Payments Innovation and Risk

August 2009

Moderator: Welcome to the Federal Reserve Bank of Atlanta's Payments Spotlight podcast. Today we're joined by Woody Tyner, payment strategist at BB&T Corporation in North Carolina. Woody also serves on the advisory group for the Atlanta Fed's Retail Payments Risk Forum. He will be speaking about payments innovation and risk. Woody, thank you for joining us.

Woody Tyner: Jennifer, thank you very much for this opportunity. I really do appreciate it.

Moderator: Well, Woody, why don't we start with you telling us about what your role as payment strategist at BB&T entails?

Tyner: My role at BB&T is a payment strategist. I've been doing this role for about 10 years, and to me I have, I think, the best job in the whole industry. My job is to help other lines of businesses at BB&T maximize the opportunities and minimize the risk associated with the change in the payments and the payment systems. And we really do believe there is still a lot of change going on in the payments industry, and we believe that that change is going to create some fantastic opportunities for our clients and for our employees and for BB&T. And my role, and the role of my team, is to help BB&T maximize those opportunities and minimize the risk.

We provide a number of services to all the payments-related lines of businesses at BB&T. We provide competitive intelligence, both by banks and nonbanks and their payments-related activities. We keep up with trends and statistics related to the payment behaviors of our clients. We facilitate a profit-and-loss statement for BB&T that's related to our payments revenues and expenses. We have a payment steering committee that's made up of six of the nine executive managers of BB&T. We facilitate those meetings on a quarterly basis, where the executive management team looks at our payment businesses; we identify new business opportunities for BB&T related to payments. We work very hard and very diligently with others at the Federal Reserve and other industry groups to look at the legislative and regulatory changes that are going on today related to payments in the industry. And then lastly, we work on payments infrastructure. We try to help increase cross-business synergies by sharing payment processes, infrastructure, investments, and business knowledge across all the payments-related lines of businesses at BB&T.

Moderator: So, what are the top two opportunities and challenges in identifying risks for a bank like BB&T, which has taken an enterprise approach to payments?

Tyner: Jennifer, as you know, every challenge is an opportunity, and we have two that we're working on at BB&T. One is just integrating risk management across all the various payments-related products and silos. I think we just did a survey here at BB&T a couple of months ago, and we had like 26 different fraud management systems, and obviously there's duplication. One of the things we're working on is trying to integrate risk management across the silos so that, if risk occurs in one product or one service, all the lines of businesses, or all the different silos, know about that incident, or that risk profile. And it obviously is integrating the systems.

Moderator: OK, that leads into my next question, which is, how does the payments industry on a broader scale strike an appropriate balance between payments innovation and risk management?

Tyner: Jennifer, banking is about managing risk, and everything we do, almost everything we do, has some form of risk in it. It could be monetary risk, it could be risk related to client confidence, it could be risk related to reputation. And it's all about risk, number one, knowing the risk, just understanding the risk. I think a lot of times we go into new ventures and we're so excited about the new venture, the new innovation, that risk may be the last thing we think about. So, first and foremost, you have to move risk higher up on the totem pole since you're thinking about risk in the excitement of working on a new innovation. And having people who can focus on risk and bring out the risk issues, and you need to think about how do you mitigate that risk. But at the end of the day it's a risk-versus-reward equation. There's going to be risks, and the question is, can we make enough reward off a new innovation to offset any risk that may occur. But the number-one thing is to move risk up as a consideration higher on the totem pole because as human beings, as we see new things and get excited about new things, anything that kind of that takes away from that, we have a tendency to want to put into the background.

Moderator: Well, Woody, you actually helped facilitate one of the early pilot projects for electronic check conversion at the point of sale. I wonder what future innovations do you foresee with check electronification?

Tyner: I'm not sure if there's any immediate new innovation related to check electronification—i.e., taking a check and putting it in some kind of electronic form—but I think there are some opportunities that we really do need to focus on. Obviously, the industry has not been able to figure out how to make business-to-business payments more electronic. There's still a lot of checks flowing between businesses, and how do we get the remittance information along with the check to update the corporate client's accounting systems? Also, I think with some of the new things that are going on related to remote deposit capture—a lot of merchants today have the scanners where they can scan the checks and convert them to either ACH, or they can scan the check and take the image and send it into the bank. [As] that type of technology moves on through the industry, moves across the various merchant categories, new opportunities are going to flow out of that. [There will be] new opportunities for the bank to reduce their expense, new opportunities for later deadlines of processing checks. And I think as our recognition of the images gets better, and you can look at who the payee is and start doing better categorization of who those checks are written to and just interrogating the image even more than we can today, I think that new opportunities are going to come from that point of view.

Moderator: Well, my next question also sort of speaks to your vast experience in payments. You've been in the payments industry for 25 years and held several leadership positions where you literally were on the cutting edge of evolving payments technology. What are some changes that you would have expected by now that have not happened in payments?

Tyner: You know, Jennifer, one thing being in the industry 25 years has taught me is that change doesn't occur as fast as I would like for it to. I think part of it is because in the United States there are so many banks. There are still like 8,000 banks. There are so many different parties that are in the chain of a payment, whether it's the consumer, the merchant, the bank, the processor, or the regulator, so it just takes a long time for change to occur. When I was younger I used to get really frustrated because I thought everybody ought to be excited like me, and change ought to occur real quick. But as I've grown up in this industry, I've just learned there are some parts and so many pieces and parts to the payment stream that everybody has to agree to to make changes, that it just takes a while.

The one thing I am disappointed about is, I feel like the banking industry has done a poor job of coming up with a payments roadmap for the United States or for the banking industry. The challenge is all those banks compete against each other, but at the same time we have to cooperate to make things happen in payments. When I explain to people what payments is about, I explain to them that, if you remember way back when, you can only go to your ATM to get cash, your bank's ATMs. A group of bankers got together in a room and said, "Let's make our ATMs work together," and they agreed upon message formats, settlement, and things like that. We need to do the same type of thing for the industry from a payment perspective. And we've had a number of industry groups that have tried to rally the industry around having a payments roadmap for the United States, and we're just not there yet. And, selfishly, from the banking industries standpoint, I'm seeing the competition, the Paypals, or the Googles, and the other nonbanks slowing pick off the most profitable pieces of the payments industry and quite honestly leaving us banks just with the DDA and settling those transactions. So, I'm most disappointed by what has not happened from an industry perspective of the banks getting together along with the nonbanks and the processors and putting together a roadmap to move payments more and more into the 21st, 22nd century.

Moderator: Well, as you mentioned, there are a wide range of payment options available with other innovations under way, and as you know, with innovation comes the potential for risk. I'm curious whether there are any payments risk issues at this time that cause you concern.

Tyner: There is one, Jennifer, that really causes me a lot of concern. As you know, there's a lot of brilliant individuals that are in the world that are trying to take money away from our clients. The proliferation of spam, proliferation of different scams that are out there, the phishing attacks, things like that in the online banking and Internet world. I mean, there's just a lot of smart people trying to take away money from people who have the money. And the thing that concerns me right now is, there have been breaches in the industry, data breaches—whether it's happened at credit card processors or has happened at merchants—and both of those have occurred in the last couple of years. Primarily it's been around debit card information and credit card information.

What I'm really concerned about is the checking account number and the routing transit number on the bottom of a check, and where that data's being stored and how easy it might be to get to that data and use it. There are merchant processors who are converting checks to ACH every day that's got millions of bytes of information that contain RT and account number in it. You've got various processors—for example, the processors that print checks—they've got name and account and address and driver's license number, and all kinds of information about clients. And my concern is that we haven't done the job we need to do to protect that data at all the different places it's at, like we've really focused on with debit card numbers and credit card numbers. It's really easy "to reissue" a debit card or credit card if somebody's debit card or credit card number is breached. If you came to me and said, you've just had 35,000 DDA accounts that have been breached, they have been taken over and the crooks are using that information to make purchases on the Internet by keying in the RT and account number, or they're calling telemarketers and giving them that information and purchasing merchandise like over QVC or something, they're opening up new DDAs and they're using the information, the RT and account number, from somebody else's DDA to fund their new DDA account. I mean, if I had to go replace 35,000 DDA accounts, it would be a monumental event. I mean, a monumental event for us, but think about the consumer. If the average person's got four or five drafts set up, and they've got direct deposit set up, and all of a sudden they're told, you've got to close that account, and you've got to contact all these people, you got to give them your new account numbers and all that, we've got to give you new checks, give you a new ATM card, and so forth and so on?I mean, besides just the confusion and problems for the clients, the banks, I don't think, are prepared to have to do that as fast as we can reissue credit cards and debit cards.

This is an issue I've been raising in the industry for the last couple of years, and I think, for whatever reasons—maybe it's because of the significance of the breaches we've had recently in the credit card and debit card area—it seems to be getting some attention. And we're starting to look at, along with the Federal Reserve and others, these places where there's a massive amount of data, RT, and account numbers that could be breached and that information could be used. And I hope it's not too late for us to focus on this. My concern is, there's so much of that data out there, and it's so prevalent that a time's going to come when we're going to be looking at our clients and having to say we're going to have to reissue your whole DDA account, which would be a bad day for the client and a bad day for us.

Moderator: Thanks, Woody.

Tyner: Jennifer, thank you very much. I would like to also mention that the views and opinions that I expressed today are mine alone and do not constitute an official position taken by BB&T.

Moderator: Again, we've been speaking today with Woody Tyner, payments strategist at BB&T Corporation in North Carolina. This concludes our Payments Spotlight podcast on payments innovation and risk. On our Web site,, you can read more about the Retail Payments Risk Forum. Thanks for listening, and please return for more podcasts. If you have comments, please send us an e-mail at