Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Comments are moderated and will not appear until the moderator has approved them.
Please submit appropriate comments. Inappropriate comments include content that is abusive, harassing, or threatening; obscene, vulgar, or profane; an attack of a personal nature; or overtly political.
In addition, no off-topic remarks or spam is permitted.
Federal Reserve Web Sites
Other Bank Regulatory Sites
September 10, 2018
The Case of the Disappearing ATM
The longtime distribution goal of a major soft drink company is to have their product "within an arm's reach of desire." This goal might also be applied to ATMs—the United States has one of the highest concentration of ATMs per adult. In a recent post, I highlighted some of the findings from an ATM locational study conducted by a team of economics professors from the University of North Florida. Among their findings, for example, was that of the approximately 470,000 ATMs and cash dispensers in the United States, about 59 percent have been placed and are operated by independent entrepreneurs. Further, these independently owned ATMs "tend to be located in areas with less population, lower population density, lower median and average income (household and disposable), lower labor force participation rate, less college-educated population, higher unemployment rate, and lower home values."
This finding directly relates to the issue of financial inclusion, an issue that is a concern of the Federal Reserve's. A 2016 study by Accenture pointed "to the ATM as one of the most important channels, which can be leveraged for the provision of basic financial services to the underserved." I think most would agree that the majority of the unbanked and underbanked population is likely to reside in the demographic areas described above. One could conclude that the independent ATM operators are fulfilling a demand of people in these areas for access to cash, their primary method of payment.
Unfortunately for these communities, a number of independent operators are having to shut down and remove their ATMs because their banking relationships are being terminated. These closures started in late 2014, but a larger wave of account closures has been occurring over the last several months. In many cases, the operators are given no reason for the sudden termination. Some operators believe their settlement bank views them as a high-risk business related to money laundering, since the primary product of the ATM is cash. Financial institutions may incorrectly group these operators with money service businesses (MSB), even though state regulators do not consider them to be MSBs. Earlier this year, the U.S. House Financial Services Subcommittee on Financial Institutions and Consumer Credit held a hearing over concerns that this de-risking could be blocking consumers' (and small businesses') access to financial products and services. You can watch the hearing on video (the hearing actually begins at 16:40).
While a financial institution should certainly monitor its customer accounts to ensure compliance with its risk tolerance and compliance policies, we have to ask if the independent ATM operators are being painted with a risk brush that is too broad. The reality is that it is extremely difficult for an ATM operator to funnel "dirty money" through an ATM. First, to gain access to the various ATM networks, the operator has to be sponsored by a financial institution (FI). In the sponsorship process, the FI rigorously reviews the operator's financial stability and other business operations as well as compliance with BSA/AML because the FI sponsor is ultimately responsible for any network violations. Second, the networks handling the transaction are completely independent from the ATM owners. They produce financial reports that show the amount of funds that an ATM dispenses in any given period and generate the settlement transactions. These networks maintain controls that clearly document the funds flowing through the ATM, and a review of the settlement account activity would quickly identify any suspicious activity.
The industry groups representing the independent ATM operators appear to have gained a sympathetic ear from legislators and, to some degree, regulators. But the sympathy hasn't extended to those financial institutions that are accelerating account closures in some areas. We will continue to monitor this issue and report any major developments. Please let us know your thoughts.
By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
July 29, 2013
Suspicious Activity Reports: What the Numbers Show
Initially intended to help law enforcement identify individuals and organizations involved in money laundering and terrorist financing, Suspicious Activity Report (SAR) filings are also used to help detect activities related to consumer fraud and identity theft. Depository institutions (DIs) and money services businesses (MSBs) together file about 98 percent of all SARs submitted annually to the Financial Crimes Enforcement Network (FinCEN). Industry groups are constantly working to educate SAR filers about the various types of activities that they should document so these activities can be properly tracked. FinCEN recently updated its statistics to include SAR activity in 2012, and the summary volumes are shown in the chart below. The Retail Payments Risk Forum believes that an ongoing educational effort of customers, as well as DI employees, is a vital element in recognizing and mitigating fraud in our payments system. As part of that effort, I think there would be benefit in examining the shifts among the different SAR activities and gain an understanding as to possible reasons for these shifts.
As the above chart shows, the number of SARs filed by DIs has risen steadily over the last two years. SARs from MSBs, on the other hand, dropped 14 percent from 2011 after seeing an average annual increase of 15 percent over the previous two years. So why the ups and downs?
From a pure numbers standpoint, the answer to the question lies in the details of the activities that can trigger a SAR. In the case of SAR filings from DIs, for example, 2012 saw a dramatic increase in identity theft and check fraud filings, while mortgage loan fraud SARs dropped. This shift is explained by the increased diligence being placed on mortgage loans and the alarming growth of identity theft and check fraud incidents. By contrast, SAR filings from MSBs showed a substantial decrease in the category where the person reduced the amount of money order or traveler's check purchase to avoid having to complete a funds transfer record (but still generating a SAR). One wonders whether this reduction represents progress in the fight against money laundering and terrorist financing, or have the individuals engaged in these illegal activities changed their money handling tactics by performing lower dollar value transactions to avoid suspicion and identification?
Every federal judicial district has a SAR review team. This team of regulators and federal and local law enforcement reviews SARs to determine whether they need to initiate new investigations or supplement the filings to existing cases. The efforts of these teams illustrates how more comprehensive reporting, improved data analysis, and stronger monitoring capabilities can help detect and address fraud and abuse within our payments system. FinCEN publishes a semiannual report—Trends, Tips & Issues—that provides a summary of key findings from the teams' reviews of SARs. These reports let involved parties know how they can use the information to provide greater protection to potential victims of fraud. We encourage you to read copies of FinCEN's reports to better understand current fraud trends so you can educate your employees and customers.
By David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
July 8, 2013
Money Mules: Unwitting Accomplices?
Recent news articles about the two major ATM cash-out frauds that yielded $45 million for the perpetrators have noted a critical element of the global crime—the extensive network of criminals that performed thousands of cash withdrawals over a few hours at ATMs in approximately 24 countries. Known as "money mules," these individuals help transport or launder stolen money and merchandise in exchange for a small share of the ill-gotten gains.
The mules in the ATM cash-out scheme were willing participants, but in many cases, individuals serving the role of a money mule may not be aware of their criminal involvement and may even themselves become victims of fraud. The most common tactics for enlisting the help of unknowing money mules are posting work-at-home advertisements on major legitimate employment websites, purchasing pop-up ads, or sending e-mails.
Earlier recruiting efforts were easy to spot because they often used poor grammar or spelling, were not specific in describing the job, and usually based the hiring company outside the United States. More recently, recruitment efforts have used well-written ads with high-quality graphics. These ads often stress the convenience of the position for the worker and the significant earnings potential. When hired, the individual is sometimes engaged as a mystery shopper or in some similar function to make the transfer of money or goods seem normal to the business operation. Some schemes initially engage the person in conducting legitimate transactions with the goal of developing a level of comfort for the individual with the process and the promise of bigger, more lucrative transactions to come in the future.
As with many crimes involving multi-level organizations, it is not the masterminds but the money mules who are most often apprehended. They are the ones whom law enforcement officers can locate relatively easily because they are the ones who provide their financial account information or shipping address as part of the transaction. Unknowing money mules risk criminal prosecution, financial loss, and smearing of their reputations. It’s also possible that they will themselves experience identity theft or fraud against their financial accounts because they may have provided sensitive personal information during the recruitment process.
As cybercrimes continue to spread, the mule recruitment efforts will expand and probably become more sophisticated. Individuals must exercise safer computer security practices, and financial institutions, consumer protection agencies, and law enforcement must continue to provide education about this type of scheme to help increase everyone’s ability to detect such fraud. Not only will early detection help prevent individuals from becoming unwilling victims, but also it will aid in the investigation of these criminal efforts by law enforcement.
Brian Krebs (KrebsonSecurity) has a good article, which includes a money-mule training video, providing more information about this type of crime to help individuals avoid getting caught up in one of these schemes. We welcome your suggestions on how the educational effort can be strengthened.
By David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
June 3, 2013
Do Digital Currencies Need Bank Secrecy Act Regulations?
Nearly two years ago, a Portals and Rails post looked at digital currencies and posed the question, "Will the use of alternative currencies gain popularity in the criminal world?" It appears that the answer to the question is "yes." According to the recent indictment of a digital currency provider, the currency under question "was designed to give criminals a way to move money earned from credit card fraud, online Ponzi schemes, child pornography and other crimes without being detected by law enforcement," ultimately building up a $6 billion money laundering operation.
At the heart of the issue with this particular digital currency is its anonymous nature. Payment instruments that provide anonymity do attract the criminal element. Anonymity is a major reason cash remains king when it comes to payments for illicit activities. The anonymity that prepaid cards provided in their earlier years attracted the criminal element, which ultimately resulted in regulators attaching Bank Secrecy Act/anti-money laundering (BSA/AML) regulations to these instruments.
There is no doubt that digital currency has benefits over paper and coins. The convenience of not having to lug around paper and coins is appealing to me, as is the fact that I wouldn't feel the need to scrub my hands after handling digital currency since it's no secret that paper money and coins are dirty. I am all for the success of digital currencies and can't wait for them to become more mainstream. But I believe that as long as any digital currency continues to support anonymity, it will be difficult for that to happen.
While regulation can stifle innovation, I believe that BSA/AML regulation of digital currencies could help increase the adoption of this type of payment instrument by the mainstream. One need look no further than the prepaid card industry to understand the potential impact. Many factors have played into that industry’s phenomenal growth rate, but the BSA/AML regulatory requirements also played a role by providing a credibility to prepaid cards that did not exist in their infancy.
What are your thoughts on the need for BSA/AML regulation of digital currencies?
By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
Take On Payments Search
- account takeovers
- ATM fraud
- bank supervision
- banking regulations
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- credit cards
- crossborder wires
- data security
- debit cards
- emerging payments
- financial services
- financial technology
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator MNO
- mobile payments
- money laundering
- money services business MSB
- online banking fraud
- online retail
- payments fraud
- payments innovation
- payments risk
- payments study
- payments systems
- Payment Services Directive
- phone fraud
- remotely created checks
- risk management
- Section 1073
- skills gap
- social networks
- thirdparty service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices UDAP
- wire transfer fraud
- workforce development
- workplace fraud