Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
July 19, 2010
Soccer balls and payment cards: A push for global standards
I am generally not a soccer fan but over the past few weeks I found myself curiously engaged in that nationalistic spectacle called the World Cup. Despite my general disinterest in low-scoring games and Oscar-quality performances by slightly injured players, I got caught up in the intensity of play and extraordinary skill levels displayed by these world class athletes. Then one day a debate erupted regarding standards. Apparently, soccer balls are not standardized and the one being used seemed hard and "skitterish." How bizarre!
Of course, my thoughts immediately turned to a more consequential global-standards issue taking place in the payments card world—the debate about the United States' reliance on the magnetic-stripe card standard as opposed to the chip-and-pin standard being adopted throughout the world, including in neighboring Canada.
Chip-and-pin technology has been deployed in Europe over the last decade as a means of reducing fraud by using the enhanced capabilities of a computer chip embedded in the plastic card to store and manage customer authentication data. Its success has been widely documented in recent fraud studies. This standard has been implemented using a specification called EMV, an acronym of Eurocard, MasterCard, and VISA, the original founders of the standard. In fact, EMV is now a corporation whose ownership has been expanded to include JCB (a Japanese card company) and American Express. So, what's the big deal? We survived the soccer ball dispute, so can't we survive the fact that the United States is not on board with the emerging global payments card standard? The answer may be a resounding "No!"
Various reports from payments research firms such as AITE have suggested that as many as 10 million U.S. travelers experienced difficulties with incompatible card technologies when traveling abroad during the past year. I learned some time ago that the least expensive and most secure way to acquire cash overseas is from an ATM machine. I now foresee a time when I will have to ask a European hotel concierge for the location of an American ATM (one capable of reading mag stripes), only to find out the nearest one is two miles away.
So why doesn't the United States adopt the emerging global standard? While there are many technological and political issues in play, the bottom line is that the overall cost of deployment to the U.S. payments system as a whole, and to merchants specifically, is a staggering number made even more daunting by the current state of the economy and available investment dollars. The Smartcard Alliance estimates that as many as six million merchant terminal devices may need to be replaced or upgraded to embrace chip-and-pin technology, with the bulk of the cost falling on the shoulders of merchants. Consequently, we are left to assume that we are likely to have to travel a long and winding road to migrate to the emerging global standard.
This observation is not in itself calamitous since past roads to worldwide standards are littered with the relics of failure (remember the push to implement the metric system?), but the stakes here are considerably higher in two important ways. First, we may become the only substantial economic power dependent on a payments standard that is less secure than that of the rest of the world. That means that criminals, intent on profiting from card fraud, will continue to migrate to the United States in growing numbers. The second issue is that chip-and-pin technology is a critical element in progressing toward an even more secure and visionary goal—the deployment of mobile phone-based payments capabilities using a chip embedded in the phone. Industry conference agendas are crowded with sessions describing the way a smartphone can be waved near or tapped against a merchant terminal device using radio wave-based near-field communications (NFC) technology to capture the customer's payment credentials. Chips embedded in the phone, coupled with applications loaded on the phone from card-issuing banks, will create the effect of a "mobile wallet" that promises to be more convenient and, yes, more secure than what we use today.
So what should we do about this mess of the United States being out of step with respect to payments card technology? I would suggest that this issue could eventually reach the public policy level. Perhaps it is time for policymakers to consider whether migrating to an increasingly adopted world standard is in our best national interest. After all, we just mandated a move to digital television. While this change facilitated my ability to watch the World Cup in high definition, it cannot possibly be of the same importance as this brewing card issue. If we want to mitigate the possibility of the United States being a center of card fraud and enable our consumers and business folks to travel abroad more easily, it may be time to charge someone in government with developing a well-thought-out, participatory, multi-year plan to move this country to the emerging global payments card standard.
By Rich Oliver, executive vice president, FRB Atlanta's Retail Payments Risk Forum
TrackBack URL for this entry:
Listed below are links to blogs that reference Soccer balls and payment cards: A push for global standards:
June 14, 2010
Boston and Atlanta Feds cohost mobile payments industry roundtable meeting
It is an established fact that the United States lags Asian and African countries in embracing mobile payments technology. The question is why. To examine the reasons for the lag, the Atlanta Fed's Retail Payments Risk Forum and the Boston Fed's Consumer Payments Research Center convened a meeting on January 27 and 28 of key industry stakeholders involved in the emerging mobile payments industry. The group engaged in a cross-industry dialogue to develop a mutual understanding of industry direction and a noncompetitive strategy to address barriers to adoption of mobile payments. Ultimately, the group sought to answer this question: "If mobile payments can function effectively and efficiently in Africa and Asia, why not in developed countries like the United States?" (Portals and Rails examined the same topic in its April 5 blog, "Consumer confidence the key to U.S. mobile payments future.")
Below is a summary of the meeting's discussion.
Drivers of and barriers to adoption
The United States has been slow to adopt mobile payments technology primarily because many existing payment alternatives are available and because a variety of different entrepreneural business models and pilot rollouts are currently under way. Many new proprietary services lack uniformity, so do not encourage trust and do not attain the critical mass necessary to succeed. Furthermore, the true state of consumer demand is clouded with conflicting perceptions concerning security and the value proposition for mobile payments. Industry participants need to understand exactly what consumers want in mobile payments, whose perceived value may in turn rely on some added feature or functionality rather than just the payment itself.
The transit industry—which is moving to contactless, card-based fare payments systems—has some of this additional functionality. These systems are being modified to allow use for the purchase of nontransit goods and services at merchants' point-of-sale locations that accept the major card brands. This trend is noteworthy because it leverages the transit system’s existing network to expand the payment functionality of the transit card to an open-loop environment.
Similarly, contactless technology, also known as near field communication (NFC), is finding its way into mobile payments, where the phone, as opposed to the card, is the form factor enabled with the chip technology. However, few chip-enabled mobile devices are available on the market today. Some vendors are offering peripheral devices, such as NFC stickers that adhere to the mobile phone, until more handset makers embed the technology in the phone itself. While this strategy provides a plausible interim solution, it also has the potential to confuse the market and delay the goal of full NFC deployment and adoption.
Merchants represent a key variable in the adoption equation. Because the capital investment in contactless point-of-sale equipment is expensive, merchants may delay investment decisions necessary for contactless payments via cards or mobile devices until they are certain of widespread adoption and use. Additional incentives such as mobile coupons or loyalty reward programs may be needed to create a viable business case for NFC payments.
Industry roles and responsibilities
A number of key topics arose out of the discussion surrounding industry roles and responsibilities.
- Customer ownership: The mobile payments environment is evolving to include a wide range of players—many new to financial services—who share the customer relationship in some way. Consequently, as mobile business models emerge, complications may arise in the sharing of customer data and revenue. No one group in the mobile ecosystem totally owns the customer, although some may bear more responsibility and liability than others, depending on the business model and infrastructure. Ultimately, customer ownership may be defined by the consumer's perception of ownership and who the consumer believes has committed an error in a payments transaction. It will be important for industry stakeholders to discuss scenarios in which customer protection and privacy are at stake, and decide which party will assume responsibility in the payment chain when something goes wrong. It will also be important for stakeholders to agree on collective customer data sharing in order to optimize fraud reduction efforts.
- Security: Security is a complex issue in the context of roles and responsibilities. For example, who is responsible for provisioning security for transactions that expand across the mobile space from the phone, to the carrier, to the processor, to the bank, and finally to settlement? While strong encryption methods exist for protecting user data during transmission, complexities may arise when different parties begin to share data in order to execute a payment transaction.
- Regulatory environment: The U.S. banking industry is highly regulated and guided by well-defined standards. The telecom industry, on the other hand, has a different regulatory environment, one that is focused on nonfinancial risk issues. The establishment of a trusted service manager may ultimately serve the role of facilitator to manage and bring together different industry participants.
- Gaps in oversight: With regard to the regulatory front, gaps may emerge in oversight for the conjoined telecom and banking industries, making it important for industry participants to work with regulators to identify oversight roles and close gaps in advance of widespread deployment. In that context, the Fed is interested in ensuring the integrity of emerging payments systems without taking any action that might stifle innovation and efficiency.
The meeting concluded on the theme that industry participants should work collaboratively to develop a uniform system to provide a common user experience that is safe and secure. While competition often fosters innovation, the industry should address interoperability and common standards in a cooperative rather than competitive context. Meeting participants agreed on broad actions intended to address adoption barriers and establish a viable mobile payments infrastructure. The meeting summary is available on the Boston and Atlanta Fed websites.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum
TrackBack URL for this entry:
Listed below are links to blogs that reference Boston and Atlanta Feds cohost mobile payments industry roundtable meeting:
June 1, 2010
Mobile P2P money: Contemplating new risks while analyzing adoption potential
Cell phone ubiquity and the growth of wireless networks are helping the world's poor to transcend from informal, cash-based societies to societies with more efficient and safer payments systems. The recent success of mobile operator-led payments services in emerging markets is galvanizing market experimentation in developed countries such as the United States.
Technology ripe for advance of mobile P2P
Mobile network operators and other nonbank firms are beginning to offer mobile-enabled payments transfer services in cross-border environments, using "agents" such as the corner store to accept cash deposits and accommodate withdrawals in lieu of traditional bank branches. These money transfer services, including both domestic and cross-border person-to-person (P2P) payments, are shifting to the mobile channel, providing consumers efficient, electronic alternatives to paper-based P2P payments. However, improved carrier roaming capacity and increased transaction activity may create opportunities for money laundering abuses and other unforeseen financial crimes. As new mobile financial services such as mobile P2P gain acceptance in markets throughout the world, how will industry participants plan for new and unanticipated risks?
The potential for market adoption
According to CGAP—or the Consultative Group to Assist the Poor—more than a billion people worldwide lack access to traditional financial services, but they do have mobile phones. This ubiquity has the potential to extend even more financial services to unbanked peoples throughout the world. In fact, a 2007 survey conducted by the GSM Association found that respondents expected the number of subscribers using mobile domestic money transfers to grow more rapidly for developed markets than for developing markets. These results imply that consumers in developed markets are interested in electronic P2P payment options and would be willing to conduct them via the mobile device.
The game changer when we think about payment adoption is the ability of the cell phone to execute domestic transfers in addition to international exchanges. This expanded functionality may fulfill the needs of mainstream consumers, as well as the unbanked, by giving them a convenient, cheap, and efficient alternative to writing checks or going to an ATM for a cash withdrawal for low-value exchanges.
The risk environment
In emerging markets, the risks of money laundering, identity theft, and other fraud are very real—they are merely eclipsed by the risks inherent in informal, cash-based systems, such as theft and extortion and possibly more violent crimes. So consumers in these countries where mobile payments are successful are arguably better off today despite the new risks introduced. However, this may not be the case in the United States, where we have a vast array of secure payment alternatives in place already. If convenience ultimately leads to adoption here, as it has abroad, what risks will P2P mobile money introduce, and how will we manage them?
The risks inherent in all retail payments systems are also present in the mobile space, including money laundering, privacy and security, consumer protection, fraud, and credit and liquidity risks. However, the mobile environment adds a dimension of complexity that makes quantifying risk more difficult. Participants in the payments value chain are increasingly disintermediated and outside the traditional legacy banking environment where the regulatory and legal governances are well established. In addition, there are other risks more unique to telecom firms that financial institutions and their regulators lack experience in detecting and monitoring. Finally, the regulatory domains governing banking and telecommunications are accustomed to operating independently and autonomously from one another and may be challenged to work collaboratively.
Implications for the United States
Domestic and international mobile money transfers are gaining adoption in world markets whose participants are likely to transact with U.S. consumers as wireless carriers provide services cross-border. Today, evidence in support of U.S. consumer demand is inconclusive because of the limited availability of P2P services and limited user experience. However, prevalence in offerings may not be the appropriate benchmark for determining whether discussions on risk management and payment system integrity are important going forward, as risk exposure may not be directly correlated to the rate of adoption. In order to protect the integrity and ensure continued security of retail payments systems in the United States, all participants in the emerging mobile payments industry should engage in proactive dialogue on emerging risk issues inherent in mobile money transfers.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum
February 16, 2010
Haitian crisis: Are mobile payment discussions an unexpected consequence?
The earthquake in Haiti caused massive destruction that ultimately leveled the capital city of Port-au-Prince and resulted in the deaths of thousands of people. As charitable assistance has poured in from around the world, an unexpected revelation has come to light with respect to the potential for mobile phone–enabled payments. Within a matter of days, wireless network operaters facilitated millions of dollars in donations, demonstrating how quickly people all over the world could assemble to adopt a single payment method for a specific purpose. Through the use of text messaging, or SMS (short message service), via the mobile phone, consumers could send payments to a variety of charitable organizations providing aid to Haiti.
Convenience of text messaging can drive adoption
I heard someone say recently that "convenience is like a drug for consumers." This convenience is possibly why texting is outpacing e-mail messaging as a mainstream form of communication—the ubiquity of mobile phones makes texting increasingly easier, cheaper, more convenient, and perhaps a natural vehicle for sending payment instructions. According to research released by Nielsen Mobile, the typical U.S. consumer sends and receives more SMS text messages than telephone calls. Mobile SMS is already widely used in developing countries to facilitate mobile money transfers for domestic person-to-person payments and cross-border remittances.
What if something goes wrong?
In many developing countries, mobile money transfer payments are transmitted via SMS without a bank partner to facilitate clearing and settlement. As described in an earlier post, Safaricom's M-pesa service provides mobile phone–enabled payments through text message instructions, with cash-out needs accommodated by agents, typically a village store or wireless retailer. But many of the payments are peer-to-peer in nature and funded by topping up the consumer's mobile phone bill. In the Haiti example, customers also could fund the payment by adding the value of the donation to their phone bills or by debiting a bank account.
Of course, the legal and regulatory environments in the United States differ markedly from developing markets like Kenya, where the M-pesa mobile payments service has grown so rapidly. The risk environments also differ significantly. In Kenya, a consumer faces less risk of loss in a mobile-enabled payment environment than the cash-based system that prevailed only a few years ago. U.S. consumers have many choices in payments and enjoy legal protections if service providers fail to consummate the payment transaction.
So what happens if the $20 donation instruction you sent to Haiti appears as a $200 or even a $2,000 charge on your bill? What if there is a disagreement about the error between you and your wireless carrier? What else could go wrong?
Protection for consumers
One of the growing challenges created by payment innovations is the creation of new laws and rule sets, which provide different protections depending on the payment type. This challenge is further complicated as payments converge and assume different formats along the supply chain. For example, a payment initiated via a credit card on a mobile device is subject to error resolution procedures and consumer protection standards established by the card networks. Similarly, Regulation E covers electronic transactions initiated from a bank deposit account. But if you disagree with a charge to your phone bill for a payment, it is questionable whether the error resolution provisions of Regulation E would even apply. As telecom firms become more important participants in retail payments, what laws and rule sets can consumers look to for protection when things go awry?
Of course, these issues are highly hypothetical but also very possible. Telecom firms and mobile payment service providers are filling new roles in mobile payments, forcing business models that we know today into a new paradigm. Perhaps the crisis in Haiti will serve as a catalyst for proactive thinking on risk issues so that all industry participants can work together to build a safe and trusted mobile sector of commerce.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum
TrackBack URL for this entry:
Listed below are links to blogs that reference Haitian crisis: Are mobile payment discussions an unexpected consequence?:
December 28, 2009
Mobile money transfers: Benign P2P or hawala money?
Informal value transfer systems (IVTS) such as traditional trade and barter have existed since the beginning of time and still serve legitimate purposes today. While informal payments may provide benefits such as improved reliability and convenience to users over formal systems, they may also create regulatory and risk management challenges. Person-to-person (P2P) payments via the mobile phone, also known as mobile money transfers (MMT), represent an innovation with the potential for use in informal channels as nonbanks, many of which are start-up firms, extend services in a cross-border enviroment.
IVTS were defined by Nikos Passas to describe "any network or mechanism that can be used to transfer funds or value from place to place either without leaving a formal paper trail of the entire transaction or without going through regulated financial institutions." One of those systems is hawala, which has its origins in classical Islamic law and is mentioned in texts of Islamic jurisprudence as early as the eighth century. Hawala drew interest from the U.S. government after 9/11 because payments are exchanged on the honor system without a paper trail. With this arrangement, it could be difficult to determine if a transfer of funds was for legitimate purposes.
In addition to hawala, Passas identified other important IVTS to include gift and money transfer services via Internet sites, Internet-based payments and transfers, and stored value cards, such as prepaid telephone cards, to name a few. IVTS systems and mechanisms range from basic and traditional exchanges to modern and sophisticated ones.
Passas' initial work predated the recent developments in the mobile payments channel and certainly came before the growth in mobile enabled P2P and the use of prepaid airtime for remittances, as described in an earlier edition of Portals and Rails. When P2P payments are conducted by mobile carriers in a bank-agnostic ecosystem, do they potentially represent a more sophisticated, modern-day informal payment system?
MMT: The fastest-growing mobile payment
P2P payments represent possibly the fastest form of financial transaction enabled by mobile phones, driven by the steady growth in remittance markets, the ubiquity of cell phones themselves, and the desirability for an electronic P2P payment alternative in developed countries like the United States. Research firm Gartner recently identified mobile money transfer as the first of the top 10 consumer mobile applications in 2012, made possible by developments in smart handsets like the iPhone. Separately, ABI research predicts that almost three times as many consumers worldwide will use mobile phones to conduct P2P payments than those who will use them to conduct mobile banking functions by the end of 2011.
Formal versus informal
GSMA (Global System Mobile Association), the alliance of mobile network operators, launched the Mobile Money Transfer Programme initiative to promote the mobile channel and formalize international remittances. With low barriers to entry, roaming capacity, and a growing unbanked market in developed countries, start-up firms may offer informal MMT services, including international and domestic P2P in cross-border markets to expand their customer reach and network opportunities. While informal payment systems can provide means for legal transactions, the lack of transparency could potentially provide bad actors the opportunity for money laundering and other financial crimes.
Nonbanks, like telecom firms and others, are rapidly entering the financial services arena, creating an uncertain regulatory environment as laws and regulations vary from country to country. Will mobile P2P innovation permit service offerings that are characterized as informal payments with the potential for misconduct? Will violators of money-laundering laws go undetected as stored-value mechanisms move from the plastic card to the mobile device? These questions will no doubt be the focus for regulators in many markets going forward as they attempt to understand both the operational and regulatory risks money transfer services have the potential to introduce.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum
October 5, 2009
Mobile top-up for international remittances: New opportunities and new risks
The growth in the mobile telecommunication industry worldwide is driving the ubiquity of handsets, which in turn is expanding the reach of financial services across wireless networks in less developed countries.
Adding air-time value (industry parlance known as "mobile top-up") to a mobile phone represents a new method that some mobile network operators (MNOs) are using to provide payment services, particularly in emerging countries where financial services are scarce. One example is Safaricom's M-Pesa, offered in Kenya and Tanzania. This service uses money agents, often small village stores, to sell additional air time on mobile phones. This air time can then be used for nontelecom purchases of goods and services, or sent via text message (SMS) as a person-to-person (P2P) payment transfer, allowing the recipient to use the prepaid value.
A recent case study found improved financial access in years following the 2007 launch of M-Pesa. The availability of mobile payment services lessened the population's reliance upon more risky hand-to-hand transfers and has been widely reported as a positive development for these emerging economies. Initiatives such as the Mobile Money for the Unbanked (MMU) program supported in part by the Bill and Melinda Gates Foundation, are contributing to the expanded use of mobile financial services in emerging markets.
Mobile top-up is also emerging as a means for international remittances by allowing users in one country, such as the United States, to purchase mobile air time for users in other countries, thereby "topping-up" the recipient's account in the local currency. For example, Western Union recently announced a service to provide mobile top-up remittances within the United States for users of phones issued by LIME in the Caribbean. Because many international telecom operators have roaming agreements that span geographic borders, mobile top-up remittances can be far-reaching, with the recipient using the prepaid value on the mobile phone to purchase goods and services in the home country.
While these innovations have been shown to have positive impacts in terms of access to financial services in emerging markets and may offer a number of other efficiency benefits, they also alter the risk profile for service providers and those who monitor payments for criminal activity. Depending upon the business model and parties involved, regulatory and law enforcement agencies will have new issues to consider in terms of anti-money laundering and monitoring international payment flows under existing laws. These developments in the mobile top-up market deserve continued attention to ensure that effective policing of payment flows can ride alongside the positive developments in the emergence of a new means for movement of money internationally.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum at the Atlanta Fed
- In Payments, What I Say May Not Match What I Do
- Organizational Muscle Memory and the Right of Boom
- Remote Card Fraud: A Growing Concern
- Three Views of Noncash Payments Fraud
- An Ounce of Prevention
- Safeguarding Things When They’re All Connected
- Racing Ahead in the Wireless Space
- Insuring against Business Email Compromise Fraud
- The Case of the Disappearing ATM
- The First Step in Risk Management
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- February 2018
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- online retail
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud