortable conducting e-commerce and participating in social networking with mobile phones instead of computers. At the same time, though, social networks are providing cybercriminals with a ready population of potential victims for emerging malware attacks. Similarly, cell phone applications that serve to extend the customer network reach may actually create vulnerabilities to malware attacks. How can the industry manage the security vulnerabilities in social networks as they migrate to the mobile channel?
More consumers using mobile devices to access social networks
A recent report from digital media firm comScore says social network activity is one of the fastest growing access categories on mobile devices. The report states that the number of mobile channel network users more than tripled over the past year, increasing 240 percent to 14.5 million users by April 2010. The report also says that accessing bank accounts is one of the fastest growing mobile phone functionalities, both by mobile application and Internet browser. As of April 2010, consumers used bank access applications 113 percent more than the prior year.
Social networks represent a growing target for phishing and malware
Social networks are beginning to compete with financial institutions and e-commerce sites as a favorite target for phishing attempts, according to a Microsoft Security Intelligence Report published in November 2009. This chart reflects a dramatic increase in phishing impressions in May and June of 2009 for social networking sites. (The report defines "impression" as a single attempt to visit a phishing page and being blocked by a filter.) Phishing schemes are frequently used to lure consumers into exposing personal data and introducing links to sites with malware downloads.
Gaming services—such as Farmville and Mafia Wars—available on these sites provide an additional entry point for phishing, spamming, and other schemes. Users are lured to fraudulent Web pages, where they can earn game points by completing surveys and quizzes. A specific example of a malware attack was the 2009 Koobface Worm. Koobface infiltrated numerous social networking sites including Facebook, Myspace, and Twitter by embedding a malicious link in messages that appeared to be from trusted parties. When users clicked the link, they were redirected to a page that appeared legitimate but actually included a download for malware. Once the malware installed itself on a user's computer, it gained access to the user’s personal data, facilitating identity theft payment fraud.
Malware coming to mobile phones
According to a report from security firm Mxlogic, social network malware is targeting mobile phones through subscriptions to these same gaming services, such as Farmville and Mafia Wars. It reports that when users sign up for the subscriptions, they inadvertently consent to receiving text spam that has the potential to infect a phone. Smartphone manufacturers act as gatekeepers to ensure that application developers design apps that meet their proprietary criteria and standards for leveraging their operating platforms, but with thousands of applications on the market today, mobile phones are increasingly vulnerable to data exposure. Application store operators have been proactive in policing applications for security and authenticity. For example, in December 2009, Google withdrew dozens of unauthorized mobile banking applications known as "09Droid" from its system for violating its trademark policy.
Since criminals follow the money, so to speak, it is reasonable to expect that malware authors will be interested in mobile payments and banking applications going forward. The rapid pace of phone application innovation and deployment will challenge efforts to detect and mitigate new malware schemes and other forms of cybercrime. For the consumer, the best line of defense to guard against viruses and malware attacks in any electronic environment is caution, by avoiding links in unfamiliar messages and social network games and choosing downloaded smartphone applications judiciously, if possible.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum
June 29, 2010
Managing risk in the ACH network: Minneapolis Fed study uses FedACH data to identify better benchmarks
ACH volumes have grown rapidly over the past decade, as the network has expanded beyond prearranged, recurring payments between known and trusted parties to include converted checks and one-time transactions originated over the Internet or by telephone. New ACH services have heightened concerns about risk because of the potential associated growth in ACH returns for reasons such as insufficient funds, presentment to closed accounts, and unauthorized transactions, to name just a few. To gauge the level of risk in a financial institution’s ACH origination business, it may seem reasonable to use the rate of these returned items as a possible benchmark. If an ACH originator's return rate is consistently below the industry average, we should be confident that its ACH risk management practices are generally sound, shouldn't we?
Not necessarily, according to a new Federal Reserve study. The researchers—Olivier Armantier, Michele Braun, and Dennis Kuo of the New York Fed and Ron Feldman, Mark Lueck, and Richard Todd of the Minneapolis Fed—recently conducted a study using FedACH data to look at ways to improve the benchmarks used to monitor ACH returns to shed some light on today's ACH risk environment. The study held some interesting and noteworthy findings.
Average return rates are not necessarily a good benchmark for measuring risk
The Federal Reserve study shows that about 75 percent of all consumer debit originators were below the FedACH average for consumer debit return rates during spring 2006. This large percentage stems from the fact that the average is elevated by a small number of very large originators who also have higher return rates. Consequently, some originators who fall below the average may still have rates significant enough to deserve attention. In short, while average return rates are almost the only benchmark currently available, they do not provide the most effective proxy for assessing ACH return risk management.
Better benchmarks could be constructed
The Fed study illustrates how more informative benchmarks could be computed by exploiting the ACH transactions data. The authors used FedACH data on all consumer debit forward and return items originated for a period in mid-2006. By developing a methodology that matched about 90 percent of return items to their original forward item, they could tabulate rich sets of statistics, covering the whole distribution of ACH return rates, not just the average. Their analysis tabulates return rate distributions for several individual standard entry class (SEC) codes, as well as the overall distribution of ACH transaction types, leading to the following additional results:
- Size doesn't matter much. ACH return rates for small and large originators are not very different for most SEC codes. In fact, overall and for most types of consumer debits, the median small originator has a slightly lower return rate than the median large originator, when size is measured by deposits. Return rates were also not strongly related to the originating depository financial institution's volume of originations. Thus, it would be a mistake to read deposit size or institution size as a proxy for sophistication in managing the quality of ACH originations.
- TEL and WEB are both risky, but in different ways. The average return rates for both telephone-initiated transactions (SEC code TEL) and web-initiated transactions (SEC code WEB) were high relative to most other types of consumer debits, but in different ways. TEL risks were higher across the board, so that well-below-median TEL return rates were still high compared to typical consumer debit return rates. By contrast, most WEB originators experienced lower returns on WEB than on consumer debits generally. However, a minority of WEB originators with significant volumes and very high return rates pulled the average return rate for WEB somewhat above the average return rate of all consumer debits.
- Returns come fast and are mostly the result of insufficient funds. In mid-2006, more than 98 percent of all returns occurred within five days of origination, with more than 70 percent returned due to insufficient funds. For the small minority of returns that take more than five days, authorization issues predominate.
Better benchmarks can help banks manage ACH risk
Using and customizing the type of analysis done in the Fed study has the potential to help originating banks better understand risks and therefore more efficiently deter fraud. For example, both originating banks and bank regulators could analyze the distribution of return rates and reason codes by bank peer group to gain a better sense of an individual institution's risk management practices. At the broadest level, linking returns to forward items can efficiently provide a rich array of benchmarks to help originators better monitor their ACH returns and enhance the quality of information they provide to their boards of directors. Similarly, by going beyond the average return rate concept, regulators could use the approaches adopted in the Fed study to better supervise ACH originators, or industry associations could use them to improve industry standards. In short, the sun could be setting on the days of taking false comfort from the Lake Woebegonish achievement of a below-average return rate.
By guest blogger Richard M. Todd, vice president, Community Affairs and Banking and Policy Studies at the Minneapolis Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Managing risk in the ACH network: Minneapolis Fed study uses FedACH data to identify better benchmarks:
June 14, 2010
Boston and Atlanta Feds cohost mobile payments industry roundtable meeting
It is an established fact that the United States lags Asian and African countries in embracing mobile payments technology. The question is why. To examine the reasons for the lag, the Atlanta Fed's Retail Payments Risk Forum and the Boston Fed's Consumer Payments Research Center convened a meeting on January 27 and 28 of key industry stakeholders involved in the emerging mobile payments industry. The group engaged in a cross-industry dialogue to develop a mutual understanding of industry direction and a noncompetitive strategy to address barriers to adoption of mobile payments. Ultimately, the group sought to answer this question: "If mobile payments can function effectively and efficiently in Africa and Asia, why not in developed countries like the United States?" (Portals and Rails examined the same topic in its April 5 blog, "Consumer confidence the key to U.S. mobile payments future.")
Below is a summary of the meeting's discussion.
Drivers of and barriers to adoption
The United States has been slow to adopt mobile payments technology primarily because many existing payment alternatives are available and because a variety of different entrepreneural business models and pilot rollouts are currently under way. Many new proprietary services lack uniformity, so do not encourage trust and do not attain the critical mass necessary to succeed. Furthermore, the true state of consumer demand is clouded with conflicting perceptions concerning security and the value proposition for mobile payments. Industry participants need to understand exactly what consumers want in mobile payments, whose perceived value may in turn rely on some added feature or functionality rather than just the payment itself.
The transit industry—which is moving to contactless, card-based fare payments systems—has some of this additional functionality. These systems are being modified to allow use for the purchase of nontransit goods and services at merchants' point-of-sale locations that accept the major card brands. This trend is noteworthy because it leverages the transit system’s existing network to expand the payment functionality of the transit card to an open-loop environment.
Similarly, contactless technology, also known as near field communication (NFC), is finding its way into mobile payments, where the phone, as opposed to the card, is the form factor enabled with the chip technology. However, few chip-enabled mobile devices are available on the market today. Some vendors are offering peripheral devices, such as NFC stickers that adhere to the mobile phone, until more handset makers embed the technology in the phone itself. While this strategy provides a plausible interim solution, it also has the potential to confuse the market and delay the goal of full NFC deployment and adoption.
Merchants represent a key variable in the adoption equation. Because the capital investment in contactless point-of-sale equipment is expensive, merchants may delay investment decisions necessary for contactless payments via cards or mobile devices until they are certain of widespread adoption and use. Additional incentives such as mobile coupons or loyalty reward programs may be needed to create a viable business case for NFC payments.
Industry roles and responsibilities
A number of key topics arose out of the discussion surrounding industry roles and responsibilities.
- Customer ownership: The mobile payments environment is evolving to include a wide range of players—many new to financial services—who share the customer relationship in some way. Consequently, as mobile business models emerge, complications may arise in the sharing of customer data and revenue. No one group in the mobile ecosystem totally owns the customer, although some may bear more responsibility and liability than others, depending on the business model and infrastructure. Ultimately, customer ownership may be defined by the consumer's perception of ownership and who the consumer believes has committed an error in a payments transaction. It will be important for industry stakeholders to discuss scenarios in which customer protection and privacy are at stake, and decide which party will assume responsibility in the payment chain when something goes wrong. It will also be important for stakeholders to agree on collective customer data sharing in order to optimize fraud reduction efforts.
- Security: Security is a complex issue in the context of roles and responsibilities. For example, who is responsible for provisioning security for transactions that expand across the mobile space from the phone, to the carrier, to the processor, to the bank, and finally to settlement? While strong encryption methods exist for protecting user data during transmission, complexities may arise when different parties begin to share data in order to execute a payment transaction.
- Regulatory environment: The U.S. banking industry is highly regulated and guided by well-defined standards. The telecom industry, on the other hand, has a different regulatory environment, one that is focused on nonfinancial risk issues. The establishment of a trusted service manager may ultimately serve the role of facilitator to manage and bring together different industry participants.
- Gaps in oversight: With regard to the regulatory front, gaps may emerge in oversight for the conjoined telecom and banking industries, making it important for industry participants to work with regulators to identify oversight roles and close gaps in advance of widespread deployment. In that context, the Fed is interested in ensuring the integrity of emerging payments systems without taking any action that might stifle innovation and efficiency.
The meeting concluded on the theme that industry participants should work collaboratively to develop a uniform system to provide a common user experience that is safe and secure. While competition often fosters innovation, the industry should address interoperability and common standards in a cooperative rather than competitive context. Meeting participants agreed on broad actions intended to address adoption barriers and establish a viable mobile payments infrastructure. The meeting summary is available on the Boston and Atlanta Fed websites.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum
TrackBack URL for this entry:
Listed below are links to blogs that reference Boston and Atlanta Feds cohost mobile payments industry roundtable meeting:
June 1, 2010
Mobile P2P money: Contemplating new risks while analyzing adoption potential
Cell phone ubiquity and the growth of wireless networks are helping the world's poor to transcend from informal, cash-based societies to societies with more efficient and safer payments systems. The recent success of mobile operator-led payments services in emerging markets is galvanizing market experimentation in developed countries such as the United States.
Technology ripe for advance of mobile P2P
Mobile network operators and other nonbank firms are beginning to offer mobile-enabled payments transfer services in cross-border environments, using "agents" such as the corner store to accept cash deposits and accommodate withdrawals in lieu of traditional bank branches. These money transfer services, including both domestic and cross-border person-to-person (P2P) payments, are shifting to the mobile channel, providing consumers efficient, electronic alternatives to paper-based P2P payments. However, improved carrier roaming capacity and increased transaction activity may create opportunities for money laundering abuses and other unforeseen financial crimes. As new mobile financial services such as mobile P2P gain acceptance in markets throughout the world, how will industry participants plan for new and unanticipated risks?
The potential for market adoption
According to CGAP—or the Consultative Group to Assist the Poor—more than a billion people worldwide lack access to traditional financial services, but they do have mobile phones. This ubiquity has the potential to extend even more financial services to unbanked peoples throughout the world. In fact, a 2007 survey conducted by the GSM Association found that respondents expected the number of subscribers using mobile domestic money transfers to grow more rapidly for developed markets than for developing markets. These results imply that consumers in developed markets are interested in electronic P2P payment options and would be willing to conduct them via the mobile device.
The game changer when we think about payment adoption is the ability of the cell phone to execute domestic transfers in addition to international exchanges. This expanded functionality may fulfill the needs of mainstream consumers, as well as the unbanked, by giving them a convenient, cheap, and efficient alternative to writing checks or going to an ATM for a cash withdrawal for low-value exchanges.
The risk environment
In emerging markets, the risks of money laundering, identity theft, and other fraud are very real—they are merely eclipsed by the risks inherent in informal, cash-based systems, such as theft and extortion and possibly more violent crimes. So consumers in these countries where mobile payments are successful are arguably better off today despite the new risks introduced. However, this may not be the case in the United States, where we have a vast array of secure payment alternatives in place already. If convenience ultimately leads to adoption here, as it has abroad, what risks will P2P mobile money introduce, and how will we manage them?
The risks inherent in all retail payments systems are also present in the mobile space, including money laundering, privacy and security, consumer protection, fraud, and credit and liquidity risks. However, the mobile environment adds a dimension of complexity that makes quantifying risk more difficult. Participants in the payments value chain are increasingly disintermediated and outside the traditional legacy banking environment where the regulatory and legal governances are well established. In addition, there are other risks more unique to telecom firms that financial institutions and their regulators lack experience in detecting and monitoring. Finally, the regulatory domains governing banking and telecommunications are accustomed to operating independently and autonomously from one another and may be challenged to work collaboratively.
Implications for the United States
Domestic and international mobile money transfers are gaining adoption in world markets whose participants are likely to transact with U.S. consumers as wireless carriers provide services cross-border. Today, evidence in support of U.S. consumer demand is inconclusive because of the limited availability of P2P services and limited user experience. However, prevalence in offerings may not be the appropriate benchmark for determining whether discussions on risk management and payment system integrity are important going forward, as risk exposure may not be directly correlated to the rate of adoption. In order to protect the integrity and ensure continued security of retail payments systems in the United States, all participants in the emerging mobile payments industry should engage in proactive dialogue on emerging risk issues inherent in mobile money transfers.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum
March 29, 2010
Synthesizing the mobile ecosystem: Resolving customer problems in mobile payments clearing and settlement models
The folks engaging in the early stages of the mobile payments industry have coined the term "mobile ecosystem" to describe the environment into which they are trying to merge the traditional roles of telecommunications with those of payments and banking. While some in this fledgling industry are already becoming disenchanted with the grandeur of the "ecosystem" terminology, the concept does suggest a useful model for thinking about the challenges faced in this new arena.
A few weeks ago I received a new issue of National Geographic that contained a fantastic article (and even more fantastic pictures) of the unique ecosystem of the African island nation of Madagascar. The ecosystem of this large island, located off the southeastern coast of Africa, has yielded an extraordinary collection of plants and animals that live in a tropical setting interrupted by some truly anguished geological formations. The local ecosystem is, of course, actually a collection of subsystems (plants, animals, climate, topography, etc.) that have adapted over time to work seamlessly together. For example, large families of lemurs leap fearlessly and safely among knife-sharp rock formations because their hands and feet have developed coarse, leather-like padding over thousands of years.
In the mobile ecosystem, we see a similar makeup of subsystems that must work together. The technology and operational components, while not trivial, are clearly achievable, and many are in place today. The challenges that lie ahead, however, are in the sub-ecosystems of law, regulation, data security, data privacy, customer care, and profitability. Depending on the nature of some of the mobile payment solution alternatives, the banking and the telecommunications industries find themselves wondering if they can coexist on the same island. Is there enough value to the customer to generate the revenue necessary to fund a mobile payments initiative? Who gets or shares the revenue? Who is responsible for data security and authentication, and how does that credential or certainty get passed along the mobile payment supply chain? Who resolves the customer's problem if a mistake is made? What consumer protection rights exist in case of error or fraud, and do those rights change depending on whether a traditional payments system is used to settle the transaction? Are proven models in other countries transportable, or are the characteristics of the economics and user base too different?
With respect to customer care and protection, I recently asked an audience of representatives from the full span of the mobile payment value chain, "Who owns the customer in a mobile transaction?" Gratifyingly, they agreed they all did. However, the true ownership response may ultimately depend on the nature of the transaction and agreement on who is liable if anything goes wrong. Take the case of a person-to-person payment initiated by Consumer A (Barbara Buyer) to Consumer B (Gloria Girl Scout's Mom) for payment of six boxes of Girl Scout cookies (three Thin Mints and three Trefoils). In a telephone-based clearing model, Barbara would enter the requisite $21 in the payment instruction and designate the phone number of Gloria's mom in the recipient field, and both their phone bills would be adjusted accordingly. Now suppose that Barbara was distracted by her daughter's chiding that she really wanted Samoas and carelessly entered $210. Since the payment never went through the payment system, Barbara Buyer cannot rely on traditional banking regulatory protections or problem resolution processes. She must resolve the problem with her phone provider, who has already credited Gloria's mom. Alternately, given PayPal's March 16 announcement of an iPhone app to send money to another person, PayPal's resolution procedures could be in play.
If, however, Barbara's phone company clears the transaction through a mobile service ACH backend, or Barbara pays Gloria's mom through a P2P service offered by her bank, the error resolution process is likely through normal banking customer service channels, and the adjustment process may be managed differently, assuming an adjustment process is contractually spelled out in either case. In reality, Barbara would probably get Gloria's mom to write her a check for $189 to straighten things out. While this may seem like a trivial example, it does dramatize some of the issues that must be worked out in the new ecosystem of mobile payments to make such services work effectively for the customer's benefit.
Given these difficult challenges, it seems likely that various models will initially emerge within alliance groups (one phone company, one or more application providers, a few partner banks, etc.) before they begin to converge into one or more universal market models. Along the way, one hopes that the key participants can collaborate to anticipate the types of risk issues that could arrive in the real world so that the consumer's experience turns out to be one that encourages growth. In the age of e-mailing, twittering, and facebooking, it is increasingly clear to me that mobile banking and mobile payments are in our future and that they will be a very attractive service to some key sectors of our population. However, they will be extremely slow to develop if critical mass issues such as those mentioned above are not resolved up front. In fact, this would be a good place for banks to try new, customer-friendly approaches to consumer education and disclosure that match the payment channel being used and the customer demographic.
By Rich Oliver, executive vice president, FRB Atlanta's Retail Payments Risk Forum
TrackBack URL for this entry:
Listed below are links to blogs that reference Synthesizing the mobile ecosystem: Resolving customer problems in mobile payments clearing and settlement models:
December 28, 2009
Mobile money transfers: Benign P2P or hawala money?
Informal value transfer systems (IVTS) such as traditional trade and barter have existed since the beginning of time and still serve legitimate purposes today. While informal payments may provide benefits such as improved reliability and convenience to users over formal systems, they may also create regulatory and risk management challenges. Person-to-person (P2P) payments via the mobile phone, also known as mobile money transfers (MMT), represent an innovation with the potential for use in informal channels as nonbanks, many of which are start-up firms, extend services in a cross-border enviroment.
IVTS were defined by Nikos Passas to describe "any network or mechanism that can be used to transfer funds or value from place to place either without leaving a formal paper trail of the entire transaction or without going through regulated financial institutions." One of those systems is hawala, which has its origins in classical Islamic law and is mentioned in texts of Islamic jurisprudence as early as the eighth century. Hawala drew interest from the U.S. government after 9/11 because payments are exchanged on the honor system without a paper trail. With this arrangement, it could be difficult to determine if a transfer of funds was for legitimate purposes.
In addition to hawala, Passas identified other important IVTS to include gift and money transfer services via Internet sites, Internet-based payments and transfers, and stored value cards, such as prepaid telephone cards, to name a few. IVTS systems and mechanisms range from basic and traditional exchanges to modern and sophisticated ones.
Passas' initial work predated the recent developments in the mobile payments channel and certainly came before the growth in mobile enabled P2P and the use of prepaid airtime for remittances, as described in an earlier edition of Portals and Rails. When P2P payments are conducted by mobile carriers in a bank-agnostic ecosystem, do they potentially represent a more sophisticated, modern-day informal payment system?
MMT: The fastest-growing mobile payment
P2P payments represent possibly the fastest form of financial transaction enabled by mobile phones, driven by the steady growth in remittance markets, the ubiquity of cell phones themselves, and the desirability for an electronic P2P payment alternative in developed countries like the United States. Research firm Gartner recently identified mobile money transfer as the first of the top 10 consumer mobile applications in 2012, made possible by developments in smart handsets like the iPhone. Separately, ABI research predicts that almost three times as many consumers worldwide will use mobile phones to conduct P2P payments than those who will use them to conduct mobile banking functions by the end of 2011.
Formal versus informal
GSMA (Global System Mobile Association), the alliance of mobile network operators, launched the Mobile Money Transfer Programme initiative to promote the mobile channel and formalize international remittances. With low barriers to entry, roaming capacity, and a growing unbanked market in developed countries, start-up firms may offer informal MMT services, including international and domestic P2P in cross-border markets to expand their customer reach and network opportunities. While informal payment systems can provide means for legal transactions, the lack of transparency could potentially provide bad actors the opportunity for money laundering and other financial crimes.
Nonbanks, like telecom firms and others, are rapidly entering the financial services arena, creating an uncertain regulatory environment as laws and regulations vary from country to country. Will mobile P2P innovation permit service offerings that are characterized as informal payments with the potential for misconduct? Will violators of money-laundering laws go undetected as stored-value mechanisms move from the plastic card to the mobile device? These questions will no doubt be the focus for regulators in many markets going forward as they attempt to understand both the operational and regulatory risks money transfer services have the potential to introduce.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum
November 2, 2009
Payments Spotlight Podcast: WACHA's Gilmeister discusses commercial account takeovers and other emerging risks
We invite you to listen to an interview with Mary Gilmeister, President of the Wisconsin Automated Clearinghouse Association (WACHA) and a member of the Retail Payments Risk Forum’s Advisory Group. Launched in August 2009, this is the second iteration of the Retail Payments Risk Forum’s Payments Spotlight podcast series.
In this interview, Ms. Gilmeister touches upon the following topics:
- The roles of regional payments associations like WACHA,
- thoughts on managing the emerging risk of commercial account takeovers which result in fraudulent ACH transfers,
- protecting the elderly from financial fraud,
- the role of the NACHA Risk Management Advisory Group, and
- new risk issues in the emerging payments environment.
If you have not already, we also invite you to give a listen to the first installment of Payments Spotlight, which featured a conversation with Woody Tyner, payments strategist at BB&T Bank in North Carolina.
We hope that you will not only check out this installment but also tune in on a regular basis as we feature other leading thinkers and practitioners representing a wide array of perspectives. You can listen to the Payments Spotlight podcast using any computer audio software that will play MP3 files. To subscribe to the podcast series directly, go to the Atlanta Fed podcast page, click on the "SUBSCRIBE" button next to Payments Spotlight, and follow the instructions for adding the series to your aggregator. You can also follow the series by staying tuned to Portals and Rails, where we will post information about new podcasts as they become available.
Let us know what you think!
October 26, 2009
Survey shows risk concerns slow adoption of cell phones for mobile payments
Cell phones may be everywhere, but adoption of the devices as mobile payments delivery channels by financial institutions and consumers faces an array of obstacles. These include concerns about security risk, consumer demand, and revenue according to a 2008 survey of New England depository financial institutions on mobile banking by the Federal Reserve Bank of Boston (FRBB) and the New England Automated Clearing House Association (NEACH). The results are published in a joint paper titled "Mobile Banking in New England: The Current State of the Market." The paper describes the enabling technologies, barriers, and associated risks with mobile banking services from the perspectives of the more than 300 banks and credit unions in the New England region that participated in the survey.
The state of mobile banking in the United States
Financial institutions have different value propositions for mobile banking services. Most financial institutions are absorbing the expenses associated with mobile offerings to remain competitive and retain depositors while some view it as an extension of their online banking services, including routine call center inquiries with self-service bank inquiries. Mobile banking may also appeal to unbanked consumers, particularly for remittance services.
The report noted that consumer adoption might be improved with efforts to provide better education on the benefits and risks of mobile banking and payment services. Concerns with security may be addressed by implementing multifactor authentication controls on handsets, using antivirus software, as well as imposing transaction limits, to name a few.
Perhaps the most notable conclusion presented in the report is that better collaboration between mobile participants is necessary. The entry of mobile network operators (MNOs) into the payments arena may create competition for financial institutions providing mobile payment services. Numerous conflicts exist between MNOs and financial institutions because of their starkly different business models and disagreement over customer ownership. Wide-scale adoption of mobile banking and payments going forward may depend upon the future cooperation of the telecom and banking industries to establish a sound and effective mobile banking environment.
Security risk a key barrier for mobile banking
While 43 percent of the respondents indicated that they plan to offer mobile banking services in the next three years, almost half reported no plans to offer mobile banking. The reasons for not offering mobile banking included the lack of customer demand, inadequate resources, and concerns about security.
In fact, when ranking the top three barriers to adopting mobile banking services, the survey respondents ranked security as their top concern.
Most planned services bill-pay related
For financial institutions that currently offer mobile payment services (in addition to mobile banking services) or plan to do so, the most popular response, at 87 percent, was bill payment through online banking systems. Other popular choices included sending bill payment alerts, payments at the point of sale, and online purchases through the Internet.
A fledgling market in transition
The survey concluded that much work needs to be done to encourage adoption because of the current state of customer demand, safety, and value proposition for financial institutions, especially for the smaller FIs and Credit Unions. It reports that despite media excitement about the future of mobile banking and payments, the market needs time to engage the numerous parties at the proverbial table, including the MNOs, the handset makers, and financial institutions themselves, to alleviate real and perceived barriers to adoption.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum, and Jennifer Grier, senior payments risk analyst at the Atlanta Fed
September 21, 2009
Not all payments are equal under "good funds" laws
Anyone who has participated in a real estate closing can attest that it can be a daunting experience. There are many parties with their hands out at the closing table to consummate the deal—the buyer, seller, and attorneys, to name a few. However, it can all collapse like a house of cards if the funds underlying the transaction are not collected or "good."
Ripple effects can be devestating when a lender fails to properly fund an escrow closing transaction. A notable case is the collapse of mortgage lender Abbey Financial in 1994, which resulted in hundreds of consumers over six states stranded with either unfunded mortgages or double mortgages because their first mortgage was not paid off in a loan refinancing. Many of Abbey's checks were dishonored, which left several attorneys with shortfalls in their trust accounts.
The aftermath of Abbey sent shock waves through the mortgage industry and prompted many states to enact "Good Funds" laws to ensure that the money funding a real estate purchase and refinance transaction is secure and ready for disbursement. The purpose of the law is to provide assurance to the consumer and other parties that the funds are in the proper hands before the deed or mortgage is recorded. This thereby protects the seller from conveying property to a buyer whose check is drawn on an account with insufficient funds.
What makes a payment "good"?
Typically, a closing agent will deposit all funds connected to a real estate transaction into an escrow account for disbursement at the closing. Most good funds laws stipulate the type of funds (e.g., cashier's checks, or wire transfers) that an escrow agent can accept. However, what is considered "good funds" can vary by state. In Georgia, for example, the law expressly permits certain types of checks:
A settlement agent may disburse proceeds from its escrow account after receipt of any of the following negotiable instruments even though the same are not collected funds: (1) a cashier’s check from a federally insured bank, savings bank, savings and loan association, or credit union ; (2) a check drawn on the escrow account of an attorney or real estate broker ; (3) a check issued by the United States or Georgia ; and (4) a check or checks not exceeding $5,000 in aggregate per loan closing.
Several states have taken a stricter approach in defining acceptable funds. Specifically, wire transfers are often the only funding mechanism allowed and, in some cases, are required for transactions over a certain dollar amount. Although not an exhaustive list, a general Internet search revealed that Indiana, Minnesota, Missouri, and Texas are among those states with good funds laws that limit electronic funds transfers to "wire transfers" instead of the broader "electronic payment," as defined in Regulation CC (12 CFR 220.10 (p)), which would otherwise permit funding using automated clearinghouse (ACH).
For example, the Indiana Good Funds Law defines wired funds as "good" but requires that they be "unconditionally held by and irrevocably credited to the escrow account of the closing agent." Only funds transferred through Fedwire or CHIPS are immediate, final, and irrevocable. Consequently, it appears that Indiana’s law excludes electronic fund transfers through ACH since consumer Regulation E rights with regard to unauthorized ACH credits may create some risk that ACH funding of a real estate transaction could be reversed long after the closing.
Secure funds important in uncertain times
The current housing crisis has undoubtedly caused some anxiety for all parties in a real estate transaction about the risk of a deal falling through. Numerous bank failures and increased real estate fraud have further complicated the process. Although there are differences by state, the good funds laws help to mitigate some of the risks by helping to ensure that the funding of real estate transactions is reliable.
By Jennifer Grier, senior payments risk analyst at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Not all payments are equal under "good funds" laws:
- Making the Choice to Use Cash
- We Are Thankful For...
- Will Payments Be Getting REAL?
- Financial Solutions for the Younger Generation
- Encouraging Password Hygiene
- Should We Throw in the Towel When It Comes to Data Breach Prevention?
- Looking for Partners in Safer Payments
- The Range of Un-Friendly Fraud
- Payments Webinar October 10: Cash in the 21st Century
- "Insuring" Ransomware Will Continue to Flourish
- December 2019
- November 2019
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- account takeovers
- ATM fraud
- bank supervision
- banking regulations
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- credit cards
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- financial technology
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- online retail
- Payment Services Directive
- payments fraud
- payments innovation
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- skills gap
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workforce development
- workplace fraud