Portals and Rails, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Portals and Rails and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
January 03, 2011
Demand deposit accounts: Balancing convenience and risk
Today's demand deposit accounts (DDA) have multiple access points–online, mobile, and ATM–affording consumers a great deal of convenience. At the same time, though, they provide that many more ways for criminals to carry out fraud schemes, as hacking tools (PIN phishing and skimming) become more sophisticated and fraudsters more bold with their attempts to fleece DDAs. According to a white paper by Fiserv, banks are becoming increasingly concerned about DDA fraud. The paper mentions a survey by McKinsey & Co., which revealed that an estimated $5 billion to $7 billion in annual losses can be attributed to DDA fraud, a figure expected to grow at a annual rate of 7 percent.
DDA fraud can take many forms. When it occurs with debit cards, a fraudster can steal or skim the physical card, or use a phishing scheme to steal a PIN, then use that information to deplete the account. When fraud occurs with checks, a perpetrator can empty the DDA by forging check endorsements or drawer signatures, counterfeiting or altering checks, or carrying out check kiting schemes. According to the Fiserv paper, there is also cross-channel fraud, which occurs with accounts that have more than one access point. This type of DDA fraud is increasing most likely because of the introduction of new channels like mobile and account-to-account transfers.
Declining check use but rising check fraud
Interestingly, even as check use declines, losses from check fraud and attempts at such fraud rise. The decline in check usage was recently captured by the Federal Reserve's 2010 Payments Study, which showed that "in 2009 more than 75 percent of all U.S. noncash payments were made electronically, a 9.3 percent annual increase since the Federal Reserve’s last study in 2007."
According to a recent speech by an official from the Financial Crimes Enforcement Network (FinCEN), reports of scams involving checks increased 19 percent in the first six months of 2009, and 27 percent of all Suspicious Activity Reports (SAR) filed in 2009 were for fraud-related activities. Check fraud was one of only two categories—the other was money laundering—that had an increase in SARs between 1996 and 2009.
Another study that touched on the prevalence of check fraud is the 2009 Deposit Account Fraud Survey Report of the American Bankers Association, which estimated that check-related losses amounted to $1.024 billion in 2008, up from $969 million in 2006. Of the banks surveyed, 80 percent indicated that they had reported check fraud losses in 2008, the same percentage as in 2006.
Rising debit card use, rising fraud
Debit card fraud is usually carried out through point-of-sale signature, PIN, and ATM transactions. As debit card usage escalates, so does debit card fraud.
According to the Fed's 2010 Payments Study, debit card usage exceeds all other forms of noncash payments. In fact, the annual use of debit cards increased by over 12.8 billion payments, the largest increase by any payment type during the survey period, reaching 37.9 billion payments in 2009.
According to the ABA survey, commercial losses from debit card fraud reached an estimated $788 million in 2008. Approximately 92 percent of survey participants reported experiencing debit card fraud, not surprising given the prevalence of debit cards.
Addressing DDA fraud
With consumers more and more often using debit cards and other noncash payments at the point of sale, and with the continued growth of more sophisticated hacking schemes, early detection and mitigation are more critical than ever to resolving payments fraud. The management of DDA fraud risk will have to change in response to the creation of new access points to demand deposit accounts.
Notwithstanding the technological advances in software that help financial institutions prevent and detect DDA fraud, the self-vigilance of consumers can add significant value. As we move further away from paper-form and more towards all-electronic-forms of payments, ultimately, detecting and deterring demand deposit account fraud will continue to be a combined effort between the consumer and its financial institution.
By Ana Cavazos-Wright, senior payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Demand deposit accounts: Balancing convenience and risk:
- Under Pressure: The Fate of the Independent ATM Operators
- What’s Unsettled in Faster Payments?
- Consumer Prepaid Protections May Be Catching Up with Prepaid Use
- Virtual Currency Environment Still Fluid after Latest Rulings
- ISO 20022 in the United States: What, When, Why, and How?
- Let's Talk Tokens, Part III: What Problem Does Tokenization Solve?
- Mobile Biometrics: Ready or Not, Here They Come
- Starting Off on the Right Note with Mobile Enrollment
- Let's Talk Token, Part II: Distinguishing Attributes
- New ACH Return Rate Threshold on the Horizon
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud