Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Comments are moderated and will not appear until the moderator has approved them.
Please submit appropriate comments. Inappropriate comments include content that is abusive, harassing, or threatening; obscene, vulgar, or profane; an attack of a personal nature; or overtly political.
In addition, no off-topic remarks or spam is permitted.
Federal Reserve Web Sites
Other Bank Regulatory Sites
January 27, 2020
Mobile Banking Nearing Ubiquity
In June 2019, eight Federal Reserve districts,1 led by the Federal Reserve Bank of Boston's Payment Strategies Group, surveyed financial institutions (FI) based in their respective districts about their current and planned mobile banking and mobile payment service offerings. The survey defined mobile banking as the use of a mobile phone to connect to a financial institution to access bank or credit account information (including to view balances), transfer funds between accounts, pay bills, set up account alerts, locate ATMs, deposit checks, and more. The term mobile payments described the use of a mobile phone to pay at the point of sale, remotely for a retail item (or items) using near field communication or a quick response code, or via mobile app or web for digital content, goods, or services (such as transit, parking, or ticketing).
You can find the full 2019 Mobile Financial Services Survey report, including the survey questionnaire, on the Boston Fed website. This collaborative survey effort previously took place in 2014 and 2016.
The survey found that 96 percent of the respondents currently offered or planned to offer mobile banking services. (As expected, most of the respondents who indicated they had no plans to offer mobile banking—18 of the 23—were the smallest FIs [those with assets under $50 million]). Support for mobile payment services had increased significantly since the 2016 survey, going from 24 percent to 43 percent in 2019, with an additional 26 percent planning to support mobile payments within two years.
Especially interesting to me were the responses to a new survey question regarding FIs' plans to issue contactless payment cards. Many of the largest FIs began issuing contactless cards in 2019. The survey found that while only 5 percent of respondents were issuing contactless cards, 21 percent plan to do so within two years and an additional 18 percent plan to issue them in the next two to five years. As the chart shows, although nearly two-thirds of the smallest FIs indicated no plans to offer a contactless card, a relatively high percentage (43%) of the larger FIs also indicated no plans to do so. I am curious to see how these plan responses change, if any, in future surveys.
A total of 504 financial institutions responded—337 banks and 167 credit unions (CUs)—which represented 6 percent of all banks and 3 percent of all CUs in the United States. It is important to note that none of the top 100 banks by asset size and only four of the top 100 CUs by asset size are included in the survey. Almost half of the responding CUs have assets under $100 million. The distribution of survey respondents (displayed in the chart below) helps us better understand the development of mobile financial services in the mid- and small-sized FIs.
The Boston Fed's Payment Strategies Group will present a webinar on the full survey report later this year. We will be sure to keep Take On Payments readers apprised of those plans. In the meantime, if you have any questions regarding the survey or the results, please be sure to contact me.
1Atlanta, Boston, Cleveland, Kansas City, Minneapolis, Philadelphia, Richmond, and San Francisco
September 3, 2019
Is Friction in Payments Always Bad?
Numerous posts in this blog have noted the conventional wisdom that the less friction there is for a consumer in making a payment, the likelier it is that the consumer will have a good experience. Merchants, especially ecommerce retailers, point to studies consistently showing that when customers are required, for stronger authentication, to enter more information than they're used to during a payment, the cart abandonment rate increases and merchants lose sales. I have learned from my own conversations with merchants that some have backed away from adding more risk management tools because they would rather take the financial loss from a fraudulent transaction than discourage an otherwise legitimate sale. This balancing act between reducing friction for the customer and reducing fraud risk to the merchant or payment card issuer is a constant challenge.
Many merchants have incorporated mobile devices' biometric authentication features into their mobile apps to keep the customer from having to provide additional authentication data. Some other vendors have recently developed risk mitigation and authentication tools that work completely in the background and give them more confidence that the individual conducting the transaction is legitimate. These tools range from behavioral analytics that rely on patterns of previous transactions—whether they're based on a specific customer or on a group of customers with a similar profile—to electronic device information, called device fingerprinting, that validates that the device being used is actually the customer's. The customer is unaware that these tools are being used, so experiences lower friction.
A new term being used for what is regarded as an improved payment experience is the invisible payment transaction. This happens when a payment is triggered automatically without any customer intervention at the time of the transaction. The best examples of invisible transactions are in the sectors of subscription or card-on-file services. Subscription services include any service where the customer has provided, for example, a payment card or deposit account for a transaction and authorized the merchant or service provider to make future payments using that account. Online retailers, rideshare services, and recurring payments for health clubs, parking garages, utility companies, and charitable organizations are all types of businesses that use subscription services. A relatively recent entrant in the invisible payment segment is the computer/camera monitored shopping experience at some retailers.
So do invisible payments mean we've achieved nirvana? While they certainly provide the lowest level of customer interaction, they also have some possible disadvantages. Consumer advocates are concerned about the impact such payments might have on an individual's budget management. What if they forget about a subscription payment, and when it's deducted from their account, it creates an overdraft or insufficient funds return? Will invisible payments result in increased spending by the consumer? And then there is the bother of updating a bunch of subscriptions if the consumer changes the funding account.
While research has shown that consumers see convenience as a positive factor, they also want to be confident that there is a security process that will make them less likely to be victims of fraud. Will we ever reach the place of total payments peace and happiness with the right balance of security and convenience? Please let us know what you think.
December 17, 2018
Card Fraud Values Often above Average
Recent data from the Federal Reserve Payments Study remind me of my first experience with payments fraud as a 20-something college grad freshly arrived in Boston. I left my wallet in a conference room, and someone lifted my credit card. I still remember the metaphorical punch to the stomach when the telephone operator at the card company asked, "Did you spend $850 at Filene's Basement?" $850! That was more than twice my rent, and far more than I could conceive of spending at Boston's bargain hunters' paradise in a year, let alone on a one-night spree.
Decades later, the first thing I do to check my card and bank statements is to scan the amounts and pay attention to anything in the three digits. For noticing high-value card fraud, this is a pretty good habit.
That's because, on average, fraudulent card payments are for greater dollar values than nonfraudulent card payments. In 2016, the average value of a fraudulent credit card payment was $128, almost 50 percent more than $88 for a nonfraudulent credit card payment. For debit cards, the relationship was more pronounced: $75 for the average fraudulent payment, about twice the $38 average nonfraudulent payment, according to the Federal Reserve Payments Study.
Even to the noncriminal mind, this relationship makes sense: get as much value from the card before the theft or other unauthorized use is discovered. For a legitimate user, budgetary constraints (like mine way back when) and other considerations can come into play.
Interestingly, this relationship does not hold for remote payments. In 2016, the average dollar values of remote debit card payments, fraudulent and nonfraudulent, were the same: $68. And the average value of a nonfraudulent remote credit card payment, $151, exceeded that of a fraudulent remote credit card payment, $130. Why the switcheroo?
A couple of possibilities: Remote card payments include online bill payments, which often are associated with a verified street address and are of high value. So that could be pushing the non-fraudulent remote payments toward a high value relative to the fraudulent remote payments. Another factor could be that fraud detection methods used by ecommerce sites look for values that could be outliers, so perpetrators avoid making purchases that would trigger detection—and thus average values for remote fraud are closer to average values for remote purchases generally. But this is speculation. What do you think?
The relationships described here are depicted in figures 21 and 28 of the recent report of the Federal Reserve Payments Study, Changes in the U.S. Payments Fraud Landscape from 2012 to 2016. You can explore other relationships among average values of payments, and more, on the payments study web page.
By Claire Greene, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
November 19, 2018
Smaller FIs Weigh In on Mobile Financial Services
I have previously written several posts on the Sixth District's 2016 Mobile Banking and Payments Survey results as well as the consolidated results of the 2016 survey involving financial institutions (FIs) in the Atlanta Fed's district and six other Federal Reserve districts. Readers will recall that the primary goal of the survey was to allow the Federal Reserve and industry stakeholders to better understand the status of financial institutions' strategies with regard to mobile banking and payments products and services.
As a follow-up to this work, the Federal Reserve districts of Atlanta, Boston, Cleveland, Kansas City, Minneapolis, and Richmond conducted a "quick-hit" survey in June 2018 of the FIs that did not respond to the detailed 2016 survey. The survey consisted of just five questions pertaining to mobile financial service offerings. It also gathered some demographic data. A total of 565 FIs responded, representing an 11.7 percent response rate. You can find a report that the Payment Strategies Group at the Federal Reserve Bank of Boston prepared on the Boston Fed website.
As a group, the FIs responding to the 2018 survey were smaller in asset size than were respondents to the 2016 survey.
Some of the key takeaways in the report include:
- Of the 2018 respondents, 88 percent of banks and 81 percent of credit unions currently offer mobile banking services or plan to offer them by the end of 2018.
- Fifty-five percent of the respondents reported that more than 20 percent of their customers were active mobile banking users.
- Surprisingly, 14 percent of the respondents indicated they have no plans to offer mobile banking services. All but one of the FIs that have no plans to offer mobile banking had assets under $500 million. These FIs were almost evenly split between credit unions (33) and banks (36).
- Not tracking or being unwilling to reveal customer usage levels of mobile banking services remains an issue; 29 percent of the respondents did not answer the question. My opinion is that it's the latter reason, given that a standard reporting option of mobile banking systems is to be able to track enrollment and unique sign-on activity.
- Offerings of mobile payment services continue to lag significantly behind mobile banking. Of the 2018 responses, 57 percent currently offer or plan to offer them, while 43 percent have no plans to offer them or were undecided.
We will be conducting the detailed Mobile Banking and Payments survey in early 2019 and look forward to sharing the results with you.
By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
Take On Payments Search
- account takeovers
- ATM fraud
- bank supervision
- banking regulations
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- credit cards
- crossborder wires
- data security
- debit cards
- emerging payments
- financial services
- financial technology
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator MNO
- mobile payments
- money laundering
- money services business MSB
- online banking fraud
- online retail
- payments fraud
- payments innovation
- payments risk
- payments study
- payments systems
- Payment Services Directive
- phone fraud
- remotely created checks
- risk management
- Section 1073
- skills gap
- social networks
- thirdparty service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices UDAP
- wire transfer fraud
- workforce development
- workplace fraud