Take On Payments

About


Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

March 02, 2015


Security at the ATM: We Have Some Educating to Do

ATM Marketplace recently published its 2015 triennial research report, which includes results of a poll of U.S. consumers on various issues related to ATMs. The online poll was conducted with a panel of 550+ individuals creating a representative sample of the adult (aged 18–65 years) population. Certain findings from the report stand out, in particular those related to consumers' expectations of various aspects of ATM transaction risk.

One question probed how concerned the respondent was about a skimming or camera device capturing their card information and PIN when they use the ATM. Thirty-eight percent indicated they were very concerned, but the remaining 61 percent indicated they were not that concerned or weren't even aware of what a skimming device is. The pie chart below breaks down each response.

01

Does the lack of concern come from a lack of education, or is it because the respondent knows the financial institution will have to bear the financial liability?

One of the final questions in the poll was whether the respondent felt an EMV card would make an ATM transaction more secure. As the chart below shows, more than half of the respondents believed there would be at least some level of improved security.

02

Of great concern to me is the 15 percent who indicated they don't know what an EMV card is. Of the two groups who mostly reported this lack of knowledge, one was the youngest (18–24) group, which surprised me. These younger people are supposed to be more tech-savvy than the rest of us. But of even greater surprise was that almost one-third (31 percent) of the most affluent group (those with a household income more than $150,000) responded they don't know what an EMV card is.

Clearly, the financial industry has a lot of educating to do as credit and debit card issuers ramp up their EMV card issuance in advance of the point-of-sale liability shift on October 1, 2015. While the ATM liability shift for domestic MasterCards won't be until October 2016 and Visa cards, a year later, it's never too early to begin or continue educational initiatives.

Photo of David LottBy David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

March 2, 2015 in ATM fraud, chip-and-pin, EMV | Permalink | Comments (0) | TrackBack (0)

February 23, 2015


Payments Stakeholders: Can't We All Just Work Together?

Coming together is a beginning; keeping together is progress; working together is success.
 – Henry Ford

In my physics classes at Georgia Tech, I found the principles around forces, momentum, and energy sometimes difficult to comprehend and distinguish. But I readily grasped a simplified version. I understood that if people apply their combined energy in the same direction, they can move the object of their attention to a designated spot faster and easier than if any of them tried it alone. And if they directly oppose one another or exert their efforts in different directions, the movement of the object is slow, its route is haphazard, and it may never reach its intended destination.

This last situation sometimes occurs with different groups of payments stakeholders—most notably, but not exclusively—the national card brands, along with their financial institution clients, and the merchant communities. Amidst all the charges and countercharges between the groups, it sometimes appears that these stakeholders are pushing in different directions—so the industry seems to be making little progress toward adopting payments standards and practices or fraud prevention solutions, for example.

An important payments risk issue affecting multiple stakeholders is card-not-present (CNP) fraud, which is expected to increase significantly after the United States migrates to EMV chip cards. We learned this from the experiences of other countries that have completed their migration. What happens is that EMV cards essentially close the door on the criminals' ability to create counterfeit EMV cards, so they shift focus to CNP opportunities.

Merchants contend that EMV card migration primarily benefits the card issuers since, for counterfeit-card-present (CCP) fraud, the issuer normally takes the loss—and EMV makes CCP fraud much less likely. Another way merchants may view EMV as being more issuer-friendly is that they must bear card-present fraud loss if they don't upgrade their terminals—at their expense—once the October 2015 liability shift goes into effect. So not only do they face increasing liability for card-present transactions, they will continue to be held responsible for the expected increase in CNP fraud losses.

The card brands and financial institutions counter the merchants' position on a number of fronts. For example, they point to the massive payment card data breaches that took place in 2014 at national merchants, saying these events eroded consumers' confidence in payment cards. Migrating to EMV cards and eventually replacing the magnetic stripe will provide clear improvements to payment card security, which will in turn increase consumer confidence in the safety of using cards. And that will benefit all stakeholders in this payment system. In addition, card brands and financial institutions are taking steps to help mitigate CNP fraud: they have invested heavily in several products and are collaborating with third-party providers to develop better customer authentication solutions to ultimately reduce the risk of CNP transactions for all stakeholders.

Disagreements among stakeholders will always exist, especially on elements that have a major financial impact on their businesses. However, there must be a diligent and ongoing effort by all parties, working together and with the same goal, to find areas of common ground that will result in a more secure payments environment.

Photo of David LottBy David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed


February 23, 2015 in cards, chip-and-pin, EMV, payments | Permalink | Comments (0) | TrackBack (0)

February 17, 2015


Introducing Take On Payments

Maybe you've already noticed it—it's at the top of this web page—but we've got a new name: Take On Payments, or TOP, for short. It's a change we made after a great deal of thought, internal discussion, and input from others. In our many presentations over the last year to payments-related groups consisting of financial institutions, merchants, processors, technology vendors, consumers, and regulators, we always promoted our blog. We put a great deal of effort into every post, and view the blog as an important channel to communicate to the payments industry on timely, risk-related payment topics in what we hope is an educational and thought-provoking way.

However, we were frequently asked about the significance of the name Portals and Rails. The majority of people get the "rails" part since that term is often used to refer to the payments infrastructure—such as in the phrase "riding the check rails." The "portals" part is more of a mystery. People aren't sure if we intend to use it with its generally accepted meaning—that is, an entranceway—or as a reference to a website, which provides information and links to other sites.

So we undertook an evaluation of alternative names that would more clearly identify the purpose for our posts, and we eventually chose Take On Payments. Yes, it's a bit of a play on the words as you can use "take" in a couple of different ways. First, you can think of it as a noun, as in the word "viewpoint." That was our primary thrust since we work hard to provide our perspective on the various payments issues and their risk-related factors. Second, you can also think of "take" as a verb, as in "assume possession of," since we are charged with the responsibility of engaging the entire payments community about payments risk issues. Finally, we like the acronym TOP—we hope Take On Payments will be at the top of your reading list.

In the end, a name is just a name, and we understand that the content of the blog is what is really important to our readers. While the Portals and Rails name has left the station for a final time, our commitment to providing the payments industry with timely and informative content to encourage thought-provoking dialogue about payments risk remains unchanged. As always, we encourage your feedback and hope you will encourage your colleagues to subscribe as well.

Photo of David LottBy David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

February 17, 2015 in payments risk | Permalink | Comments (0) | TrackBack (0)

February 02, 2015


Does More Security Mean More Friction in Payments?

In a 2014 post, we discussed the issue of consumers' security practices in light of the regulatory liability protection provided to consumers, especially related to electronic transactions. Recognizing that poor security practices will continue, financial institutions, merchants, and solution vendors continue to implement additional security and fraud deterrence tools in the payment flow. Sometimes those tools can add complexity to a financial transaction.

One of the critical elements in a consumer's experience when performing a financial transaction is the concept of friction. In the payments environment, friction can be measured by the number and degree of barriers that impede a smooth and successful transaction flow. Potential causes of friction in a payment transaction include lack of acceptance, slow speed, inaccuracy, high cost, numerous steps, and lack of reliability. We usually think that to decrease friction is to increase convenience.

As the level of friction increases, consumers become more likely to rethink their purchase and payment decisions—an action that merchants and financial institutions alike dread because an abandoned payment transaction represents lost revenue. Individual consumers have their preferred payment methods, and their perspective of the convenience associated with a particular method is a key factor in their choice. For this reason, the payment industry stakeholders have been working diligently to reduce the level of friction in the various forms of payments. Technology provides a number of advantages, potentially reducing the overall friction of payments by providing consumers with a variety of payment form factors. For example, smartphones can support integrated payment applications allowing the consumer to easily call up their payment credentials and execute a payment transaction at a merchant's terminal. With abandonment rates as high as 68 percent, online merchants, working diligently to reduce friction, are streamlining their checkout process by reducing the number of screens to navigate.

Clearly cognizant of the friction issue, the industry has focused much of its efforts on operating fraud risk tools in the background, so that customers remain unaware of them. Other tools are more overt—biometrics on mobile phones, hardware tokens for PCs, and transaction alerts. But some security improvements the industry has undertaken have resulted in more friction, including the EMV card. A consumer must now leave the EMV card in the terminal for the duration of the transaction when previously all the consumer had to do was simply swipe the card. It will be interesting to see if and how consumers adjust their payment habits should they view the EMV card technology as high in friction. Will this motivate consumers to move away from card-based payments? Time will tell, and we will closely follow this issue.

Photo of David LottBy David Lott, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed


February 2, 2015 in biometrics, chip-and-pin, EMV, innovation, payments | Permalink | Comments (1) | TrackBack (0)

Google Search



Recent Posts


March 2015


Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31        

Archives


Categories


Powered by TypePad