March 18, 2013
March Madness on the Hardwoods, Mobile Madness in the Payments Arena
As an avid sports fan, I am eagerly anticipating college basketball's annual rite of spring commonly known as "March Madness." This nickname for the NCAA's Men's Division I basketball tournament is derived from the amazing finishes and upsets that regularly occur during the tournament each year. A big part of the intrigue around this tournament involves millions of people that will "fill out a bracket," meaning they prognosticate the winner of every game, ultimately choosing the winner of the tournament.
As I was thinking about the upcoming tournament, I realized a similar situation is developing with mobile payments at the point of sale (POS). It seems that every day, I read an article or blog with differing viewpoints on what company, wallet, or solution will come out as the "winner" for mobile payments at the POS. This got me thinking how a "bracket" would look for the mobile payments ecosystem. Interestingly, many of the attributes usually found with the successful basketball teams in March are similar to those attributes I believe are necessary for successfully competing in the mobile payments arena.
Fundamentals are extremely important
Teams that are fundamentally sound tend to perform well in the tournament. Fundamentally sound teams run an efficient offense with a high point per possession percentage and low turnover margin, rebound well, and make a high percentage of their free throw shots.
Likewise, in the mobile proximity payments arena, I expect the winner(s) will nail down the fundamentals of the transaction that consumers and merchants alike expect: ease and quickness. Just as basketball teams can employ innovative styles or plans, mobile payment providers are also developing the latest and greatest add-on to the payments experience. However, if both fail to deliver on basic fundamentals, success can be elusive.
Track record of successful risk taking
Besides excelling at the basic fundamentals, teams that make a high percentage of their three-point shots usually do well during March Madness. The three-point shot is the riskiest shot in the game, yet carries the highest reward. Teams who capitalize this risk with a high success rate are difficult to beat.
Besides the fundamentals of a payment transaction, it is no secret that consumers and merchants want more for paying with their mobile phone at the POS. Discounts, couponing, and instant offers through past purchase behavior and geolocation seem to be a major opportunity of differentiation with mobile payments. But I am not convinced these carrots are enough for any particular player to obtain widespread or mass mobile payment adoption. The player that is able to completely transform a consumer's shopping experience with the mobile phone will likely come out ahead. I believe this will require some risk taking by doing something different from the rest of the field beyond coupons, offers, and discounts. Perhaps this might be a mobile solution that allows a consumer to make a purchase and completely bypass the checkout line and POS while also updating the merchant's inventory level in real time. Established companies, as well as young companies led by teams or individuals, with a successful track record of risk taking should be considered closely.
Excellent defense
A common phrase heard in many sports, basketball included, is "defense wins championships." Basketball teams that hold their opponents to a low field goal percentage and generate a high number of turnovers have proven to be extremely difficult to beat in the tournament.
In the world of payments, defense is all about mitigating fraud. For a mobile payments solution to be successful, it must be as secure. And I could even argue that it must be more secure than current payment methods. Research has consistently shown that consumers must perceive these payments to be secure if they are going to adopt them. Secure solutions developed by companies that are trusted by consumers stand to have a solid chance to move ahead in a "mobile payment POS bracket."
The winning team
Using the same attributes of successful tournament teams and applying them to the mobile payments POS space, I think the ultimate winner of a "mobile payment POS bracket" must offer at least the following three attributes in a cost-effective manner:
- Enable a quick and simple transaction.
- Greatly transform the shopping experience by being unique and different.
- Offer a secure solution that consumers will understand and trust.
More often than not, the traditional and established basketball powers come out on top of the tournament, but it's those unexpected upsets by upstarts and underdogs that put the "madness" in the NCAA Tournament. How will the situation for using mobile phones at the POS play out? Will an established payment provider come out on top of the "mobile payment POS bracket" or will an upstart be that "bracket buster"?
By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
March 18, 2013 in innovation, mobile payments | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c017c37d8df8d970b
Listed below are links to blogs that reference March Madness on the Hardwoods, Mobile Madness in the Payments Arena:
Comments
Posted by:
Bob Skattum |
March 19, 2013 at 11:21 AM
January 22, 2013
Parallel Paths or Course to Collision? Technology's Effects in the Payments Industry
I don't believe anyone would challenge the statement that the pace of technological change is faster than ever and is likely to increase its velocity going forward. I remember a conversation with my grandfather in the mid-1970s about the biggest changes he'd experienced in his lifetime, which spanned the first two-thirds of the 20th century. Those changes centered on the automobile and airplane (his lifelong vocation was a railroad machinist/mechanic), electricity for the masses, medicine, and radio and television. Today, we can look back just 10 years and see the exponential level of changes in technology that have impacted our everyday lives in these same areas—transportation, energy, medical care, and communications.
Many of these technological changes have affected the banking world, sometimes in ways that create conflicts among various service channels. Recent changes in the way that U.S. banking customers deposit funds, for example, have the potential to create such conflict across channels.
The all-time teller gets a new face
Since the widespread introduction of the full-service ATM in the United States in the early 1970s, this automated delivery channel has seen little change in functionality. Sure, there have been major technology changes that have improved the channel but not fundamentally changed it. Such improvements include the migration from offline to online transaction authorizations, the ATM's ability to dispense multiple denominations of currency instead of a fixed amount, improved display graphics and component reliability, and the sharing of ATMs through the emergence of regional, national, and international interchange networks. Past efforts in the U.S. to add additional functions and migrate the ATM more to a self-service kiosk have not met with great success. There appears to be another attempt to introducing such functions as remittances, bill payment, money orders, postage stamps and ticketing as ATM volume stagnates.
Deposits made through ATMs seldom represent more than 10 percent of total banking transaction volume, and are more often in the 5–8 percent range. Research has consistently shown that consumers are apprehensive about placing checks and currency in ATMs since ATMs do not verify the deposit envelope contents, as tellers do. Truth be told, banks generally didn't actively promote deposits through ATMs for economic reasons. Because deposit envelopes can be deposited empty, most banks required them to be processed under dual control. As a result, until relatively recently, the cost of handling a single ATM deposit was about $1.50 to $2.
A big breakthrough in ATM deposits was seen in 2006–07, when several of the largest U.S. banks began testing ATMs that could accept envelope-free deposits of checks and currency. This method offered consumers images of their checks or detailed listings of the deposited currency before the transaction was final. Because consumers had this opportunity to verify their deposits, they had a much higher level of comfort. Additionally, consumers could now make their deposits much later in the day and still have them included in that day's processing. These banks soon began widespread implementation of such functionality in a vast majority of their locations, and other top-tier banks followed suit. The reassurance of the deposit verification and the increased convenience has led to a sharp increase in deposit transactions through the ATMs equipped with this feature. Furthermore, studies show that the cost of a deposit transaction dropped below 50 cents.
It appeared like a win-win-win outcome. ATM channel managers and manufacturers both were pleased with the new functionality. And bank customers were obviously pleased, as evidenced by the increased deposit transaction volume through the ATM.
Meanwhile, in a parallel universe...
At the same time that ATMs were getting new functionality, the remote deposit capture product was being developed. This product was first offered to commercial bank customers that received moderate volumes of checks. Company employees scanned the checks on dedicated equipment and then transmitted the captured images to the bank. This product was made possible under the provisions of Check 21. Then the banks expanded the service to include low-volume check businesses using generic scanners that the business likely already possessed. And most recently, a number of banks have begun offering remote deposit capture to both consumer and commercial customers as part of their mobile banking service with the camera feature on a smartphone.
In our ever-changing technology environment, the role of product and channel management has never been more difficult. Products that are technology-dependent can have an extremely short lifecycle and face competition from other sources. Will the proliferation of the remote deposit mobile application dampen the demand for envelope-free deposit accepting ATMs, especially at the smaller banks? Will these technologies collide, or will they continue to move down parallel paths? How will this technology and others come to impact the future of the ATM? We would like to hear your perspective.
By David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
January 22, 2013 in emerging payments, innovation, mobile banking | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c017c36231934970b
Listed below are links to blogs that reference Parallel Paths or Course to Collision? Technology's Effects in the Payments Industry:
Comments
Banks and Financial institutions invest heavily in improving customer convenience and customer experience. Envelope free ATMs are one such facility that has gained significance off-late. In emerging markets like India, ATMs function well as a self-servicing kiosk. Many ATMs in India support P2P transfers and even opening of "fixed deposit" accounts. Pilots are underway to provide options to open Mutual Fund accounts. Obviously these services attract more customers to the ATM outlets.
On the other hand, remote deposit captures have gained significant acceptance in the market recently. With the smartphones volumes increasingly eating into the feature phone’s market share, “remote deposit capture” is set to gain more popularity, given its sheer convenience to the customer.
At the same time, one has to bear in mind the preferences of Gen Y. Today, customers want everything “on the move”. The advent of mobile technology only accelerates this process. With more innovations coming up in mobile based micro payments, the usage of cash will decrease gradually. It may even reach a negligible size down the years. Paper based checks are already on the decline and will meet its natural death soon – Regulatory bodies in some European countries had mandated the stoppage of check payments long back. With papers based payments going down, the demand for remote deposit capture will also decline.
So when we compare envelope free ATMs with remote deposit captures, my take is that both will meet their natural death soon – may be in a few years. However, in the current scenario, given the nature of Gen Y, remote deposit capture will stand to gain over envelope free ATMs.
Posted by:
Pari |
January 29, 2013 at 09:33 AM
November 26, 2012
Highlights from a Conference on Technology and Payments
The retail payments landscape is rapidly evolving as technological advances promote new electronic payment methods. On October 15–16, the Risk Forum convened at the Atlanta Fed a diverse gathering of stakeholders in the payments industry. Industry representatives were from telecommunication firms, airlines, standards bodies, payments processors, and coffee house retailers, as well as the more traditional players.
Federal Reserve Bank of Atlanta President and CEO Dennis Lockhart kicked off the event. His opening remarks focused on the Federal Reserve System's role as a central bank in the country's retail payment system, both as a payments operator and as the country's guardian of financial stability. In the latter role, the Fed aims to preserve the integrity of both the retail and wholesale payments systems. Lockhart stressed that although this role has national strategy overtones, it is not intended to stifle innovation and competition but rather to support a market-oriented approach to payment developments. By noting the vulnerabilities that the fast pace of change and innovation in the industry create, Lockhart set the stage for the day's session, the highlights of which we are sharing here. You can find the complete presentation materials on the Atlanta Fed website.
Technology developments in card-based payments
Legacy plastic cards are likely to remain important for some time. Nevertheless, significant changes are under way. These technological changes were the focus of this panel. The U.S. payments industry is struggling to collectively shift from magnetic stripe-enabled card payments to a more secure and interoperable environment. Panelists discussed the challenges posed by the planned U.S. migration to chip-enabled cards and to the EMV standards already adopted in most of the globe's major developed countries. They discussed the potential shift in fraud to card-not-present payments in the shift from mag-stripe cards. Panelists said that fraud mitigation in the future U.S. EMV environment will require additional data analysis tools, including the use of better encryption methods and tokenization. They also touched on the benefits of PIN versus signature authentication.
The evolution of technology standards in retail payments
Technology standards provide the cohesion to ensure the critical mass needed for successful payment network adoption. At the same time, the myriad of new market solutions, patent issues, and even standards bodies themselves challenges industry cooperation and consensus building, slowing the standards development process. Panelists discussed the activities of various standards bodies that touch retail payments today. They also talked about how they are working to galvanize industry stakeholders to agree and employ standards that foster security and interoperability.
Mobile payment developments at the point of sale
This panel of experts reviewed technological developments in the mobile channel for payments at the merchant's point of sale (POS), including the rollout of several mobile wallet initiatives. Panelists discussed the challenges associated with the highly dynamic nature of the technologies. They noted that new complex business models are resulting in many different types of payment solutions, creating a confusing ecosystem for mobile proximity payments.
Panelists noted that the many new, thought-provoking products out in the market place today create many unknowns, not only with respect to security, but also future viability. They agreed that it is hard to predict which solutions have true scalability. An interesting discussion took place on the success of new payments such as Square, which changed the proverbial game by expanding the population of merchants that can accept card payments and by repurposing the mobile handset into a payment acceptance device. The panel also discussed how Starbucks unwittingly assumed the role of a payments pioneer when they moved to the mobile channel. Their original aim was not to adopt a new payments method but rather to increase customer loyalty and convenience.
The merits and challenges with the upcoming EMV migration were also top of mind for the panel.
Technology trends in mobile payment transfers
U.S. mobile payment developments have generally centered on payments at the POS. However, remote mobile payments, or person-to-person mobile transfers, are also taking form as a business model. Panelists discussed how nonbank players are entering the money transmission space hoping to leverage new mobile technologies. They explored the current environment for domestic and cross-border mobile transfer payment activity, analyzing the changing roles of payment service providers and the subsequent regulatory and policymaking considerations.
Panelists noted that we are seeing a huge paradigm shift in mobile money, with prepaid airtime credits looking more and more like currency in developing countries. Some countries permit payment service providers to provide airtime cash-out; Kenya's M Pesa is one of these providers. The lack of system interoperability across borders and liquidity management considerations are barriers to a global, scalable airtime transfer system. Panelists also noted, however, that airtime transfers are increasingly becoming a natural complement to traditional remittances.
In addition, traditional remittance providers are partnering with telecom firms to deliver services in emerging markets. These providers also work with banks in more developed countries, like the United States, to use the mobile channel in more efficient ways.
Technology threats and mitigants in electronic payment systems
Whether through scams such as “Obama Will Pay Your Bills” or corporate account takeovers, criminals are increasingly using electronic payments networks to perpetrate fraud. Panelists stressed that industry stakeholders must themselves become more sophisticated in order to develop solutions to better detect and mitigate these risks. Future fraud detection will require more sophisticated approaches to address growing vulnerabilities in web applications. Panelists also stressed that financial institutions must validate transactions to enforce rules and limits and to manage fraud.
Conclusion
The Risk Forum uses events such as this to encourage dialogue and share critical business intelligence among participants. We can then use information that comes out of such discussions to inform our work with the payments industry as we collectively work on better solutions to detect and mitigate risk. Expect to see more discussion in future posts. As always, we value your responses.
By Cynthia Merritt, assistant director of the Retail Payments Risk Forum
November 26, 2012 in chip-and-pin, collaboration, cybercrime, emerging payments, innovation | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c017c33fde72b970b
Listed below are links to blogs that reference Highlights from a Conference on Technology and Payments:
Comments
August 06, 2012
Policymakers, Regulators Keep a Watchful Eye on Mobile Payments
Policymakers and regulatory authorities are beginning to turn their collective eye toward mobile payment developments and with good reason. The rapidly changing environment and the entry of nonbanks in mobile-enabled financial services create a new paradigm in regulatory oversight for consumer protections, bank safety and soundness, and regulatory compliance.
In recognition of these environmental dynamics, the Federal Reserve Banks of Atlanta and Boston recently convened a joint meeting of the Mobile Payments Industry Workgroup (MPIW) and regulatory authorities to discuss recent mobile payment developments and potential regulatory gaps. The two Reserve Banks then jointly published on July 30, 2012, a summary of the meeting describing the meeting dialogue between members of the MPIW and the regulatory community.
You can read the paper on the Atlanta Fed and the Boston Fed websites, but below are some quick highlights.
The complexity of the regulatory framework for mobile financial services requires further ongoing analysis—While regulators recognize supervisory elements common to both mobile and Internet environments, they say that the fast pace of change requires them to more closely monitor mobile payment developments. Regulators have an interest in ensuring safety and soundness as well as consumer protections in the emerging mobile payments environment. Both these objectives require that financial institutions adequately manage vendors when they outsource and partner with third parties in new mobile payment business models.
Education is needed to teach all stakeholders about the mobile environment, from regulators to consumer advocates to consumers themselves—Security, privacy, and consumer protections are important themes that all stakeholders should understand in order to be able to communicate appropriately with policymakers in mobile payments regulation. As mobile payment systems evolve, it will be important to engender cross-industry dialogue at both the industry and regulatory levels to ensure risks in these key themes are sufficiently addressed.
Next steps
The MPIW plans to continue to meet on regulatory issues with regulators as the mobile payments market matures. These meetings will serve to educate the regulators about mobile payment developments and risk mitigation initiatives. At the same time, regulators will be able to share early insights and concerns about mobile payments with the MPIW, while hearing their input and perspectives on future policy and regulatory decision making.
By Cynthia Merritt, assistant director of the Retail Payments Risk Forum
August 6, 2012 in innovation, mobile payments, regulators | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c0167691925b9970b
Listed below are links to blogs that reference Policymakers, Regulators Keep a Watchful Eye on Mobile Payments:
Comments
July 30, 2012
Even an Outsourced Cloud Can Have a Silver Lining: Shedding Light on Cloud Payments Risk Management
Outsourcing is not new in financial services. Banks continue to improve their operational efficiency—and even lower their risk exposures—by engaging third-party service providers to perform specific functions they used to manage internally. Now, technological advances are enabling financial institutions and other payment providers to shift certain data management functions to the cloud, an outsourcing practice we discussed in an earlier Portals and Rails post. Cloud outsourcing provides operational cost savings to the end user community, but these new services introduce new risks in payment systems.
On July 10, 2012, the Federal Financial Institutions Examination Council (FFIEC) published a statement on cloud computing to supplement its Outsourcing Technology Services booklet. The aim of the statement is to help financial institutions better understand the fundamental risks associated with these new services and the need for robust vendor management.
Cloud computing basics
The term "cloud computing" in its most basic sense describes a service that stores and processes data on a remote network. Cloud service providers are entrusted with ensuring the security of end user data within that remote network.
A notable feature of cloud computing is its deployment model. Risk profiles may differ, making some models more appropriate for some services than others. Some models may include private clouds operated for a single organization, community clouds that are shared by several organizations, or combinations of the two for hybrid business models.
According to a recent paper authored by Dan Schutzer, chief technology officer of BITS, small devices like mobile handsets have limited storage while communications networks are becoming faster and more efficient. These factors have led to more businesses offering services that allow data to reside in remote servers, or in "the cloud." He cites public cloud examples like Flikr, which allows consumers to store photos in the cloud, and Google Docs, which allows consumers to manage documents remotely.
Risk management in cloud computing
Arguably, the data in these examples may not be as sensitive as that managed by financial institutions and others involved in payment processing. The FFIEC statement notes that as financial institutions consider a cloud computing model in their outsourcing strategies, risk management and third-party oversight to protect sensitive personal consumer data become increasingly important.
The FFIEC statement maps the key elements of risk management articulated in the existing interagency guidance. It starts with due diligence, noting that financial institutions are responsible for ensuring that third-party activity is conducted according to applicable law and regulation, just as if they bank retained those functions in-house. It also discusses the key elements to consider in ongoing vendor management and business continuity planning.
The vendor management challenge
A major takeaway for financial institutions and other payment providers is in the part of the FFIEC statement that discusses "legal, regulatory, and reputational considerations":
The nature of cloud computing may increase the complexity of compliance with applicable laws and regulations because customer data may be stored or processed overseas. A financial institution’s ability to assess compliance may be more complex and difficult in an environment where the cloud computing service provider processes and stores data overseas or comingles the financial institution’s data with data from other customers that operate under diverse legal and regulatory jurisdictions.
While the risk management fundamentals for cloud computing remain the same, the increasing complexity of the operating environment will challenge the effectiveness of vendor management programs going forward. As outsourcing relationships expand geographically, the expertise required to oversee those activities will increase as well. Furthermore, third-party service providers may have outsourced relationships themselves, requiring inclusion of those downstream oversight processes in the financial institution’s vendor management program.
The FFIEC guidance provides a good description of these risks and challenges to consider in selecting and managing a cloud computing strategy, but also notes that "cloud computing may not be appropriate for all financial institutions."
By Cynthia Merritt, assistant director of the Retail Payments Risk Forum
July 30, 2012 in emerging payments, innovation | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c017743c6d32b970d
Listed below are links to blogs that reference Even an Outsourced Cloud Can Have a Silver Lining: Shedding Light on Cloud Payments Risk Management:
Comments
July 09, 2012
Can clouds and contactless chips coexist?
Mobile wallets have started to make their way into the market this year. Inevitably, industry stakeholders are joining opposing camps on the technology that these wallets use to keep payment information and other personal data safe and secure: contactless chips or cloud-based technology. The chips are embedded in a mobile handset that communicates with a terminal via near field communication (NFC), while the cloud-based technology involves an application downloaded to the mobile handset.
If the critical mass necessary for the successful adoption of a payment system relies on acceptance interoperability and technical standardization, can these two solutions coexist in a future mobile payments system? Or will technology debates threaten near-term interoperability and consumer adoption?
Coexistence
The first generation of mobile wallet trials such as Isis and Google are using contactless NFC technology. This is not surprising as early discussions found consensus on the need to move as an industry to NFC for mobile payments. In fact, as my coauthors and I noted in our 2011 paper, "Mobile Payments in the United States: Mapping out the Road Ahead," one of the key tenets agreed upon at the time by industry stakeholders for a safe and secure mobile payments system was the use of contactless NFC technology.
However, since that time, new mobile providers have been rolling out wallets that do not use NFC. Instead, they rely on store payment credentials in remotely based servers, more commonly referred to as the "cloud." The PayPal wallet, for example, leverages consumers' existing PayPal accounts where payment credentials are stored.
Benefits and challenges
Numerous complex variables are at play in the debate on NFC versus the cloud. A recently published TSYS whitepaper authored by Scot Yarbrough and Simon Taylor, "The Future of Payments: Is it in the Cloud or NFC?," provides a comprehensive explanation of the benefits and the challenges that opposing business models face.
The authors summarize the case for NFC by noting that it is backed by the major card networks and offers the capability to store and send information other than payment, such as contacts and videos. The case for payments in the cloud has a supply-side incentive in that the infrastructure costs are much lower for the merchants at the point of sale.
Both systems face challenges, of course, as evidenced by the current low adoption levels for any particular wallet. The TSYS authors note that cloud technology payments may offer so many different choices, "how many ways to pay will the consumer want to learn and adopt, especially when he or she can simply reach into their pocket, pull out their credit or debit card and pay?"
They also note that NFC is also not without flaws. Building consumer experience will require compelling value propositions to encourage new payment behaviors. Further, the complexity of the ecosystem to manage the payment credentials in the chip inside the mobile device among various players in the business model creates economic challenges as well.
Conclusion
In the near term, cloud-based solutions will likely disrupt the payments landscape as merchants look to manage their share of the infrastructure investment for new payments. As wallet providers identify efficiencies and optimal security propositions for data residence and transit, it is possible that hybrid business models will emerge. Finally, the TSYS authors aptly note that future game changers will likely alter the current argument completely. Will merchant investment costs matter in a future where the mobile handset is also the merchant's acceptance terminal?
By Cynthia Merritt, assistant director of the Retail Payments Risk Forum
July 9, 2012 in contactless, emerging payments, innovation | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c0177432b8bd4970d
Listed below are links to blogs that reference Can clouds and contactless chips coexist?:
Comments
July 02, 2012
Are portable POS devices coming to a table near you?
Can you remember the last time you handed over your mobile phone to a friend, let alone a stranger? Writing from my own experience, I am guessing that it is not something people do very often. Back when our mobile phone's primary functionality was as a phone, we were generally open to letting someone borrow it to make a call. However, as phones become "smarter," we have become less inclined to give someone else access to a device that holds a wealth of information about us.
This behavior is in stark contrast to our behavior with our payment cards. While I can count on my hands the number of people whom I have let use my mobile phone, I have given my payment cards to hundreds of strangers at dine-in restaurants and allowed them to take my cards out of my sight. While an overwhelming majority of these card transactions are safe, this procedure does easily allow for bad characters to capture valuable card information that can lead to card fraud. One highly publicized skimming case that broke last November highlights the fraud risks inherent in a restaurant card transaction. This crime certainly would have been more difficult to perpetrate had the victims' cards been swiped tableside in front of them.
According to a recent Wall Street Journal article, the payment experience at restaurants might be changing. Several large restaurant chains are in the process of testing different portable tablet-type devices at the table. These devices allow restaurant patrons to perform traditional restaurant functions such as viewing menus, placing orders, and ultimately settling the bill. Some of these devices include advertising and, perhaps most intriguing, even allow patrons to play games, watch videos, and peruse news headlines.
While these portable devices have the "cool" factor, they also offer great benefits from a fraud-reduction perspective. Paying your restaurant tab without ever having your card leave your sight is a great first step in preventing the type of fraud described in the New York City incident highlighted above. Restaurants, in general, have shunned portable POS devices in the past due in large part to their expense in an industry that operates on thin margins. What's exciting with these new devices is that the new technology offers both top- and bottom-line benefits to restaurants that traditional portable POS devices don't. These devices can actually help drive an increase in existing revenues (higher average tickets) or even be a source of new revenue (advertising and fees from videogames) while also lowering a restaurant's fraud loss exposure.
I am hopeful that this new technology catches on and restaurants do adopt a safer payment card transaction. For the parent in me, the thought of the device entertaining my small children when our conversation fails to do so or the chips and salsa run out is promising. From my payments risk perspective, I am ready to keep full control of my cards and hopefully avoid that dreaded call, text, or e-mail from my bank that says my card has been compromised.
By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
July 2, 2012 in cards, consumer fraud, innovation | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c0167681824a1970b
Listed below are links to blogs that reference Are portable POS devices coming to a table near you?:
Comments
May 07, 2012
Regulating mobile: Distinguishing the payment from the channel
The handset is just a device, not a payment
Policymakers and regulators are just beginning to discuss the regulatory environment for mobile banking and payments in the United States. The added dialogue to existing industry conversations can lead to mixed messages about where regulatory and policy action may be needed. Recently we've heard from industry and regulatory agencies that the payments industry should carefully consider introducing new regulations and supervisory guidance.
The mobile handset is "just a device, not a payment," noted Mallory Duncan, senior vice president and general counsel at the National Retail Federation. Duncan, who spoke at the workshop "Paper, Plastic...or Mobile," hosted by the Federal Trade Commission, also said that regulation should be no more stringent than that of the underlying payment. In essence, the laws, regulations, and rule sets associated with a payment type—be it a credit card, debit card, or online payment—should follow that payment through the mobile channel for clearing and settlement. I offered similar conclusions in a previous Portals and Rails post on dispelling myths in mobile payments, adding that "while new networks...may emerge in the future, at present, the payment network systems remain the same."
Fragmented framework on an expanded landscape
One problem the payments industry faces as technology enables new intermediary payment methods (they all start off as something we already use: cash, checks, or cards) is that the legal and regulatory framework includes different consumer protections, disclosure requirements, and error resolution provisions depending on the payment type. While all these payments are used in an Internet environment—whether the Internet is accessed by phone or a traditional PC—the addition of the mobile channel and its telecom partners has seemingly created a tipping point for confusion and speculation. Many of the issues raised about consumer protection for prepaid cards, for example, exist now and have nothing to do with a consumer's ability to use a prepaid account with a mobile device.
Can existing regulatory infrastructure handle new mobile payment business models?
The United States has a more complicated banking system than most countries. National laws, for example, govern national banks, which are preempted from state law. State-chartered banks and nondepository money service businesses (like payday lenders and money transmitters), on the other hand, are responsible for complying with the laws of every state in which they do business. These laws are different from state to state, and sometimes even conflict.
Industry players in each of these separate chartering authorities are stepping into the mobile channel as a way to expand their footprint. While telecoms and technology firms are entering into partnerships with banks to establish new business models in the delivery of mobile payments, so far they're sticking to their knitting and leaving the clearing and settlement, and the extension of credit, to the financial services industry. As long as banks remain the payment issuers in these still nascent business models, caution in rethinking the regulatory infrastructure is probably a good idea as well.
By Cynthia Merritt, assistant director of the Retail Payments Risk Forum
May 7, 2012 in innovation, mobile banking, mobile payments, regulators | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c0168eb46b266970c
Listed below are links to blogs that reference Regulating mobile: Distinguishing the payment from the channel:
Comments
March 19, 2012
Balancing payments risk management and regulation with innovation
Government must be careful not to overreact to, or stifle, new innovations that can greatly benefit the consumer and the American economy. Government should take advantage of marketplace solutions to issues where appropriate. To do this, and at the same time to be in a position to act appropriately, it is important for government to maintain expertise in electronic money and payments development, and to consider carefully major questions presented by these developments. (Excerpt from 1996 paper prepared by the Department of Treasury on emerging electronic money and banking innovations.)
This quote appeared in a presentation given last week by John Carlson, executive vice president at BITS, a nonprofit group that fosters communication around technology issues that affect the financial services industry. John used this quote to demonstrate that, even in 1996, the Treasury Department recognized the need to not over-regulate at a time when financial institutions were beginning to experiment with Internet banking.
In the presentation "Hardening Payments for the Next Generation," which he gave at the BAI Payments Connect conference, John stressed that we still have to exercise care as financial institutions continue to innovate. The industry must still consider how it will balance the benefits of innovation in payments with the need to manage changing risks and ensure that regulators keep up with the changes. John warned that, despite the myriad of new threats, the temptation to overreact to these with regulation and legislation may stifle payment innovations. He emphasized that, instead, payment stakeholders must collaborate and share information.
Following are a few other noteworthy points from the presentation.
Rise in fraud and security issues in payments
John noted that as more nonbanks enter the marketplace and new innovative alternative products are introduced, payments fraud is evolving alongside. We need to keep looking at emerging payment issues involved with EMV-enabled payments, for example, as well as mobile payments, cloud computing, and payments conducted via social media. At the same time that these products are entering the marketplace, fraud is evolving in new and unexpected ways. And as global crime rings increasingly engage in cross-border activities, for example, a rise in cyber-security threats will likely continue.
We are also seeing some conflicting trends in consumer trust of security issues, according to John. While many consumers respond conservatively in surveys on payments security, for example, consumers generally are becoming increasingly willing to share personal information with "friends" in social media sites like Facebook and LinkedIn. And while consumers are gradually warming up to alternative payments in the mobile channel, most fail to employ general protections such as mobile device password locks.
A challenging regulatory environment
John mentioned that U.S. financial institutions are subject to independent regulatory oversight by a host of federal and state agencies, but the regulatory environment for nonbanks is not well understood. This lack of clarity around the nonbanks results in unclear liability for financial institutions and their customers alike. Consumers are likely to go to financial institutions for error resolution because of trust and familiarity, even when the risk and liability belong to the nonbank partner.
Third-party risk will continue to be a significant concern going forward, said John, as banks recognize the economic benefits they can get from outsourcing. As a result, regulators will focus on banks' vendor management programs to ensure that banks exercise comprehensive due diligence when they engage with vendors, and that they continue to provide oversight of the vendor throughout the duration of the relationship.
John noted that while there is a great deal of discussion on regulation of the emerging mobile channel, it is likely that such regulatory guidance will be embedded in vendor oversight guidance, of which there have been many iterations over the years.
Trust is necessary element of a successful payment system
John's presentation concluded in saying that "trust is central to everything we do." Financial institutions and other stakeholders with access to payment data and personally identifiable information have a growing responsibility to protect that data as the risk grows for network and device compromise. With more personal information exposed via social media, we will need to consider incentives for stakeholders to safeguard information by banks and other competitors in the payments space. Furthermore, those nonbank competitors and outsourcing partners need to be held to similar business practice standards for security and safety and soundness.
By Cynthia Merritt, assistant director of the Retail Payments Risk Forum
March 19, 2012 in innovation, regulators | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c0168e8feaacf970c
Listed below are links to blogs that reference Balancing payments risk management and regulation with innovation:
Comments
February 21, 2012
Security in the mobile wallet: Is it good enough yet?
For years we've heard about the future mobile wallet—using the phone to carry payment cards, loyalty rewards, bank account access, and identification instead of a traditional leather wallet. The wallet will also be able to hold electronic receipts for purchases made using the phone at a merchant's point of sale. 2012 portends to be the year of reckoning, with several trials scheduled for rollout. If your wallet resembles the one in the Seinfeld episode about George Costanza's exploding wallet, an electronic wallet contained in your mobile phone is a welcome prospect.
But the truth is that while recent developments in the application of near field communication (NFC) technology for mobile wallet trials have come faster than most industry expectations, a variety of hurdles are likely to waylay widespread adoption in the near term; namely, hurdles relating to security.
Different security deployments for mobile wallets may postpone widespread adoption
While, as noted in our 2011 mobile industry position paper, firms engaged in rolling out new mobile payments services have agreed that successful near-term adoption will rely on common standards for security and interoperability, free market dynamics dictate that all players in this new mobile ecosystem will not necessarily work together, motivated instead by a responsibility to create shareholder value. As a result, current industry discussions show that the service providers—namely, the mobile operators and the financial institutions partnering in these new business models—are considering different security deployments.
A recent article by Dan Balaban in the February 13 issue of NFC Times summarizes the situation well:
"While mobile operators continue to push for the SIM card to become the de facto secure element in NFC phones, some banks and other service providers still are seeking alternatives. The products that continue to draw the attention of a number of banks include microSDs, as well as iPhone attachments—the latter using either microSDs or embedded secure chips as secure element. Of course, there are no strong signals yet that microSDs, either as part of phone attachments or working in full NFC handsets, will challenge SIM cards or embedded chips as the primary secure element in contactless-mobile phones. At present, the microSDs generally carry higher costs, face logistical problems and still lack standards."
It stands to reason that a lack of standards in security can threaten consumer trust when something goes wrong, as we saw this week with the Google Wallet, the first U.S. mobile wallet deployment to date. Google has stopped activating new prepaid accounts in its mobile wallet after discovering a security flaw that allows unauthorized users to access the prepaid account without requiring a PIN. While the flaw is related more to the wallet application than to the security technology in the chip used to store data in the handset, the negative press from the event may impact consumer adoption for other mobile wallet trials scheduled to rollout in 2012.
Security standards for mobile apps may lag development cycle
According to ViaForensics, the lack of standards for mobile application security may challenge application testing methodologies. In fact, a February 13 post on ViaForensics' blog asserts that "...the speedy mobile development cycle and this lack of experience in the platforms is causing coders to throw all of those secure development principles the industry has fought for over the past five years right out the window when it comes to mobile apps..." While attention to security for mobile applications is evolving, ViaForensics's recent study found that financial services applications had the largest percentage of apps that passed their security tests.
Regulatory considerations for financial institutions
In most developed countries, such as the United States, mobile financial services are deployed in bank-led service models, partnering with the mobile telecom operators. A recent article published by the Federal Deposit Insurance Corporation, "Mobile Banking: Rewards and Risks," aptly notes that any financial service provider that engages a third-party service provider such as a telecom firm is expected to conduct appropriate due diligence to ensure they are working with reliable and reputable vendors to develop secure applications. Regulators will look to financial institutions to make sure their mobile services partners are fulfilling meeting the terms of third-party agreements with respect to application and device security.
Widespread adoption may occur gradually
While stakeholders develop common standards for device and application access, and data security, it may take a while for mobile wallets to become commonplace. Reported security mishaps may be beneficial, in the end, if they serve to temper consumer adoption while financial institutions and their mobile services partners work to identify and manage potential security issues.
By Cynthia Merritt, assistant director of the Retail Payments Risk Forum
February 21, 2012 in emerging payments, innovation, mobile banking, mobile payments, payments, payments systems | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c016301c7d1b3970d
Listed below are links to blogs that reference Security in the mobile wallet: Is it good enough yet?:
Excellent discussion and apt analogy. I would add that just like the NCAA Tournament the winner(s) get to the final grouping by winning one game at a time and moving inexorably forward while not letting the hype and hoopla distract them from their goal. In mobile payments, this may mean incremental improvements and constant adjustment to the transaction process with an occasional "fast break" from the old paradigm will ultimately result in an application that addresses all of the needed attributes.