Please enable JavaScript to view the comments powered by Disqus.

About


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Comment Standards:
Comments are moderated and will not appear until the moderator has approved them.

Please submit appropriate comments. Inappropriate comments include content that is abusive, harassing, or threatening; obscene, vulgar, or profane; an attack of a personal nature; or overtly political.

In addition, no off-topic remarks or spam is permitted.

March 23, 2020

Fast Cars and Fast Payments

My son and I recently attended the Daytona 500. As an 11-year-old, he is fascinated with fast cars and speeds that routinely exceed 200 mph. The cars were certainly fast at Daytona International Motor Speedway this year. While he is blown away by the speed of the cars, I remain amazed at the overall safety record of these cars. There were numerous wrecks at this year’s race, but only one driver was seriously injured on the last lap in a wreck that was horrifying to witness. The speed of the cars definitely makes for an exciting event, but at the end of the day, safety is vital. Nobody wants to see a driver injured, and racing organizations have gone to great lengths to make sure safety is the top priority even if it means compromising the speed of cars. Could safety be as important as speed in payments, too?

Having been involved in the payments industry for the past 13 years, faster and safer have always been two (of several) buzz words associated with payments. But faster, being much cooler to discuss, seems to be the focus all too often. (Don’t talk to my son about the safety of cars—he wants to talk speed!) I joke with my colleague about surveys we often come across claiming that an extremely high percentage of people want faster payments. As a standalone question—yes, I can absolutely see that. Faster is better than the status quo or slower, right?

But we rarely get a glimpse into how important faster payments really are and if people actually want them. Are they just giving an obvious answer to a leading question? How would people respond to a question about faster payments when the question includes other attributes such as safety?

In a recent surveyOff-site link, approximately 1,000 respondents from the United States between the ages of 16 and 75 were asked to choose the most critical characteristics of a payment instrument: safety from fraud and theft, privacy protection, ease of use, wide acceptance, and speed. Only 12 percent of them chose speed as one of the top two. Interestingly, respondents chose safety (62 percent) and privacy (37 percent) as the most important characteristics.

Coming home from Daytona, my son and I talked about the race and just how amazing it was to watch in person. I asked him if he would like to see the cars go faster in light of some of the awful crashes that we saw. In his 11-year-old wisdom, he said the cars are probably fast enough because he didn’t like watching that final wreck. While I could debate whether or not payments are fast enough, much like the cars racing in the Daytona 500, safety remains paramount for payment instruments and must remain at the forefront of any discussion on payments.

March 16, 2020

Are Emerging Payments More Vulnerable to Fraud?

Whenever I am in a conversation about new or emerging payment products or services, I invariably get asked whether I think they will attract heightened attention from criminals. My personal opinion is, "YES, at least initially!" Why do I have that opinion? The conventional wisdom is that criminals recognize that new payment systems are likely to have some security gaps in the beginning that can be exploited. There are a number of examples I can cite to support this position.

Consider the payment card enrollment process that accompanied the introduction of the Apple Pay wallet in late 2014. Whether it was a rush to get cardholders enrolled or because of loopholes in the Identification and Verification (ID&V) process, a number of the banks offering the service fell victim to fraud early on. Criminals enrolled a number of stolen credit and debit cards in the service and then were able to make high-dollar purchases because of weak verification controls. Some industry observers cited initial fraud losses in the 600Off-site link-to-800Off-site link-basis-point range at some of the early issuers. This rate compares to an overall in-person, payment card fraud rate of 12.2 basis points in 2015 cited in the Federal Reserve's Payments Study supplement Changes in U.S. Payments Fraud from 2012 to 2016. Fortunately, the affected banks reacted quickly and shored up their payment card enrollment processes.

Also consider the implementation of faster payments in the United Kingdom in 2008. As did other countries implementing faster payments, the United Kingdom tried to limit fraud by taking a measured approach. In the beginning, only credit push transactions with a maximum value of £10,000 (approximately $15,000) were eligible. (Most of the initial participating banks had lower limits.) In 2010, the maximum amount was raised to £100,000. Now the maximum limit is £250,000, although financial institutions may still set lower limits and differentiate between consumer and commercial account payments. My colleague Julius Weyman highlighted some of the fraud risks in faster payments in his 2016 working paper reviewing overall risks in faster payments schemes around the globe. He pointed to the 132 percent increase in online banking fraud the United Kingdom experienced in the year following implementation.

There is growing concern among consumers in the United States and the United Kingdom about the liability for authorized push payments—such as P2P payments—because of their near-real-time nature and their finality. In a future post, I'll examine this issue with authorized push payments and look at how the United Kingdom is dealing with it.

So circling back to my initial question, do you believe that the fraud rates for new and emerging payment products are likely to be higher than the more established payment products? Let us know what you think.

December 9, 2019

Payments in Review: A Webinar

Whether you are out dipping your payment card at a store, waiting in line behind a check writer, trying to look like you're working while you shop online for last-minute gifts using your digital wallet, or just always looking for more information about payments, grab your headphones for the last Talk About Payments webinar of 2019. On December 19, the Retail Payments Risk Forum team continues its tradition of discussing what we consider to be the significant payments events and issues of the year. We invite financial institutions, retailers, payments processors, law enforcement officials, academics, and other payments system stakeholders to participate.

The webinar 2019: Payments in Review features a live roundtable discussion with payments risk experts Doug King, Dave Lott, and Jessica Washington. You will be able to see how your reflections on 2019 payment events compare to the Risk Forum's perspectives and reflections on the year. To liven up the party, polling questions and real-time questions and comments will let you engage with the speakers.

Last year ended with increasing momentum in technology research and development—distributed ledger technology, contactless, machine learning—which continued into 2019, mixed with the some of the largest fintech mergers and acquisitions the industry has seen. Faster payments started taking new forms with added interest from industry stakeholders. The fight against payments fraud also changed shape during 2019, with some new collaborations and methods worth mentioning. Fintech is surely to be discussed along with other topics such as the proliferation of digital payment methods versus the state of cash.

Find out what you might need to consider as you promote safer payments innovation in the coming year.

The webinar will happen on Thursday, December 19, from 1 to 2 p.m. (ET). Participation is free, but you must register in advanceOff-site link. Once you register, you will receive a confirmation email with the log-in and toll-free call-in information. A recording of the webinar will be available to all registered participants in various formats within a couple of weeks after the event.

We look forward to you joining us on December 19 and sharing your perspectives on the payment events that took place in 2019.

September 23, 2019

Designing Disclosures to Be Read

Have you ever wondered if consumers actually look at disclosures for payment services? And if they do look at them, how much time do you think they spend reading them? If the average adult reads around 250 words per minute and a disclosure page contains 1,000 words—likely a low estimate—then a consumer would spend four minutes on the page before clicking accept or reject. I am confident that a more realistic estimate of time consumers spend on these pages falls far short of the time required to read the legally required consumer protection information. How many of us just click on the "I Accept" button without reading the disclosure? Maybe it's time to come up with a better way to disclose.

I believe that disclosures are one of the more dreaded elements in designing, launching, and managing financial services. If you haven't experienced the dread first hand, you can find evidence of it in the countless comment letters submitted by payments stakeholders and posted to the Federal Register when a proposed rule could affect disclosure terms. The work and expense of delivering disclosures at precisely the time required by law are completely wasted when consumers fail to read them.

The goal of disclosures is to educate consumers on a product's terms and conditions, to define their responsibilities, and to ultimately protect them from financial harm or surprises. With this information, consumers can make informed decisions. We should hope consumers comprehend and retain the critical information provided.

Opportunities exist to present important consumer protection information in ways that are far more easily digestible than a thousand-word disclosure in a four-point font. For instance, a gamification model could ask the consumer direct questions related to fees in pop-up windows with animated visual representations of the scenarios. You can brainstorm to come up with messages, jotting down quick ideas—for example, "You chose instant transfer, the fee is $1, Accept or Decline." Or, "Help us monitor your transactions daily, instant transfers will be $0, Accept or Decline." A large font and short words can quickly articulate the key points and big risks. Moreover, building the disclosure logic into the technology better protects the consumer.

Here's some good news—you now have the support of the Consumer Financial Protection Bureau (CFPB) to test your innovative solutions in making disclosures likelier to achieve their aim. The CFPB's Office of Innovation recently issued new policies to encourage innovation. For example, the office instituted a trial disclosure program and has committed to granting or denying applications for these trials within 60 days of submission. Accepted applicants will have up to two years to test their disclosures. They will also have access to state and global regulators through the CFPB's affiliation with the Federal Financial Institutions Examination Council, the Global Financial Innovation Network, and the newly formed American Consumer Financial Innovation Network.

Applicants and disclosures need not be company- or product-specific, although that is an option. Service providers, trade associations, consumer groups, or other third parties may also use the trial application program. Group applications could help spread trial disclosure development costs such that smaller entities would be able to afford to participate in the program. Such intention has been evidenced in the CFPB's Office of Innovation's first "No-Action Letter," issued to more than 1,600 HUD housing counseling agencies, stating that it will not take enforcement action with agencies that enter into "certain fee-for-service arrangements with lenders for pre-purchase housing counseling services."

Have you considered redesigning a payment product or service disclosure that consumers will be likelier to read? Apply to test it , and good luck!