January 22, 2013
Parallel Paths or Course to Collision? Technology's Effects in the Payments Industry
I don't believe anyone would challenge the statement that the pace of technological change is faster than ever and is likely to increase its velocity going forward. I remember a conversation with my grandfather in the mid-1970s about the biggest changes he'd experienced in his lifetime, which spanned the first two-thirds of the 20th century. Those changes centered on the automobile and airplane (his lifelong vocation was a railroad machinist/mechanic), electricity for the masses, medicine, and radio and television. Today, we can look back just 10 years and see the exponential level of changes in technology that have impacted our everyday lives in these same areas—transportation, energy, medical care, and communications.
Many of these technological changes have affected the banking world, sometimes in ways that create conflicts among various service channels. Recent changes in the way that U.S. banking customers deposit funds, for example, have the potential to create such conflict across channels.
The all-time teller gets a new face
Since the widespread introduction of the full-service ATM in the United States in the early 1970s, this automated delivery channel has seen little change in functionality. Sure, there have been major technology changes that have improved the channel but not fundamentally changed it. Such improvements include the migration from offline to online transaction authorizations, the ATM's ability to dispense multiple denominations of currency instead of a fixed amount, improved display graphics and component reliability, and the sharing of ATMs through the emergence of regional, national, and international interchange networks. Past efforts in the U.S. to add additional functions and migrate the ATM more to a self-service kiosk have not met with great success. There appears to be another attempt to introducing such functions as remittances, bill payment, money orders, postage stamps and ticketing as ATM volume stagnates.
Deposits made through ATMs seldom represent more than 10 percent of total banking transaction volume, and are more often in the 5–8 percent range. Research has consistently shown that consumers are apprehensive about placing checks and currency in ATMs since ATMs do not verify the deposit envelope contents, as tellers do. Truth be told, banks generally didn't actively promote deposits through ATMs for economic reasons. Because deposit envelopes can be deposited empty, most banks required them to be processed under dual control. As a result, until relatively recently, the cost of handling a single ATM deposit was about $1.50 to $2.
A big breakthrough in ATM deposits was seen in 2006–07, when several of the largest U.S. banks began testing ATMs that could accept envelope-free deposits of checks and currency. This method offered consumers images of their checks or detailed listings of the deposited currency before the transaction was final. Because consumers had this opportunity to verify their deposits, they had a much higher level of comfort. Additionally, consumers could now make their deposits much later in the day and still have them included in that day's processing. These banks soon began widespread implementation of such functionality in a vast majority of their locations, and other top-tier banks followed suit. The reassurance of the deposit verification and the increased convenience has led to a sharp increase in deposit transactions through the ATMs equipped with this feature. Furthermore, studies show that the cost of a deposit transaction dropped below 50 cents.
It appeared like a win-win-win outcome. ATM channel managers and manufacturers both were pleased with the new functionality. And bank customers were obviously pleased, as evidenced by the increased deposit transaction volume through the ATM.
Meanwhile, in a parallel universe...
At the same time that ATMs were getting new functionality, the remote deposit capture product was being developed. This product was first offered to commercial bank customers that received moderate volumes of checks. Company employees scanned the checks on dedicated equipment and then transmitted the captured images to the bank. This product was made possible under the provisions of Check 21. Then the banks expanded the service to include low-volume check businesses using generic scanners that the business likely already possessed. And most recently, a number of banks have begun offering remote deposit capture to both consumer and commercial customers as part of their mobile banking service with the camera feature on a smartphone.
In our ever-changing technology environment, the role of product and channel management has never been more difficult. Products that are technology-dependent can have an extremely short lifecycle and face competition from other sources. Will the proliferation of the remote deposit mobile application dampen the demand for envelope-free deposit accepting ATMs, especially at the smaller banks? Will these technologies collide, or will they continue to move down parallel paths? How will this technology and others come to impact the future of the ATM? We would like to hear your perspective.
By David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
January 22, 2013 in emerging payments, innovation, mobile banking | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c017c36231934970b
Listed below are links to blogs that reference Parallel Paths or Course to Collision? Technology's Effects in the Payments Industry:
Comments
Posted by:
Pari |
January 29, 2013 at 09:33 AM
November 26, 2012
Highlights from a Conference on Technology and Payments
The retail payments landscape is rapidly evolving as technological advances promote new electronic payment methods. On October 15–16, the Risk Forum convened at the Atlanta Fed a diverse gathering of stakeholders in the payments industry. Industry representatives were from telecommunication firms, airlines, standards bodies, payments processors, and coffee house retailers, as well as the more traditional players.
Federal Reserve Bank of Atlanta President and CEO Dennis Lockhart kicked off the event. His opening remarks focused on the Federal Reserve System's role as a central bank in the country's retail payment system, both as a payments operator and as the country's guardian of financial stability. In the latter role, the Fed aims to preserve the integrity of both the retail and wholesale payments systems. Lockhart stressed that although this role has national strategy overtones, it is not intended to stifle innovation and competition but rather to support a market-oriented approach to payment developments. By noting the vulnerabilities that the fast pace of change and innovation in the industry create, Lockhart set the stage for the day's session, the highlights of which we are sharing here. You can find the complete presentation materials on the Atlanta Fed website.
Technology developments in card-based payments
Legacy plastic cards are likely to remain important for some time. Nevertheless, significant changes are under way. These technological changes were the focus of this panel. The U.S. payments industry is struggling to collectively shift from magnetic stripe-enabled card payments to a more secure and interoperable environment. Panelists discussed the challenges posed by the planned U.S. migration to chip-enabled cards and to the EMV standards already adopted in most of the globe's major developed countries. They discussed the potential shift in fraud to card-not-present payments in the shift from mag-stripe cards. Panelists said that fraud mitigation in the future U.S. EMV environment will require additional data analysis tools, including the use of better encryption methods and tokenization. They also touched on the benefits of PIN versus signature authentication.
The evolution of technology standards in retail payments
Technology standards provide the cohesion to ensure the critical mass needed for successful payment network adoption. At the same time, the myriad of new market solutions, patent issues, and even standards bodies themselves challenges industry cooperation and consensus building, slowing the standards development process. Panelists discussed the activities of various standards bodies that touch retail payments today. They also talked about how they are working to galvanize industry stakeholders to agree and employ standards that foster security and interoperability.
Mobile payment developments at the point of sale
This panel of experts reviewed technological developments in the mobile channel for payments at the merchant's point of sale (POS), including the rollout of several mobile wallet initiatives. Panelists discussed the challenges associated with the highly dynamic nature of the technologies. They noted that new complex business models are resulting in many different types of payment solutions, creating a confusing ecosystem for mobile proximity payments.
Panelists noted that the many new, thought-provoking products out in the market place today create many unknowns, not only with respect to security, but also future viability. They agreed that it is hard to predict which solutions have true scalability. An interesting discussion took place on the success of new payments such as Square, which changed the proverbial game by expanding the population of merchants that can accept card payments and by repurposing the mobile handset into a payment acceptance device. The panel also discussed how Starbucks unwittingly assumed the role of a payments pioneer when they moved to the mobile channel. Their original aim was not to adopt a new payments method but rather to increase customer loyalty and convenience.
The merits and challenges with the upcoming EMV migration were also top of mind for the panel.
Technology trends in mobile payment transfers
U.S. mobile payment developments have generally centered on payments at the POS. However, remote mobile payments, or person-to-person mobile transfers, are also taking form as a business model. Panelists discussed how nonbank players are entering the money transmission space hoping to leverage new mobile technologies. They explored the current environment for domestic and cross-border mobile transfer payment activity, analyzing the changing roles of payment service providers and the subsequent regulatory and policymaking considerations.
Panelists noted that we are seeing a huge paradigm shift in mobile money, with prepaid airtime credits looking more and more like currency in developing countries. Some countries permit payment service providers to provide airtime cash-out; Kenya's M Pesa is one of these providers. The lack of system interoperability across borders and liquidity management considerations are barriers to a global, scalable airtime transfer system. Panelists also noted, however, that airtime transfers are increasingly becoming a natural complement to traditional remittances.
In addition, traditional remittance providers are partnering with telecom firms to deliver services in emerging markets. These providers also work with banks in more developed countries, like the United States, to use the mobile channel in more efficient ways.
Technology threats and mitigants in electronic payment systems
Whether through scams such as “Obama Will Pay Your Bills” or corporate account takeovers, criminals are increasingly using electronic payments networks to perpetrate fraud. Panelists stressed that industry stakeholders must themselves become more sophisticated in order to develop solutions to better detect and mitigate these risks. Future fraud detection will require more sophisticated approaches to address growing vulnerabilities in web applications. Panelists also stressed that financial institutions must validate transactions to enforce rules and limits and to manage fraud.
Conclusion
The Risk Forum uses events such as this to encourage dialogue and share critical business intelligence among participants. We can then use information that comes out of such discussions to inform our work with the payments industry as we collectively work on better solutions to detect and mitigate risk. Expect to see more discussion in future posts. As always, we value your responses.
By Cynthia Merritt, assistant director of the Retail Payments Risk Forum
November 26, 2012 in chip-and-pin, collaboration, cybercrime, emerging payments, innovation | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c017c33fde72b970b
Listed below are links to blogs that reference Highlights from a Conference on Technology and Payments:
Comments
July 30, 2012
Even an Outsourced Cloud Can Have a Silver Lining: Shedding Light on Cloud Payments Risk Management
Outsourcing is not new in financial services. Banks continue to improve their operational efficiency—and even lower their risk exposures—by engaging third-party service providers to perform specific functions they used to manage internally. Now, technological advances are enabling financial institutions and other payment providers to shift certain data management functions to the cloud, an outsourcing practice we discussed in an earlier Portals and Rails post. Cloud outsourcing provides operational cost savings to the end user community, but these new services introduce new risks in payment systems.
On July 10, 2012, the Federal Financial Institutions Examination Council (FFIEC) published a statement on cloud computing to supplement its Outsourcing Technology Services booklet. The aim of the statement is to help financial institutions better understand the fundamental risks associated with these new services and the need for robust vendor management.
Cloud computing basics
The term "cloud computing" in its most basic sense describes a service that stores and processes data on a remote network. Cloud service providers are entrusted with ensuring the security of end user data within that remote network.
A notable feature of cloud computing is its deployment model. Risk profiles may differ, making some models more appropriate for some services than others. Some models may include private clouds operated for a single organization, community clouds that are shared by several organizations, or combinations of the two for hybrid business models.
According to a recent paper authored by Dan Schutzer, chief technology officer of BITS, small devices like mobile handsets have limited storage while communications networks are becoming faster and more efficient. These factors have led to more businesses offering services that allow data to reside in remote servers, or in "the cloud." He cites public cloud examples like Flikr, which allows consumers to store photos in the cloud, and Google Docs, which allows consumers to manage documents remotely.
Risk management in cloud computing
Arguably, the data in these examples may not be as sensitive as that managed by financial institutions and others involved in payment processing. The FFIEC statement notes that as financial institutions consider a cloud computing model in their outsourcing strategies, risk management and third-party oversight to protect sensitive personal consumer data become increasingly important.
The FFIEC statement maps the key elements of risk management articulated in the existing interagency guidance. It starts with due diligence, noting that financial institutions are responsible for ensuring that third-party activity is conducted according to applicable law and regulation, just as if they bank retained those functions in-house. It also discusses the key elements to consider in ongoing vendor management and business continuity planning.
The vendor management challenge
A major takeaway for financial institutions and other payment providers is in the part of the FFIEC statement that discusses "legal, regulatory, and reputational considerations":
The nature of cloud computing may increase the complexity of compliance with applicable laws and regulations because customer data may be stored or processed overseas. A financial institution’s ability to assess compliance may be more complex and difficult in an environment where the cloud computing service provider processes and stores data overseas or comingles the financial institution’s data with data from other customers that operate under diverse legal and regulatory jurisdictions.
While the risk management fundamentals for cloud computing remain the same, the increasing complexity of the operating environment will challenge the effectiveness of vendor management programs going forward. As outsourcing relationships expand geographically, the expertise required to oversee those activities will increase as well. Furthermore, third-party service providers may have outsourced relationships themselves, requiring inclusion of those downstream oversight processes in the financial institution’s vendor management program.
The FFIEC guidance provides a good description of these risks and challenges to consider in selecting and managing a cloud computing strategy, but also notes that "cloud computing may not be appropriate for all financial institutions."
By Cynthia Merritt, assistant director of the Retail Payments Risk Forum
July 30, 2012 in emerging payments, innovation | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c017743c6d32b970d
Listed below are links to blogs that reference Even an Outsourced Cloud Can Have a Silver Lining: Shedding Light on Cloud Payments Risk Management:
Comments
July 09, 2012
Can clouds and contactless chips coexist?
Mobile wallets have started to make their way into the market this year. Inevitably, industry stakeholders are joining opposing camps on the technology that these wallets use to keep payment information and other personal data safe and secure: contactless chips or cloud-based technology. The chips are embedded in a mobile handset that communicates with a terminal via near field communication (NFC), while the cloud-based technology involves an application downloaded to the mobile handset.
If the critical mass necessary for the successful adoption of a payment system relies on acceptance interoperability and technical standardization, can these two solutions coexist in a future mobile payments system? Or will technology debates threaten near-term interoperability and consumer adoption?
Coexistence
The first generation of mobile wallet trials such as Isis and Google are using contactless NFC technology. This is not surprising as early discussions found consensus on the need to move as an industry to NFC for mobile payments. In fact, as my coauthors and I noted in our 2011 paper, "Mobile Payments in the United States: Mapping out the Road Ahead," one of the key tenets agreed upon at the time by industry stakeholders for a safe and secure mobile payments system was the use of contactless NFC technology.
However, since that time, new mobile providers have been rolling out wallets that do not use NFC. Instead, they rely on store payment credentials in remotely based servers, more commonly referred to as the "cloud." The PayPal wallet, for example, leverages consumers' existing PayPal accounts where payment credentials are stored.
Benefits and challenges
Numerous complex variables are at play in the debate on NFC versus the cloud. A recently published TSYS whitepaper authored by Scot Yarbrough and Simon Taylor, "The Future of Payments: Is it in the Cloud or NFC?," provides a comprehensive explanation of the benefits and the challenges that opposing business models face.
The authors summarize the case for NFC by noting that it is backed by the major card networks and offers the capability to store and send information other than payment, such as contacts and videos. The case for payments in the cloud has a supply-side incentive in that the infrastructure costs are much lower for the merchants at the point of sale.
Both systems face challenges, of course, as evidenced by the current low adoption levels for any particular wallet. The TSYS authors note that cloud technology payments may offer so many different choices, "how many ways to pay will the consumer want to learn and adopt, especially when he or she can simply reach into their pocket, pull out their credit or debit card and pay?"
They also note that NFC is also not without flaws. Building consumer experience will require compelling value propositions to encourage new payment behaviors. Further, the complexity of the ecosystem to manage the payment credentials in the chip inside the mobile device among various players in the business model creates economic challenges as well.
Conclusion
In the near term, cloud-based solutions will likely disrupt the payments landscape as merchants look to manage their share of the infrastructure investment for new payments. As wallet providers identify efficiencies and optimal security propositions for data residence and transit, it is possible that hybrid business models will emerge. Finally, the TSYS authors aptly note that future game changers will likely alter the current argument completely. Will merchant investment costs matter in a future where the mobile handset is also the merchant's acceptance terminal?
By Cynthia Merritt, assistant director of the Retail Payments Risk Forum
July 9, 2012 in contactless, emerging payments, innovation | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c0177432b8bd4970d
Listed below are links to blogs that reference Can clouds and contactless chips coexist?:
Comments
June 18, 2012
MintChip: Sounds like ice cream, but it's actually money
A common topic of conversation in payments for many years has been the notion of a cashless society. Although it is hard to imagine a truly cashless society, it is easy to envision what Ron Shevlin, an analyst with the Aite Group, recently referred to as a "less-cash society." Established alternatives to cash, such as credit, debit, and prepaid cards, have been steadily replacing cash payments for years. However, there still remain individuals who prefer cash to other payment means for a variety of reasons, including the anonymity cash provides.
As an alternative to cash payments, new digital currencies have been conceived. While these digital currencies allow for anonymity like cash, they have traditionally not been backed by an asset or a central back. At least up until now. In April, the Royal Canadian Mint (The Mint) announced the development of MintChip, a digital currency backed by the Canadian dollar. The Mint is currently accepting MintChip payment applications from software developers.
Prior to the MintChip announcement, The Mint made headlines as the Canadian government announced in March the elimination of the penny. The Mint produced its last penny on May 4 with the goal of removing the penny from circulation by the fall of this year. So within several months, the Canadian Mint quits producing the penny while developing a new digital currency.
I believe that The Mint is sensing a true opportunity with MintChip in light of a threat to its traditional business as the world moves to a less-cash society. Faced with the threat of a loss of production in coins, the Mint is attempting to capitalize on the demand for a digital currency to make micropayments for goods and services in both the online and physical world. And while MintChip might not provide as much anonymity as other digital currencies, such as BitCoin and Liberty Reserve (which we looked at in an October 2011 post), its backing by the Canadian dollar might make it a more viable alternative to cash and coins.
It will be interesting to watch the developments of MintChip over the next several months as The Mint will select the best applications submitted by outside developers. Should MintChip gain traction in Canada, it is feasible that The Mint will port this concept to other countries where it currently manages the production of coins. (Over time, Canada has made coins for almost two dozen countries, including the Bahamas, Bermuda, Cayman Islands, Iran, and Venezuela.)
The global opportunity in the digital currency space is enormous: there were six billion mobile subscriptions across the globe at the end of 2011, according to the International Telecommunication Union. If MintChip proves to be successful, would the United States Mint attempt to follow suit? And what, if any, would be the regulatory challenges and implications of a digital currency produced by the United States Mint and backed by the U.S. dollar?
By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
June 18, 2012 in emerging payments, payments | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c016767a69aee970b
Listed below are links to blogs that reference MintChip: Sounds like ice cream, but it's actually money:
Comments
February 21, 2012
Security in the mobile wallet: Is it good enough yet?
For years we've heard about the future mobile wallet—using the phone to carry payment cards, loyalty rewards, bank account access, and identification instead of a traditional leather wallet. The wallet will also be able to hold electronic receipts for purchases made using the phone at a merchant's point of sale. 2012 portends to be the year of reckoning, with several trials scheduled for rollout. If your wallet resembles the one in the Seinfeld episode about George Costanza's exploding wallet, an electronic wallet contained in your mobile phone is a welcome prospect.
But the truth is that while recent developments in the application of near field communication (NFC) technology for mobile wallet trials have come faster than most industry expectations, a variety of hurdles are likely to waylay widespread adoption in the near term; namely, hurdles relating to security.
Different security deployments for mobile wallets may postpone widespread adoption
While, as noted in our 2011 mobile industry position paper, firms engaged in rolling out new mobile payments services have agreed that successful near-term adoption will rely on common standards for security and interoperability, free market dynamics dictate that all players in this new mobile ecosystem will not necessarily work together, motivated instead by a responsibility to create shareholder value. As a result, current industry discussions show that the service providers—namely, the mobile operators and the financial institutions partnering in these new business models—are considering different security deployments.
A recent article by Dan Balaban in the February 13 issue of NFC Times summarizes the situation well:
"While mobile operators continue to push for the SIM card to become the de facto secure element in NFC phones, some banks and other service providers still are seeking alternatives. The products that continue to draw the attention of a number of banks include microSDs, as well as iPhone attachments—the latter using either microSDs or embedded secure chips as secure element. Of course, there are no strong signals yet that microSDs, either as part of phone attachments or working in full NFC handsets, will challenge SIM cards or embedded chips as the primary secure element in contactless-mobile phones. At present, the microSDs generally carry higher costs, face logistical problems and still lack standards."
It stands to reason that a lack of standards in security can threaten consumer trust when something goes wrong, as we saw this week with the Google Wallet, the first U.S. mobile wallet deployment to date. Google has stopped activating new prepaid accounts in its mobile wallet after discovering a security flaw that allows unauthorized users to access the prepaid account without requiring a PIN. While the flaw is related more to the wallet application than to the security technology in the chip used to store data in the handset, the negative press from the event may impact consumer adoption for other mobile wallet trials scheduled to rollout in 2012.
Security standards for mobile apps may lag development cycle
According to ViaForensics, the lack of standards for mobile application security may challenge application testing methodologies. In fact, a February 13 post on ViaForensics' blog asserts that "...the speedy mobile development cycle and this lack of experience in the platforms is causing coders to throw all of those secure development principles the industry has fought for over the past five years right out the window when it comes to mobile apps..." While attention to security for mobile applications is evolving, ViaForensics's recent study found that financial services applications had the largest percentage of apps that passed their security tests.
Regulatory considerations for financial institutions
In most developed countries, such as the United States, mobile financial services are deployed in bank-led service models, partnering with the mobile telecom operators. A recent article published by the Federal Deposit Insurance Corporation, "Mobile Banking: Rewards and Risks," aptly notes that any financial service provider that engages a third-party service provider such as a telecom firm is expected to conduct appropriate due diligence to ensure they are working with reliable and reputable vendors to develop secure applications. Regulators will look to financial institutions to make sure their mobile services partners are fulfilling meeting the terms of third-party agreements with respect to application and device security.
Widespread adoption may occur gradually
While stakeholders develop common standards for device and application access, and data security, it may take a while for mobile wallets to become commonplace. Reported security mishaps may be beneficial, in the end, if they serve to temper consumer adoption while financial institutions and their mobile services partners work to identify and manage potential security issues.
By Cynthia Merritt, assistant director of the Retail Payments Risk Forum
February 21, 2012 in emerging payments, innovation, mobile banking, mobile payments, payments, payments systems | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c016301c7d1b3970d
Listed below are links to blogs that reference Security in the mobile wallet: Is it good enough yet?:
Comments
January 18, 2011
Retail Payments Risk Forum hosts 4th annual "Emerging Risks in Emerging Payments" conference
On November 15–16, 2010, law enforcement, regulators, and other selected payments experts gathered once again to exchange ideas, research, and business expertise at the "Emerging Risks in Emerging Payments" conference at the Atlanta Fed. The conference provided a platform for sharing retail payments knowledge and insights among payment industry participants, regulators, and law enforcement. The conference also expanded networking opportunities for industry stakeholders essential to the payments industry, all of whom have a common interest in improving the detection and mitigation of emerging risks and fraud in emerging retail payments systems.
Opening remarks were made by Patrick Barron, first vice president of the Atlanta Fed. He was followed by Richard Oliver, executive vice president and director of the Retail Payments Risk Forum. Five expert panels with representatives from law enforcement, corporations, service providers, and other stakeholders discussed a range of themes related to emerging risks in emerging payments. Each panel provided a high-level overview of the state of the retail payments environment.
The following brief summary captures some of the key themes discussed during the event. Additional presentation materials are available on the Atlanta Fed's website.
Emerging trends in retail payments
Recent technological advances have changed the way retail payments are conducted. For instance, innovations in the card space are providing better ways to combat card fraud. Countries that have adopted Europay, MasterCard, and VISA (EMV) have seen a marked reduction in skimming fraud compared with countries that use magstripe cards, including card-not-present transactions over the Internet.
The mobile payments panelists predict that consumers will eventually migrate to mobile wallets—the speed and convenience of payment both for the merchant and consumer enhance this likelihood. However, the panelists agreed that some of the challenges to mobile payment adoption in the United States include lack of standardization, merchant investment hurdles, perceived security requirements, and lack of a clear value proposition for consumers.
Emerging risks in retail payments
Innovation introduces new risk factors. Several panelists highlighted the ongoing importance of protecting consumer information as the sophistication of financial crimes continues to increase. For instance, one panelist explained that in the card space, virtual prepaid cards can be funded by a transfer from another card or by phone or Internet, often times anonymously. In some cases, illicit funds can become instantly available from ATMs in more than 200 countries, without sharing confidential or bank information, which makes it very difficult for law enforcement to trace and monitor these funds.
Another panelist discussed the risk profiles of the different person-to-person (P2P) business models. For example, while the mobile channel is emerging as a viable method for P2P payments, telecom customer data—and, to a lesser extent, e-mail addresses—have become reliable ways to identify individuals to receive messages. However, they are not 100 percent reliable public directories. Some of the key risk distribution issues in a P2P environment include unauthorized transactions, intermediary error (such as misdirected payments), and fraud.
Additionally, panelists discussed the emergence of payments in the social network realm. One panelist discussed how fraudsters use social network sites and the data they gather from those sites to commit cybercrimes such as identity theft and "clickjacking scams," which trick users into clicking on ads and other sites that divert them from safe and reputable sites. Another panelist discussed the rapidly growing new segment of social network "businesses" that leverage the payments platform but turn out to be shell or fraudulent businesses.
How to address emerging risks in new retail payments?
Fraud and risk detection and mitigation must keep pace with emerging payments trends. Advances in payments technology enable new ways to conduct retail payments but can also create new channels for criminals to exploit and commit payments crimes.
The panelists highlighted these issues and more while proffering ways for regulators, law enforcement, and others to work together towards mitigating and deterring risks and fraud in the emerging payments environment. All in attendance recognized that the challenges ahead are common to all parties involved, and information sharing along with collaborative action is imperative for achieving the goal of ensuring a safe and efficient payments system.
By Ana Cavazos-Wright, senior payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed
January 18, 2011 in emerging payments, mobile payments, risk | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c0147e1b52c4c970b
Listed below are links to blogs that reference Retail Payments Risk Forum hosts 4th annual "Emerging Risks in Emerging Payments" conference:
Comments
February 16, 2010
Haitian crisis: Are mobile payment discussions an unexpected consequence?
The earthquake in Haiti caused massive destruction that ultimately leveled the capital city of Port-au-Prince and resulted in the deaths of thousands of people. As charitable assistance has poured in from around the world, an unexpected revelation has come to light with respect to the potential for mobile phone–enabled payments. Within a matter of days, wireless network operaters facilitated millions of dollars in donations, demonstrating how quickly people all over the world could assemble to adopt a single payment method for a specific purpose. Through the use of text messaging, or SMS (short message service), via the mobile phone, consumers could send payments to a variety of charitable organizations providing aid to Haiti.
Convenience of text messaging can drive adoption
I heard someone say recently that "convenience is like a drug for consumers." This convenience is possibly why texting is outpacing e-mail messaging as a mainstream form of communication—the ubiquity of mobile phones makes texting increasingly easier, cheaper, more convenient, and perhaps a natural vehicle for sending payment instructions. According to research released by Nielsen Mobile, the typical U.S. consumer sends and receives more SMS text messages than telephone calls. Mobile SMS is already widely used in developing countries to facilitate mobile money transfers for domestic person-to-person payments and cross-border remittances.
What if something goes wrong?
In many developing countries, mobile money transfer payments are transmitted via SMS without a bank partner to facilitate clearing and settlement. As described in an earlier post, Safaricom's M-pesa service provides mobile phone–enabled payments through text message instructions, with cash-out needs accommodated by agents, typically a village store or wireless retailer. But many of the payments are peer-to-peer in nature and funded by topping up the consumer's mobile phone bill. In the Haiti example, customers also could fund the payment by adding the value of the donation to their phone bills or by debiting a bank account.
Of course, the legal and regulatory environments in the United States differ markedly from developing markets like Kenya, where the M-pesa mobile payments service has grown so rapidly. The risk environments also differ significantly. In Kenya, a consumer faces less risk of loss in a mobile-enabled payment environment than the cash-based system that prevailed only a few years ago. U.S. consumers have many choices in payments and enjoy legal protections if service providers fail to consummate the payment transaction.
So what happens if the $20 donation instruction you sent to Haiti appears as a $200 or even a $2,000 charge on your bill? What if there is a disagreement about the error between you and your wireless carrier? What else could go wrong?
Protection for consumers
One of the growing challenges created by payment innovations is the creation of new laws and rule sets, which provide different protections depending on the payment type. This challenge is further complicated as payments converge and assume different formats along the supply chain. For example, a payment initiated via a credit card on a mobile device is subject to error resolution procedures and consumer protection standards established by the card networks. Similarly, Regulation E covers electronic transactions initiated from a bank deposit account. But if you disagree with a charge to your phone bill for a payment, it is questionable whether the error resolution provisions of Regulation E would even apply. As telecom firms become more important participants in retail payments, what laws and rule sets can consumers look to for protection when things go awry?
Of course, these issues are highly hypothetical but also very possible. Telecom firms and mobile payment service providers are filling new roles in mobile payments, forcing business models that we know today into a new paradigm. Perhaps the crisis in Haiti will serve as a catalyst for proactive thinking on risk issues so that all industry participants can work together to build a safe and trusted mobile sector of commerce.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum
February 16, 2010 in collaboration, emerging payments, innovation, mobile network operator (MNO), mobile payments, telecom | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c0120a89d1472970b
Listed below are links to blogs that reference Haitian crisis: Are mobile payment discussions an unexpected consequence?:
Comments
December 28, 2009
Mobile money transfers: Benign P2P or hawala money?
Informal value transfer systems (IVTS) such as traditional trade and barter have existed since the beginning of time and still serve legitimate purposes today. While informal payments may provide benefits such as improved reliability and convenience to users over formal systems, they may also create regulatory and risk management challenges. Person-to-person (P2P) payments via the mobile phone, also known as mobile money transfers (MMT), represent an innovation with the potential for use in informal channels as nonbanks, many of which are start-up firms, extend services in a cross-border enviroment.
IVTS were defined by Nikos Passas to describe "any network or mechanism that can be used to transfer funds or value from place to place either without leaving a formal paper trail of the entire transaction or without going through regulated financial institutions." One of those systems is hawala, which has its origins in classical Islamic law and is mentioned in texts of Islamic jurisprudence as early as the eighth century. Hawala drew interest from the U.S. government after 9/11 because payments are exchanged on the honor system without a paper trail. With this arrangement, it could be difficult to determine if a transfer of funds was for legitimate purposes.
In addition to hawala, Passas identified other important IVTS to include gift and money transfer services via Internet sites, Internet-based payments and transfers, and stored value cards, such as prepaid telephone cards, to name a few. IVTS systems and mechanisms range from basic and traditional exchanges to modern and sophisticated ones.
ENLARGE |
Passas' initial work predated the recent developments in the mobile payments channel and certainly came before the growth in mobile enabled P2P and the use of prepaid airtime for remittances, as described in an earlier edition of Portals and Rails. When P2P payments are conducted by mobile carriers in a bank-agnostic ecosystem, do they potentially represent a more sophisticated, modern-day informal payment system?
MMT: The fastest-growing mobile payment
P2P payments represent possibly the fastest form of financial transaction enabled by mobile phones, driven by the steady growth in remittance markets, the ubiquity of cell phones themselves, and the desirability for an electronic P2P payment alternative in developed countries like the United States. Research firm Gartner recently identified mobile money transfer as the first of the top 10 consumer mobile applications in 2012, made possible by developments in smart handsets like the iPhone. Separately, ABI research predicts that almost three times as many consumers worldwide will use mobile phones to conduct P2P payments than those who will use them to conduct mobile banking functions by the end of 2011.
Formal versus informal
GSMA (Global System Mobile Association), the alliance of mobile network operators, launched the Mobile Money Transfer Programme initiative to promote the mobile channel and formalize international remittances. With low barriers to entry, roaming capacity, and a growing unbanked market in developed countries, start-up firms may offer informal MMT services, including international and domestic P2P in cross-border markets to expand their customer reach and network opportunities. While informal payment systems can provide means for legal transactions, the lack of transparency could potentially provide bad actors the opportunity for money laundering and other financial crimes.
Nonbanks, like telecom firms and others, are rapidly entering the financial services arena, creating an uncertain regulatory environment as laws and regulations vary from country to country. Will mobile P2P innovation permit service offerings that are characterized as informal payments with the potential for misconduct? Will violators of money-laundering laws go undetected as stored-value mechanisms move from the plastic card to the mobile device? These questions will no doubt be the focus for regulators in many markets going forward as they attempt to understand both the operational and regulatory risks money transfer services have the potential to introduce.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum
December 28, 2009 in emerging payments, innovation, mobile payments, remittances, risk, telecom | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c0120a78682bf970b
Listed below are links to blogs that reference Mobile money transfers: Benign P2P or hawala money?:
Comments
November 02, 2009
Payments Spotlight Podcast: WACHA's Gilmeister discusses commercial account takeovers and other emerging risks
Play (MP3 7:58)
Transcript
We invite you to listen to an interview with Mary Gilmeister, President of the Wisconsin Automated Clearinghouse Association (WACHA) and a member of the Retail Payments Risk Forum’s Advisory Group. Launched in August 2009, this is the second iteration of the Retail Payments Risk Forum’s Payments Spotlight podcast series.
In this interview, Ms. Gilmeister touches upon the following topics:
- The roles of regional payments associations like WACHA,
- thoughts on managing the emerging risk of commercial account takeovers which result in fraudulent ACH transfers,
- protecting the elderly from financial fraud,
- the role of the NACHA Risk Management Advisory Group, and
- new risk issues in the emerging payments environment.
If you have not already, we also invite you to give a listen to the first installment of Payments Spotlight, which featured a conversation with Woody Tyner, payments strategist at BB&T Bank in North Carolina.
We hope that you will not only check out this installment but also tune in on a regular basis as we feature other leading thinkers and practitioners representing a wide array of perspectives. You can listen to the Payments Spotlight podcast using any computer audio software that will play MP3 files. To subscribe to the podcast series directly, go to the Atlanta Fed podcast page, click on the "SUBSCRIBE" button next to Payments Spotlight, and follow the instructions for adding the series to your aggregator. You can also follow the series by staying tuned to Portals and Rails, where we will post information about new podcasts as they become available.
Let us know what you think!
November 2, 2009 in emerging payments, fraud, payments, risk | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c0120a64ac853970b
Listed below are links to blogs that reference Payments Spotlight Podcast: WACHA's Gilmeister discusses commercial account takeovers and other emerging risks:
Banks and Financial institutions invest heavily in improving customer convenience and customer experience. Envelope free ATMs are one such facility that has gained significance off-late. In emerging markets like India, ATMs function well as a self-servicing kiosk. Many ATMs in India support P2P transfers and even opening of "fixed deposit" accounts. Pilots are underway to provide options to open Mutual Fund accounts. Obviously these services attract more customers to the ATM outlets.
On the other hand, remote deposit captures have gained significant acceptance in the market recently. With the smartphones volumes increasingly eating into the feature phone’s market share, “remote deposit capture” is set to gain more popularity, given its sheer convenience to the customer.
At the same time, one has to bear in mind the preferences of Gen Y. Today, customers want everything “on the move”. The advent of mobile technology only accelerates this process. With more innovations coming up in mobile based micro payments, the usage of cash will decrease gradually. It may even reach a negligible size down the years. Paper based checks are already on the decline and will meet its natural death soon – Regulatory bodies in some European countries had mandated the stoppage of check payments long back. With papers based payments going down, the demand for remote deposit capture will also decline.
So when we compare envelope free ATMs with remote deposit captures, my take is that both will meet their natural death soon – may be in a few years. However, in the current scenario, given the nature of Gen Y, remote deposit capture will stand to gain over envelope free ATMs.