Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Comments are moderated and will not appear until the moderator has approved them.
Please submit appropriate comments. Inappropriate comments include content that is abusive, harassing, or threatening; obscene, vulgar, or profane; an attack of a personal nature; or overtly political.
In addition, no off-topic remarks or spam is permitted.
Federal Reserve Web Sites
Other Bank Regulatory Sites
September 3, 2019
Is Friction in Payments Always Bad?
Numerous posts in this blog have noted the conventional wisdom that the less friction there is for a consumer in making a payment, the likelier it is that the consumer will have a good experience. Merchants, especially ecommerce retailers, point to studies consistently showing that when customers are required, for stronger authentication, to enter more information than they're used to during a payment, the cart abandonment rate increases and merchants lose sales. I have learned from my own conversations with merchants that some have backed away from adding more risk management tools because they would rather take the financial loss from a fraudulent transaction than discourage an otherwise legitimate sale. This balancing act between reducing friction for the customer and reducing fraud risk to the merchant or payment card issuer is a constant challenge.
Many merchants have incorporated mobile devices' biometric authentication features into their mobile apps to keep the customer from having to provide additional authentication data. Some other vendors have recently developed risk mitigation and authentication tools that work completely in the background and give them more confidence that the individual conducting the transaction is legitimate. These tools range from behavioral analytics that rely on patterns of previous transactions—whether they're based on a specific customer or on a group of customers with a similar profile—to electronic device information, called device fingerprinting, that validates that the device being used is actually the customer's. The customer is unaware that these tools are being used, so experiences lower friction.
A new term being used for what is regarded as an improved payment experience is the invisible payment transaction. This happens when a payment is triggered automatically without any customer intervention at the time of the transaction. The best examples of invisible transactions are in the sectors of subscription or card-on-file services. Subscription services include any service where the customer has provided, for example, a payment card or deposit account for a transaction and authorized the merchant or service provider to make future payments using that account. Online retailers, rideshare services, and recurring payments for health clubs, parking garages, utility companies, and charitable organizations are all types of businesses that use subscription services. A relatively recent entrant in the invisible payment segment is the computer/camera monitored shopping experience at some retailers.
So do invisible payments mean we've achieved nirvana? While they certainly provide the lowest level of customer interaction, they also have some possible disadvantages. Consumer advocates are concerned about the impact such payments might have on an individual's budget management. What if they forget about a subscription payment, and when it's deducted from their account, it creates an overdraft or insufficient funds return? Will invisible payments result in increased spending by the consumer? And then there is the bother of updating a bunch of subscriptions if the consumer changes the funding account.
While research has shown that consumers see convenience as a positive factor, they also want to be confident that there is a security process that will make them less likely to be victims of fraud. Will we ever reach the place of total payments peace and happiness with the right balance of security and convenience? Please let us know what you think.
December 17, 2018
Card Fraud Values Often above Average
Recent data from the Federal Reserve Payments Study remind me of my first experience with payments fraud as a 20-something college grad freshly arrived in Boston. I left my wallet in a conference room, and someone lifted my credit card. I still remember the metaphorical punch to the stomach when the telephone operator at the card company asked, "Did you spend $850 at Filene's Basement?" $850! That was more than twice my rent, and far more than I could conceive of spending at Boston's bargain hunters' paradise in a year, let alone on a one-night spree.
Decades later, the first thing I do to check my card and bank statements is to scan the amounts and pay attention to anything in the three digits. For noticing high-value card fraud, this is a pretty good habit.
That's because, on average, fraudulent card payments are for greater dollar values than nonfraudulent card payments. In 2016, the average value of a fraudulent credit card payment was $128, almost 50 percent more than $88 for a nonfraudulent credit card payment. For debit cards, the relationship was more pronounced: $75 for the average fraudulent payment, about twice the $38 average nonfraudulent payment, according to the Federal Reserve Payments Study.
Even to the noncriminal mind, this relationship makes sense: get as much value from the card before the theft or other unauthorized use is discovered. For a legitimate user, budgetary constraints (like mine way back when) and other considerations can come into play.
Interestingly, this relationship does not hold for remote payments. In 2016, the average dollar values of remote debit card payments, fraudulent and nonfraudulent, were the same: $68. And the average value of a nonfraudulent remote credit card payment, $151, exceeded that of a fraudulent remote credit card payment, $130. Why the switcheroo?
A couple of possibilities: Remote card payments include online bill payments, which often are associated with a verified street address and are of high value. So that could be pushing the non-fraudulent remote payments toward a high value relative to the fraudulent remote payments. Another factor could be that fraud detection methods used by ecommerce sites look for values that could be outliers, so perpetrators avoid making purchases that would trigger detection—and thus average values for remote fraud are closer to average values for remote purchases generally. But this is speculation. What do you think?
The relationships described here are depicted in figures 21 and 28 of the recent report of the Federal Reserve Payments Study, Changes in the U.S. Payments Fraud Landscape from 2012 to 2016. You can explore other relationships among average values of payments, and more, on the payments study web page.
By Claire Greene, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
November 19, 2018
Smaller FIs Weigh In on Mobile Financial Services
I have previously written several posts on the Sixth District's 2016 Mobile Banking and Payments Survey results as well as the consolidated results of the 2016 survey involving financial institutions (FIs) in the Atlanta Fed's district and six other Federal Reserve districts. Readers will recall that the primary goal of the survey was to allow the Federal Reserve and industry stakeholders to better understand the status of financial institutions' strategies with regard to mobile banking and payments products and services.
As a follow-up to this work, the Federal Reserve districts of Atlanta, Boston, Cleveland, Kansas City, Minneapolis, and Richmond conducted a "quick-hit" survey in June 2018 of the FIs that did not respond to the detailed 2016 survey. The survey consisted of just five questions pertaining to mobile financial service offerings. It also gathered some demographic data. A total of 565 FIs responded, representing an 11.7 percent response rate. You can find a report that the Payment Strategies Group at the Federal Reserve Bank of Boston prepared on the Boston Fed website.
As a group, the FIs responding to the 2018 survey were smaller in asset size than were respondents to the 2016 survey.
Some of the key takeaways in the report include:
- Of the 2018 respondents, 88 percent of banks and 81 percent of credit unions currently offer mobile banking services or plan to offer them by the end of 2018.
- Fifty-five percent of the respondents reported that more than 20 percent of their customers were active mobile banking users.
- Surprisingly, 14 percent of the respondents indicated they have no plans to offer mobile banking services. All but one of the FIs that have no plans to offer mobile banking had assets under $500 million. These FIs were almost evenly split between credit unions (33) and banks (36).
- Not tracking or being unwilling to reveal customer usage levels of mobile banking services remains an issue; 29 percent of the respondents did not answer the question. My opinion is that it's the latter reason, given that a standard reporting option of mobile banking systems is to be able to track enrollment and unique sign-on activity.
- Offerings of mobile payment services continue to lag significantly behind mobile banking. Of the 2018 responses, 57 percent currently offer or plan to offer them, while 43 percent have no plans to offer them or were undecided.
We will be conducting the detailed Mobile Banking and Payments survey in early 2019 and look forward to sharing the results with you.
By David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
June 18, 2018
Thinking about My Grandmother and Future-Proofing Payments
I often reminisce about times I spent with my grandmother. She passed away when I was only nine years old, but fortunately left me with a host of memories that I cherish. How I loved our trips to Walden Bookstore in the Hickory Ridge Mall whenever she'd visit us in my hometown of Memphis. We'd pick out a book or two and then return home to read them together. I often wonder what she would think about my family's book shopping and reading habits today. Online bookstores, e-readers, and audiobooks downloaded or streamed onto mobile phones would be completely foreign to her as the technology behind these was not even around during her lifetime! How could she ever have known how the world of books would evolve?
And this brings me to the notion of future-proofing payments. Mobile payments just might be the hottest topic when payment professionals get together to discuss the future of payments. It makes sense to think that maybe one day our mobile phones will replace our debit and credit cards and maybe even cash. But to date, the mobile phone has not done for cards and cash what it has done for mp3 players, digital cameras, and portable navigation devices, to list just a few things. Perhaps we need more time for mobile phones to transform payments—or could it be that payments as we know them today will be made over by a technology or device that is not yet widely available or even conceived? Is it possible that the primary payment methods we use today can withstand the test of time and remain our primary methods for many more years? Thinking about my grandmother and books, maybe future-proofing payments is a losing proposition and we should be nimble, ready to adapt to whatever changes come our way.
Join me for the Atlanta Fed's Retail Payments Risk Forum's latest Talk About Payments webinar on Thursday, June 28, from 1 to 2 p.m. (ET), when I will explore the future of mobile payments at the point of sale by first considering the debit card's long rise to prominence. Participation in the webinar is complimentary, but you must register in advance. After completing registration, you will receive a confirmation email with all the log-in and toll-free call-in information.
By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
Take On Payments Search
- account takeovers
- ATM fraud
- bank supervision
- banking regulations
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- credit cards
- crossborder wires
- data security
- debit cards
- emerging payments
- financial services
- financial technology
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator MNO
- mobile payments
- money laundering
- money services business MSB
- online banking fraud
- online retail
- payments fraud
- payments innovation
- payments risk
- payments study
- payments systems
- Payment Services Directive
- phone fraud
- remotely created checks
- risk management
- Section 1073
- skills gap
- social networks
- thirdparty service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices UDAP
- wire transfer fraud
- workforce development
- workplace fraud