Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Comments are moderated and will not appear until the moderator has approved them.
Please submit appropriate comments. Inappropriate comments include content that is abusive, harassing, or threatening; obscene, vulgar, or profane; an attack of a personal nature; or overtly political.
In addition, no off-topic remarks or spam is permitted.
Federal Reserve Web Sites
Other Bank Regulatory Sites
June 15, 2020
A Cloudy Day Is No Match for a Sunny Disposition
Heading into 2020, investments in companies providing cloud computing services were on fire. Various research firms (here and here) estimate that worldwide spending on public cloud services is growing at a compound annual growth rate that falls between 15 percent and more than 22 percent. As cloud computing matures, many financial institutions are considering the benefits that it can provide. In an October 2019 report on a worldwide survey of bankers, a vendor reported that just over half of all bankers surveyed indicated that they currently have or plan to have a cloud adoption strategy in place within the next two years. Keep in mind that this survey was administered before COVID-19 changed, at least temporarily, the business environment.
Because so much work, banking, and commerce occurs remotely, demand for cloud computing has risen. Although cloud computing can offer advantages, financial institutions need to assess and monitor the risks just as they do with other third-party providers. This may be why the Federal Financial Institutions Examination Council (FFIEC) thought the timing was right to release a statement in late April on Security in a Cloud Computing Environment .
A key takeaway from the FFIEC statement is that even though cloud providers have controls in place, or offer controls, to create a secure environment, the "buck" ultimately stops with the financial institution. It remains the financial institution's responsibility to ensure that proper security protocols are in place based on the service level agreement with its cloud providers. As with other third-party relationships, financial institutions are responsible for ongoing oversight and monitoring of their cloud providers. It may be necessary for a financial institution to implement security protocols above and beyond what cloud providers offer.
Cloud computing can make our lives easier, as evidenced by those who have been able to work remotely during the past few months. But we must also recognize the risks it poses and mitigate those as much as possible. Although the FFIEC statement doesn't contain any new regulatory expectations, it does provide excellent guidance along with a multitude of resources and references for financial institutions seeking information on cloud computing risk management. By employing effective risk management practices, financial institutions can minimize the risks of the cloud becoming a storm cloud and keep the sun shining brightly on a secure environment!
June 8, 2020
Are Contactless Cards Having Their Moment?
This could be the moment Doug King has been waiting for. In February 2017, Doug blogged, "Wouldn't it be nice to tap and pay?" Back then, he reported his disappointment at not being able to use his "cool" card with contactless functionality. Today, my favorite consumer advice website is calling contactless payments "the wave of the future." And according to Visa, 31 million Americans tapped a Visa contactless card or digital wallet at the point of sale in March 2020, up from 25 million in November 2019. MasterCard projects that approximately 70 percent of its U.S. customers will have contactless cards by the end of 2022.
Dave Lott wrote last year that the speed of contactless card payments could make them as desirable—if not more desirable—than mobile payments. As Dave pointed out, "consumer payments is largely a total sum environment," so the rise of contactless could cannibalize other forms of payments like mobile. Continuing this line of thinking, I have been wondering if any rise in contactless card use could have an impact on the use of cash.
"Protect yourself while shopping," advises the Centers for Disease Control. "If possible, use touchless payment (pay without touching money, a card, or a keypad)."
Until a few months ago, the answer was clear: probably not much of an impact. Let's take a look at consumer behavior and survey responses in the pre-coronavirus environment.
- First, an April 2020 paper examined the behavior of 21,000 Swiss cardholders between 2016 and 2018. In the aftermath of receiving a contactless debit card, the Swiss cardholders increased their use of debit cards overall, especially for small-value payments. But the increase among the Swiss consumers was small. Most of the increase occurred among people who already were using their debit cards to pay. And Swiss account holders who used cash a lot—the researchers call them "cash lovers"—didn't change behavior. The researchers report that the average effect of receiving a contactless card was "underwhelming."
- Second, in response to a hypothetical question in fall 2019 , U.S. consumers reported they would likely in the future use contactless cards to pay at grocery stores, gas stations, and department stores—payees with a high proportion of card payments already. In other words, consumers would not change their choice of payment instrument; rather, they would change their choice of authorization method (tapping instead of dipping a card). Again, underwhelming when we think about any potential impact on cash.
But that was then. In spring 2020, the future is murkier. Do you think consumers' ideas about and use of contactless cards would be different today?
May 26, 2020
Some Seek Peace of Mind with Contactless
The COVID-19 pandemic has created a keen awareness of the need for enhancing personal practices to prevent the spread of the virus. The CDC has encouraged social distancing, face-mask wearing, frequent hand washing and sanitizing, and daily surface cleaning and disinfecting. When it comes to people buying things in person, it is that last guideline that has sparked widespread discussion about whether one type of payment method is safer than another.
Some stakeholders have been promoting contactless transactions as the most hygienic method of in-person payment. The consumer can perform such transactions with a minimal amount of contact with a payment terminal, either through a mobile pay wallet application or a contactless payment card—as long as the merchant has enabled the payment terminals with near-field communications technology. This post will focus on mobile contactless payments that began in the United States in late 2014, with the introduction of the Apple Pay digital wallet, followed shortly by the Google and Samsung pay wallets. Thus far, consumer use of mobile digital wallets has been anemic. Some research has found that mobile payments represented only 3 percent of U.S. retail sales in 2019.
Financial inclusion is a particular concern for the Atlanta Fed. Past Take On Payments posts have discussed the state of un- and underbanked households in the United States and efforts to make financial services more readily available and affordable. The mobile phone—in particular, the smartphone—is a key part of inclusion. Smartphones allow access to secure, low-cost banking services. Given the recent promotion of mobile contactless payments, here are some recent statistics from the Pew Research Center on mobile phone ownership that I want to share with you.
According to a survey conducted in early 2019, 96 percent of U.S. adults had a mobile phone, and 81 percent of that group had a smartphone. As you might expect, younger adults were more likely to own a smartphone than older adults.
Specifically related to the financial inclusion issue is the disparity in smartphone ownership based on household income. Ownership among households earning less than $30,000 annually was only 71 percent compared to 90-plus percent for those with more than $50,000 in annual income. Type of community also made a difference. Adults in rural areas had an ownership level of 71 percent compared to 83 percent for those in suburban and urban areas.
These statistics are a strong reminder of the message my colleague Claire Greene gave in a recent post that I am not the "average" consumer. Similarly, just because I have a smartphone and you have one, we can't make assumptions about ubiquitous smartphone ownership. Consequently, some digital payment services may lock out people who use cash. As the industry moves forward with enhanced and sometimes preferred payment options, we should remember Atlanta Fed president Raphael Bostic's suggestion that financial inclusion should mean that the consumer should be able to pay how they want to pay.
May 11, 2020
Seeing the Future through a Morning with Fifth Graders
Early in March, I spent the morning with four fifth-grade classes at an elementary school as part of their college and career day. My son had asked me not to talk about writing blogs and papers but rather to talk about "cool" things in payments and fraud. So that's exactly what I did with each class for 15 minutes, leaving the remaining 10 minutes of the time for questions or discussion. Looking back, I wish I had allotted more time for the final portion because these fifth graders were as engaging an audience as I have ever had. I left the school with two thoughts that I think the payments industry could find valuable, so thought it would be worthy of sharing with our readers today.
First, I was surprised by the general level of awareness that the fifth graders exhibited around online safety. Many had stories to share of both successful and unsuccessful attempts of their relatives being scammed online or through the phone. Others shared stories of their parents' bank accounts or cards being compromised. Several students talked about how they search safely on the internet. I was probably naïve going into the day about their level of knowledge and awareness seeing that these kids have grown up with this technology a part of their daily lives, but call me impressed that many of them are well aware of dangers lurking and eager to learn how to better protect themselves.
Second, I was blown away by the kids' access to and use of smart-assistant speakers. I have heard a number of people project that speech recognition is the future of commerce and if the kids I met with are any indication of their generation, then I think I can get on board with those projections. In an unscientific survey, I would estimate that nearly 90 percent of the kids had access to at least one smart-assistant speaker, and amazingly 75 percent had one in their room. Without naming any names, one company dominated this space for the group. While the "phone" aspect of the mobile phone for many kids is foreign as it's primarily used as a camera or texting device, it seems that they actually are comfortable having a conversation with a speaker.
As I walked back to my car, my mind was filled with thoughts about the future. On the one hand, I was smiling because this young generation is going to be better prepared in understanding the risks of the cyberworld that will continue to play a more prominent role in our lives. People will always be vulnerable but I left with confidence that our young people are aware that there are bad people lurking behind computer screens. On the other hand, my mind was spinning because I predict that commerce through a smart-assistant speaker will be as common a practice for them as dipping a card is for me. How different that world will look from where we are today!
Take On Payments Search
- account takeovers
- bank supervision
- banking regulations
- card networks
- check fraud
- consumer fraud
- consumer protection
- credit cards
- crossborder wires
- data security
- debit cards
- emerging payments
- financial services
- financial technology
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator MNO
- money services business MSB
- online banking fraud
- online retail
- payments fraud
- payments innovation
- payments risk
- payments studies/research
- payments systems
- Payment Services Directive
- phone fraud
- remotely created checks
- risk management
- Section 1073
- skills gap
- social networks
- supervision and regulation
- thirdparty service provider
- Unfair and Deceptive Acts and Practices UDAP
- wire transfer fraud
- workforce development
- workplace fraud