Please enable JavaScript to view the comments powered by Disqus.

About


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Comment Standards:
Comments are moderated and will not appear until the moderator has approved them.

Please submit appropriate comments. Inappropriate comments include content that is abusive, harassing, or threatening; obscene, vulgar, or profane; an attack of a personal nature; or overtly political.

In addition, no off-topic remarks or spam is permitted.

June 10, 2019

in-2011-the-world-health-organization-designated-june-15-as-world-elder-abuse-awareness-day-so-each-year-a-number-of-org

In 2011, the World Health Organization designated June 15 as World Elder Abuse Awareness Day. So each year, a number of organizations supporting the elderly run educational campaigns throughout the month of June aimed at increasing awareness of elder abuse. This crime has a number of different forms: physical, emotional, or sexual abuse, neglect and abandonment, and financial exploitation.

We covered the growing impact of elder financial abuse in terms of numbers in a post last August. That growth is being driven by a double whammy: the surge in the senior population and the proliferation of available exploitation attack channels, thanks to the internet. Because none of this is likely to slow down for some time, education is critical. As the Retail Payments Risk Forum has stressed before, education is an important element in curbing fraud, and this area is no exception.

Here are some of the more common financial scams targeting the elderly:

  • Charity: The victim receives a request, usually over the telephone or in a public place, for donations for natural disaster relief or other good causes, but the funds are not used for such purposes.
  • Sweepstakes/lottery: The victim receives a letter, email, or telephone call with the news that they have won a lottery or cash sweepstakes—but they have to pay a tax or administrative fee in advance.
  • Home repairs: Someone tells the victim that some aspect of their property needs repair—for example, the driveway, roof shingles, or gutters—and it can be done inexpensively since there is a "crew already in the area." The victim must pay by cash or check in advance, but the crew never appears to do the work.
  • Romance: The fraudster, often posing under a false identity, makes romantic overtures and eventually asks the victim to send money so he or she can travel to meet them.
  • Tax: The victim receives a phone call from the fraudster claiming to be an IRS agent pursuing back taxes and unless the victim sends funds immediately, they will be subject to arrest. A variant of this scam involves the perpetrator posing as a police officer pursuing unpaid traffic tickets or other infractions.
  • Virus: A "technical support" company calls the victim, claiming that a virus has infected the victim’s computer. For the payment of a "modest fee," the company can download software that can kill the virus and protect the computer against future attacks. Often, the software downloaded actually contains some form of malware that may allow the criminal to compromise the banking credentials of the victim.
  • Other advance fee fraud: The fraudster requests money to help a relative in jail or stranded on the roadside. The situations are completely false but might contain some element of truth as the scammer may have found information on social media providing a name or that the named individual is out of town.
  • Identity theft: The criminal communicates with the victim through social media, telephone, or email to obtain bank account or other information allowing them to attempt a wide variety of fraudulent activities including credit applications, unauthorized account transactions, and more.
  • Investments: The victim is convinced to purchase an annuity or some other investment with a supposed lucrative payback.

Sadly, most elder financial abuse is committed by family or other people who are trusted with care of the elderly, which makes the crime more difficult to detect. Such abuses range from the transfer of property or securities to the theft of liquid assets through check writing or ATM withdrawals.

While researching this issue, I was heartened to learn that various organizations are developing or improving software products to help spot potential financial exploitation or to provide training materials. The American Association of Retired Persons recently launched a pilot program for financial institutions called BankSafe. It is a free online training program with educational material presented in different formats, including video games, distributed by the Independent Community Bankers of America and the Credit Union National Association, and, directly, by some financial institutions. In addition, a recent Dow Jones Institutional News article highlighted some fintech products designed to alert trustees of unusual or suspicious activity.

If you know of any valuable programs or organizational efforts to increase awareness of elder financial abuse, please let us know.

Photo of David LottBy David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

May 31, 2019

reverse-atms-is-a-term-i-learned-from-reading-my-colleague-oz-shys-new-working-paper-cashless-stores-and-cash-users

"Reverse ATMs" is a term I learned from reading my colleague Oz Shy's new working paper, "Cashless Stores and Cash Users." At venues that don't accept cash at the register, the patron puts cash into the reverse ATM and a loaded prepaid card comes out. Mercedes-Benz Stadium in Atlanta, for example, is one of the latest venues to adopt this practice.

Speaking of "reverse," I'm sure you know that some states and municipalities are seeking to reverse what may—or may not—be a trend toward brick-and-mortar retailers not accepting cash. Refusing to accept cash has been illegal in Massachusetts, where I live, since 1978. More recent developments:

  • Philadelphia will ban cashless stores beginning in July.
  • In March, New Jersey outlawed cashless restaurants and stores.
  • In May, the San Francisco Board of Supervisors voted to require brick-and-mortar businesses to accept cash.
  • Also in May, Representative David Cicilline (D-RI) introduced the Cash Buyer Discrimination Act, which would require businesses all across the United States to accept cash.

These and other proposed laws are predicated on the idea that people without access to payment cards or digital payments are harmed when they cannot make purchases using their payment instrument of choice: cash. Oz's paper adds to the conversation by examining the choices consumers make at the point of sale, depending on their access to different ways to pay.

Using data from the 2017 Diary of Consumer Payment Choice, Oz found that consumers who own different mixes of payment instruments use cash with different intensity to make in-person purchases:

  • Diary respondents who own neither a credit card nor a nonprepaid debit card made almost 9 in 10 of their in-person payments with cash, on average. The median share of cash purchases was 100 percent.
  • Diary respondents who own at least one credit card and one nonprepaid debit card make about one-third of their in-person payments with cash, on average. The median share was 20 percent.

Oz goes on to calculate the cost to the cash payers who do not have credit or nonprepaid debit cards of switching from cash to a prepaid card. He finds that, all things being equal, for some consumers, using cash would have to cost twice as much as using a prepaid card for the cash users to be indifferent to switching. Oz's conclusion: "A complete transition to cashless stores imposes a measureable burden on consumers who do not have credit or [nonprepaid] debit cards." For perspective, 8.5 percent of respondents with household income below the U.S. median ($61,000) did not have a credit card or nonprepaid debit card in 2017, according to the diary.

As this research shows, cash is important to some consumers. The cashless society could be on a collision course with reality.

May 13, 2019

What Can We Learn about Fraud from the United Kingdom?

In many of my discussions around emerging payments, two topics generally always come up: contactless and real-time payments. And given my interest in payments fraud, the discussion usually steers into two questions: Will contactless payments result in increased card fraud? And do faster payments mean faster fraud? While only time and data will ultimately reveal those answers, we can look to the UK Finance's Fraud the Facts 2019 report  for some insight into those questions since the United Kingdom is further along on their contactless and real-time payments journeys than we are.

In the United Kingdom, in-person contactless payments have not led to an increase in card fraud losses. Contactless POS payments, through either a mobile device or a card, represented 36 percent of all card transactions in 2018, yet they accounted for less than 3 percent of overall card fraud losses (and just under 28 percent of the face-to-face fraud losses). The fraud rate on contactless transactions has remained steady and low for three consecutive years at 2.7 basis points, or 2.7 pence (£0.027) for every £100 spent. This compares very favorably to the overall card fraud rate of 8.4 basis points, or 8.4 pence (£0.084) for every £100 spent. Fraud for contactless transactions has been mitigated in the United Kingdom through the establishment of floor limits above which a PIN is required, the requirement of PIN verification after a cumulative spend threshold is reached, and the implementation of a security feature that randomly requires cardholders to input a PIN during a transaction to prove that the cardholder is in fact in possession of the card.

The fraud situation for faster payments in the United Kingdom is not quite as rosy as that of contactless payments. Since 2017, UK Finance began reporting on authorized push payment (APP) fraud. In this type of fraud, which includes email account compromise, a victim is tricked into sending money from their bank account to a fraudster's account. In 2018, APP fraud represented 30 percent of the total reported fraud losses. And of the APP fraud, faster payments was used in 93 percent of the fraudulent transactions and 71 percent of the fraudulent value.

I can't claim that faster payments is driving APP fraud or leading to "faster fraud," but it is rather obvious that faster payments is the preferred payment method of fraudsters conducting APP fraud. This should be an alarm for the payments industry in the United States as we continue on our faster payments journey. To mitigate APP fraud with faster payments in the United Kingdom, the industry is working to implement a new-account name-checking service that Pay.UK has introduced. Confirmation of Payee checks the name associated with a routing and account number. This service is not a perfect solution—it won't help if the fraudster uses or opens an account under the name of the actual intended recipient. But it definitely will prevent fraud losses in cases where the account information does not match the name of the intended recipient, which is currently more often the case than not.

So as we continue moving toward contactless and faster payments in the United States, I think we can learn from those across the pond about the need for controls to mitigate fraud in these emerging payments. Floor limits for PINless transactions and velocity controls are part of the U.S. contactless payments experience, but what about faster payments? Does a name-checking service like the one being implemented in the United Kingdom make sense? What controls should be implemented to help prevent fraudsters from using faster payments to commit APP-related frauds, especially email account compromise?

November 24, 2014

What’s Unsettled in Faster Payments?

When I started at the Federal Reserve Bank 27 years ago, the phrase "faster payments" was rarely spoken. Indeed, if people talking of payments were musing on speed (or the lack thereof), two things were a safe bet: first, the conversation was likely among bankers and, second, the talk revolved around check float and the tools for reducing it—check sort patterns, airplanes, or optimized ground routes. Those tools are not part of today's "faster payments" conversations, and the universe of discussants is much broader; it's not just bankers anymore.

Payments essentially comprise two components. The first is messaging—the instruction that delineates who is to be paid, by whom, and in what amount. The second component is settlement. Settlement is the event that finishes a payment. It is also commonly the slowest aspect within any given payment scheme. Settlement is the actual transfer of funds, the account adjustments directed by the messaging components.

For many payments, settlement takes much longer than appears to be the case, particularly from the perspective of the end user. For example, in a typical payment card transaction between a consumer and a retailer, once the card is swiped and "approved," the consumer is considered to have paid and can generally leave with the goods. But the merchant has received only the promise of payment. Settlement between card issuers and acquiring banks must occur before the merchant is paid. This can take more than a day and illustrates one issue with settlement lags: consequential strains on liquidity that merchants experience when they need to replace goods but may not have received payment to fund the resupply.

So will a faster payment solution resolve the liquidity issues currently experienced in many of the extant payment schemes? At this point, the answer is not a simple one. In town hall-style meetings and other updates, Fed speakers have noted that "real-time settlement is not required for real-time availability." This suggests that at least at the outset, a faster payments scheme here may not include immediate settlement. And if settlement does not occur simultaneously with messaging, certain parties in the transaction remain exposed to liquidity as well as other settlement risks. This doesn't mean that a new scheme will be plagued with settlement risk. The UK has successfully offered real-time clearing and availability without real-time settlement. However, other countries have built real-time settlement into their new systems because it does indeed reduce systemic risk. If a new system here is to be built from scratch, it seems important to probe fully the range of design issues and options and consider solving all of the longstanding payment risks that can be feasibly solved.

By Julius Weyman, vice president, Retail Payments Risk Forum at the Atlanta Fed