Please enable JavaScript to view the comments powered by Disqus.

About


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

Comment Standards:
Comments are moderated and will not appear until the moderator has approved them.

Please submit appropriate comments. Inappropriate comments include content that is abusive, harassing, or threatening; obscene, vulgar, or profane; an attack of a personal nature; or overtly political.

In addition, no off-topic remarks or spam is permitted.

February 18, 2020

Am I Average? Adventures in Survey Research

The results of the 2018 Diary of Consumer Payment Choice, released in December 2019, show us that, as a percentage share of all types of payments by number, consumers use debit cards for 28 percent of payments, cash for 26 percent, and credit cards for 23 percent.

I can hear you thinking, "No, that can't be."

"Not in my household. We never use cash. And we always choose credit first to get the points." Your skepticism likely is related to the fact that the diary reports averages for a representative sample of U.S. consumers age 18 and older. That means that all sorts of people are included in the estimates of payment instrument use: highly educated and without a high school diploma, born in the United States and born elsewhere, 18-year-olds and 85-year-olds, people who live in cities and people who live in small towns.

Some of those people are a lot like you. Others, not so much.

For example, if you're reading the Take on Payments blog, I'd venture to guess that your household income was north of the U.S. median of $61,937 in 2018, the year this data was collected. And income matters a lot for consumer behavior.

Let's see what happens when we take income into account for payment instrument use, still using the data from the 2018 Diary of Consumer Payment Choice. Kevin Foster, survey expert at the Atlanta Fed, helped me with this analysis:

  • Of payments reported by people in households earning less than $60,000, 32 percent by number were in cash, 31 percent with debit cards, and 15 percent with credit cards.
  • Of payments reported by people in households earning more than $60,000, 22 percent were in cash, 27 percent with debit cards, and 28 percent with credit cards.

Note the heavy use of cash by the people in households earning less than $60,000 and the use of credit cards by the group earning more.

When I see data on consumer behavior—the percentage of people who dye their hair, for example—I can't resist asking myself, "Am I average?" Or even, "Am I above average?"—as are the residents of Lake Woebegone. Add a bit of demographic data, and my assessment of how "average" I am changes. Instead of the percentage of all people who dye their hair, compare me to the percentage of women older than 45 who dye their hair, for example.

From hair styling choices to payments choices, not only income but also demographic characteristics like age and gender are important for consumer behavior. That's why the data set for the Diary of Consumer Payment Choice includes a full set of demographic variables (such as age, education, and household size) as well as information about income and employment status. All the data, including a code book explaining all the variables, are available online. So feel free to slice and dice the data as much as you like.

February 10, 2020

Slowing Down the Mule Train

Slowing down the money mule train, that is. Money mules are those individuals who transfer money or goods received through fraudulent schemes on behalf of or at the direction of a criminal enterprise, often based outside the United States. It's a form of money laundering.

In December 2019, the FBI announced it was collaborating with other domestic and international law enforcement agencies to identify, stop, and prosecute major money mule networks. Two months later, it claimed that the operation had stopped the illegal actions of more than 600 domestic money mules—a 50 percent increase in their success rate over the entire previous year. (The U.S. efforts coincided with the European Money Mule Action, led by Europol, the European Union's agency that combats crime and terrorism.)

So who are these money mules and how are they recruited? The money mules fall into two main groups: innocent participants and those people who are as criminal as the leaders of the fraud schemes. It's the money mules who take the greatest risk; the leaders of the schemes use them to insulate themselves from arrest and prosecution.

The first group, the naïve participants, are generally recruited through online ads, résumés submitted to mainstream job search sites, or emails promising work-from-home employment as a "payment processing" or "money transfer" agent. Upon being "hired," these people must provide their bank account information so that deposits can be made to their accounts. If the victims say they want to open a new account to process these transactions, the contact dissuades them from doing so because new accounts face additional scrutiny and restrictions. When a deposit is made, a mule has to transfer those funds, minus the "commission," to another bank account. That account is usually outside the United States so the transfer occurs through an international money transfer service. The mule might also be asked to purchase gift cards, load funds onto them, and then provide the card numbers and PINs to the contact. Individual transactions are generally under $10,000 to avoid the filing of currency transaction reports or suspicious activity reports.

Sometimes truly innocent participants are caught in a "cuckoo smurfing" scheme. In this scenario, someone's bank account credentials are compromised without that person's knowledge. The criminal deposits or transfers money into the account and quickly moves it over to another account. The innocent participant isn't aware of this transaction until he or she checks the account.

However, the vast majority of money mules are people who clearly know they are acting illegally. They are often part of local, national, or international gangs, and use the proceeds of money mule activities to fund other criminal activities.

While there have been a number of enforcement successes, including the effort announced by the FBI, the constant attention being given to this problem indicates it persists. Hats off to all the various law enforcement agencies involved in this money mule crackdown. Hopefully, the increased publicity will prevent individuals from unknowingly becoming part of these networks as well as highlight the scams used to victimize others. What other actions do you think will help curb this type of crime?

February 3, 2020

Fuel Pump EMV Chip Liability Shift Looms Large

It has been quite some time since the Retail Payments Risk Forum has blogged about the state of the EMV chip in the United States. Perhaps the lack of coverage is a nod to the success and growth of EMV chip issuance and acceptance since the point-of-sale (POS) and ATM liability shifts that began in 2015 and 2016, respectively. The Federal Reserve's newly released payments studyOff-site link found that 57 percent of in-person card payments in 2018 used chip authentication compared to 2 percent in 2015. Talk about phenomenal progress over a three-year period! Yet there is more to do, and 2020 will be a big year for closing a big gap—EMV chip acceptance at the fuel pump, or what the industry generally calls automated fuel dispensers (AFDs).

In October, all of the global card networks' liability shifts will be implemented for AFDs. As a brief reminder, this liability shift means that petrol retailers will now be responsible for incurring the fraud losses on all non-EMV-chip-authenticated transactions initiated by EMV cards at their pumps. According to several industry associations that represent the convenience and petroleum store industry, this liability shift date will be a challenge for many station operators to meet given a limited availability of EMV-compatible AFDs as well as the technicians to install and certify the machines as EMV ready.

Through the years, the Risk Forum has stressed that criminals tend to gravitate to the easy targets when it comes to committing card fraud, or really any fraud in general. Card skimmers at AFDs pulling data off a card's magnetic stripe have been a major problem for decades. I have no doubt that the fraudsters are fully aware of the impending liability shift and will be stepping up their AFDs attacks in 2020 before the window of counterfeit card opportunity closes. Those retailers who are delaying their EMV migration or are unable to migrate by the liability shift date will become giant bulls' eyes. Expected card fraud losses in 2020 for the industry are not inconsequential—one industry association has estimated losses of $451 millionOff-site link. I should also note that the costs faced by the industry to migrate to EMV are also significant, at an estimated $3.9 billion.

After witnessing the successful rush by the industry to implement EMV chip at the POS and ATM, I am confident that the AFD EMV chip implementation ahead of the October liability shift will be a success, but all involved will definitely experience challenges. My confidence stems from the positive momentum I have seen from everyone involved in the payments industry working together for the common good to mitigate card fraud. With counterfeit card fraud losses through June 2019 down by over 60 percentOff-site link since September 2015, I look forward to seeing even more decreases in counterfeit card fraud following this year's AFD liability shift.

January 27, 2020

Mobile Banking Nearing Ubiquity

In June 2019, eight Federal Reserve districts,1 led by the Federal Reserve Bank of Boston's Payment Strategies Group, surveyed financial institutions (FI) based in their respective districts about their current and planned mobile banking and mobile payment service offerings. The survey defined mobile banking as the use of a mobile phone to connect to a financial institution to access bank or credit account information (including to view balances), transfer funds between accounts, pay bills, set up account alerts, locate ATMs, deposit checks, and more. The term mobile payments described the use of a mobile phone to pay at the point of sale, remotely for a retail item (or items) using near field communication or a quick response code, or via mobile app or web for digital content, goods, or services (such as transit, parking, or ticketing).

You can find the full 2019 Mobile Financial Services Survey report, including the survey questionnaire, on the Boston Fed websiteOff-site link. This collaborative survey effort previously took place in 2014Off-site link and 2016Off-site link.

The survey found that 96 percent of the respondents currently offered or planned to offer mobile banking services. (As expected, most of the respondents who indicated they had no plans to offer mobile banking—18 of the 23—were the smallest FIs [those with assets under $50 million]). Support for mobile payment services had increased significantly since the 2016 survey, going from 24 percent to 43 percent in 2019, with an additional 26 percent planning to support mobile payments within two years.

Especially interesting to me were the responses to a new survey question regarding FIs' plans to issue contactless payment cards. Many of the largest FIs began issuing contactless cards in 2019. The survey found that while only 5 percent of respondents were issuing contactless cards, 21 percent plan to do so within two years and an additional 18 percent plan to issue them in the next two to five years. As the chart shows, although nearly two-thirds of the smallest FIs indicated no plans to offer a contactless card, a relatively high percentage (43%) of the larger FIs also indicated no plans to do so. I am curious to see how these plan responses change, if any, in future surveys.

Chart 01 of 02: Contactless card issuance by asset size

A total of 504 financial institutions responded—337 banks and 167 credit unions (CUs)—which represented 6 percent of all banks and 3 percent of all CUs in the United States. It is important to note that none of the top 100 banks by asset size and only four of the top 100 CUs by asset size are included in the survey. Almost half of the responding CUs have assets under $100 million. The distribution of survey respondents (displayed in the chart below) helps us better understand the development of mobile financial services in the mid- and small-sized FIs.

Chart 02 of 02: Distribution of respondents by asset size

The Boston Fed's Payment Strategies Group will present a webinar on the full survey report later this year. We will be sure to keep Take On Payments readers apprised of those plans. In the meantime, if you have any questions regarding the survey or the results, please be sure to contact me.

1Atlanta, Boston, Cleveland, Kansas City, Minneapolis, Philadelphia, Richmond, and San Francisco