Portals and Rails, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Portals and Rails and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
March 10, 2014
Who Is Responsible for Consumer Security Education?
A theme that consistently appears in our Portals and Rails blogs is the continual need for consumer education when it comes to protecting account access credentials. Financial institutions have generally taken this responsibility seriously, running frequent verbal and print campaigns reminding customers to safeguard their payment cards, monitor account activity frequently, and adopt strong password and PIN access practices.
But as payment channels and access devices expand outside the bank-controlled environment, who then becomes responsible for customer education? The representatives of mobile phone carriers and handset manufacturers, for example, are often in sales mode. The last thing they want to do is scare off a potential sale by identifying the potential for fraud with their product or service.
When I recently went to purchase a new mobile phone that was equipped with a number of strong security safeguard options, the sales representative was more interested in selling me high-margin accessories than telling me how to safeguard the phone and its contents. While I understand the motivation of the sales representative, especially if he works under a sales incentive compensation plan, wouldn’t it easy for the carrier or phone manufacturer to provide a brochure promoting safe practices?
Unfortunately for the financial institutions, the stakes are high. For them, the financial impact of fraudulent activity on a customer's account is often a one-two punch. First, various regulations and rules are in place to protect consumers from liability, so the financial institutions generally write off the fraud loss. Second, and perhaps more painful, victims of fraud often move their accounts even though their financial institution is not at fault. The challenge of consumer education by the bankers is becoming more and more difficult as the opportunity for direct contact with the customer lessens with every new payment transaction product or service.
As we've seen before, in the aftermath of recent card transaction and customer data breaches, the negative reputational and financial impact from fraud is felt not just by financial institutions but also by the retailer or company that was breached. Will such events cause these other stakeholders to take a more proactive role and join financial institutions in educating their customers?
Portals and Rails is interested in hearing from you as to how the payments industry might best address customer awareness and education regarding security.
By David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Who Is Responsible for Consumer Security Education?:
- What’s Unsettled in Faster Payments?
- Consumer Prepaid Protections May Be Catching Up with Prepaid Use
- Virtual Currency Environment Still Fluid after Latest Rulings
- ISO 20022 in the United States: What, When, Why, and How?
- Let's Talk Tokens, Part III: What Problem Does Tokenization Solve?
- Mobile Biometrics: Ready or Not, Here They Come
- Starting Off on the Right Note with Mobile Enrollment
- Let's Talk Token, Part II: Distinguishing Attributes
- New ACH Return Rate Threshold on the Horizon
- Let’s Talk Token: Authenticating Payments
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud