Retail Payments Risk Forum
Font Size: A A A

Portals and Rails

March 31, 2014

Ignore Millennials at Your Own Risk

At a recent conference primarily for credit unions and small banks, I participated in an interesting discussion about the future role of banks and legacy payments for person-to-person (P2P) payments. Few of the attendants offered a P2P solution as part of their online or mobile banking platform and those that did claimed the product was seldom used, if at all. There was consensus that a majority of their customers just aren't interested in this product.

I recently wrote on this topic, hailing the check as an efficient form of P2P payment thanks in large part to mobile remote deposit capture. But perhaps my experience of writing a check to a 20-something babysitter was more of an anomaly than the norm. A recent survey that GOBanking Rates conducted reveals that nearly 40 percent of consumer banking customers never write checks and 61 percent of banking customers between the ages of 18 and 24 claim to never write checks. Another survey of 10,000 millennials (those born from 1981 to 2000) reveals that the banking industry is at the highest risk of disruption. Seventy percent of the respondents believe that the way we pay for things in five years will be totally different. One in three of the respondents believe they will not need a bank.

So what can financial institutions take away from my experience and these surveys? Two things stand out to me. First, there are still banking customers (young ones included) that continue to write checks or prefer to receive checks over alternatives from banks and nonbanks. Though I fully expect check usage to continue to decline, the complete demise of the check is a fantasy. Second, and most important, financial institutions that choose not to evolve in the payments space risk disintermediation or even becoming irrelevant. While their customers today may not want specific products or payment capabilities, the reality is that the makeup of a majority of these customers today won't be the same as in the future. A generation of potentially new customers has a very different view on payments and banking. Ignoring these future customers will lead to harsh realities for financial institutions. What is your institution doing in terms of payments to attract and keep millennials and avoid becoming a dinosaur?

Douglas A. KingBy Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

March 31, 2014 in banks and banking, emerging payments, innovation | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01a3fce35a78970b

Listed below are links to blogs that reference Ignore Millennials at Your Own Risk:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 17, 2014

The Challenge to Create an Awesome Mobile Payments Experience

Almost every year for the last decade, those who have followed the mobile payments industry have heard the expectant statement, "This is the year for mobile payments." This year is no exception. We see the stories about mass adoption of mobile payments in other parts of the world, so we wonder, why not here in the United States? A U.S.-centric mobile payments conference I attended recently had as a recurring theme the notion that mobile payments in the United States had not yet caught on because providers had not yet developed an overall package of elements that would create a compelling mobile experience for the user.

In 1998, former Intel chief executive officer Andy Grove, coined the term "strategic inflection point" to describe a fundamental change in any business, technological or not. He said that for a change to achieve mass adoption by consumers, it had to be at least 10 times better than consumers' current experience—something Grove referred to as the "10X" factor. Achieving the 10X factor for mobile payments will likely involve lower costs, increased comfort with security and privacy, new functionality, enhanced user friendliness, increased convenience, or a "cool" factor, such as new technology often offers.

Conference panelists in general shared the view that the payment transaction itself is one small—but critical—element of the overall mobile experience. One point they made is that, because of their experience with other payment methods, consumers expect the mobile payment to be secure, fast, and accurate. These panelists echoed the work of the Mobile Payments Industry Workgroup (MPIW), a joint endeavor between the Federal Reserve Banks of Boston and Atlanta and the major stakeholders in the U.S. mobile ecosystem. The MPIW was created four years ago to facilitate the development of a vision for a mobile payments environment that will be effective, secure, and ubiquitous. This group has met frequently to address the issues of technology, standards, security, privacy, functionality, regulation, and adoption barriers. You can read results of these efforts on the Boston Fed's website.

Smartphone penetration levels continue to rise and are expected to approach saturation level within the next five years. Nevertheless, consumer research studies consistently show that not only are consumers very concerned about security and privacy when it comes to using their smartphones for mobile banking and payments, but they also are highly satisfied with their current payment method. The industry can address the security and privacy issues through a strong consumer education and awareness campaign. However, moving consumers from their current habits will require the achievement of a strategic inflection point—something that many payments industry stakeholders have tried to achieve over the years but have failed to do so.

Portals and Rails would like to know what you think are the other elements of the overall mobile experience needed to achieve the 10X factor?

Photo of David LottBy David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

March 17, 2014 in innovation, mobile payments | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01a511875735970c

Listed below are links to blogs that reference The Challenge to Create an Awesome Mobile Payments Experience:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

February 18, 2014

The Mythical End State of Security

As a proponent of secure payments, I am happy to see the EMV (chip card technology) discussion take center stage with national media outlets and on the Hill after the recent revelation of data breaches involving payment card data at merchants. Having written and spoken extensively on the benefits (as well as the shortcomings) of migrating to the EMV standard here in the United States, I am a strong believer in EMV's ability to reduce counterfeit card-present fraud. But I do feel that a bigger story is getting lost in these EMV discussions—that of payment card data security.

Security approaches are not static, but must be constantly improving and evolving, thanks in large part to a rapidly changing technology environment and evolving tactics of criminals. A solution that is implemented today will more than likely become obsolete or in need of additional investment to remain viable in the future. There is no "end state" when it comes to security. A wait-and-see approach for this hypothetical end state is flawed.

Consider my home security system to which I recently added video monitoring capabilities. This addition to my system made my upgrade to glass-breaking sensors several years ago seem like a bad investment. But had I waited for the camera technology, perhaps I would have suffered the same fate of several of my neighbors who ended up with bad guys breaking windows to gain entrance into an empty house. And though I feel better protected now than I was several years ago, I realize that it is inevitable that another upgrade with additional costs will be necessary in due time to best protect my property and family.

EMV is a solution ready to have a positive and immediate impact on reducing the value of stolen card data. And because of that, I am an advocate for its adoption in the United States according to the adoption plans set by the card networks. However, EMV alone does not provide complete protection of card data, and stolen card data retains value to fraudsters even in an EMV world. Magnetic stripes will not disappear overnight with a migration to EMV. (The UK began their migration in earnest seven years ago and mag stripes are still commonly found on their cards.) And stolen card data can easily be used in the card-not-present environment.

The payment industry must strive to secure payments data so that data stolen from breaches cannot be exploited for monetary value by criminals. Until the industry does that, it is reasonable to believe that data breaches and the subsequent effort to monetize the information will continue. EMV is a step in the right direction, but it is not the final and only step. EMV will be costly to implement. It will not and cannot be the final investment spent on securing card payments.

Douglas A. KingBy Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

February 18, 2014 in chip-and-pin, EMV, innovation | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01a73d7ac64d970d

Listed below are links to blogs that reference The Mythical End State of Security:

Comments

Douglas,

Like you, I'm glad to see that the key participants and contributors to the US payment system are recognizing the need for improvement in card data security and considering how EMV might help. I also support your contention that EMV is neither a comprehensive nor final solution. Why isn't the Fed taking a proactive role to research solutions that would eliminate the capture and transfer of card data and thus remove the risks from the points of sale altogether? There are already some interesting products in the marketplace that enable this approach and it seems a better investment for the short and long term.

Posted by: Gary Yamamura | February 18, 2014 at 10:10 PM

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

September 24, 2013

Using Analytics to Improve Credit Quality

With consumer credit products such as mortgages and payday loans occupying headlines, credit card portfolios have been quietly and steadily marching towards improvement in quality over the last three years, according to data released by the Fed’s Board of Governors. As the chart shows, seasonally adjusted charge-off rates are down to 3.9 percent, and delinquency rates are at 2.6 percent for the largest 100 commercial banks in the United States, the lowest rate since the Federal Reserve began tracking this statistic at the start of 1991.

Credit Card Charge-Offs and Delinquency Rates: Top 100 US Commercial Banks

But how have credit card issuers been able to improve the quality and profitability of their card portfolio since the severe economic impact felt by all during the recession? One of the many tools the Board identified—and one cited by portfolio managers—is the increasing use of analytics. Issuers collect and comb vast amounts of data from a variety of sources to ensure that cardholders are equipped to manage their balances.

Credit issuers use analytics for a variety of purposes, including establishing credit limits, monitoring ongoing credit quality, targeting marketing efforts, and detecting fraud. They perform analytics at the individual cardholder level—looking at credit history and purchasing patterns, for example—as well as at the customer segmentation level to identify correlations between certain data elements and indicators of potential changes in credit quality. The increased power of these analytical tools over the last decade is due primarily to the incredible advancements in data collection and analysis technology. These advances have provided issuers with the ability to run sophisticated "what if" models to determine how changes in various key attributes of cardholders or in the overall economic environment will affect the quality of their portfolio.

Clearly, many of the issuers have taken other proven steps to improve the credit quality of their portfolios: they’ve reduced credit lines and increased payment monitoring management for existing accounts during and after the recession. And they applied more stringent credit policies, making it more difficult for new applicants to be approved (or likelier to be approved at lower credit limits than they would have been before). These are all sound risk management techniques. But data analytics has been a very powerful additional tool, allowing issuers to make huge strides in ensuring ongoing credit quality.

How are you using increased technology capabilities to improve your risk management capabilities?

Photo of David LottBy David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

September 24, 2013 in cards, debt, innovation, payments study | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c019aff958780970c

Listed below are links to blogs that reference Using Analytics to Improve Credit Quality:

Comments

Data and analytics can provide a competitive advantage for financial institutions (FIs) of all sizes. Sophisticated models can lead to better decisions and improve your institution's risk management, marketing, price optimization, offer optimization, and more. Arguably, the most important area is risk management. FIs need to find their happy median for risk. Effective decisioning won’t be profitable if high-risk customers are approved for too many cards or approved for credit limits that will overreach their ability to pay, but FIs also don’t want to necessarily turn a consumer away due to an address discrepancy. The FIs that can most effectively leverage their data and analytics will gain the competitive edge. It appears many credit card issuers have already figured this out.

Posted by: Christina Lysacek | October 21, 2013 at 02:53 PM

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

September 16, 2013

Be Sure to Dot Your I's and Cross Your T's in Vendor Agreements

A new twist on an existing issue has recently surfaced for financial institutions (FI) in managing vendor risk. Patent infringement lawsuits, which are not new to the banking community, have grown as FIs have become more dependent on vendor-provided technologies. FIs are being drawn into more legal proceedings, or the threat of them, in which a party sues for alleged infringement of a patent on a product or process that a vendor has provided the FI. In particular, allegations of infringement have targeted technology enhancements related to scanning and imaging, mobile banking and payments, data storage, debit and prepaid card production, and transaction management processes. In a number of cases, the FI pays a royalty or fee to settle the dispute and avoid further legal expenses.

Some aggressive patent infringement groups have become active over the last several years. Targeting financial services vendors and FIs, these "patent assertion entities" (PAEs) (or, more derisively, "patent trolls") are characterized in the June 2013 White House report Patent Assertion and U.S. Innovation as focusing "on aggressive litigation, using such tactics as: threatening to sue thousands of companies at once, without specific evidence of infringement against any of them; creating shell companies that make it difficult for defendants to know who is suing them; and asserting that their patents cover inventions not imagined at the time they were granted." According to the report, patent infringement lawsuits initiated by PAEs now represent 62 percent of all infringement suits—up from 29 percent just two years ago. The greatest danger from such aggressive legal action is a chilling effect on the development and adoption of innovative technologies.

So what might a financial institution do to mitigate its risk in this area? Federal and state officials are examining the problem and will likely make recommendations for policies or regulations that will provide a reasonable level of protection. However, this effort is likely to take time. In the interim, we suggest a number of potential actions for FIs and their legal counsel to evaluate. A critical element in risk management is understanding the sources of risk and their threat level. Consequently, FIs should consider a requirement in the vendor agreement that requires the vendor to immediately notify the FI of any such claims. Second, FIs should include an indemnification clause in the vendor agreement to protect themselves from being drawn into the legal dispute. And the FIs' lawyers should make sure that this clause requires vendors to stand behind the FI if the lawsuits target them for using vendor-provided technology. Lastly, FIs should consider obtaining or requiring the vendor to obtain patent infringement insurance.

Risk assessment and developing mitigation tactics should be an ongoing effort for all FIs. We would like to hear how your company is addressing this issue.

Photo of David LottBy David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

September 16, 2013 in innovation, regulations | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c019aff6dfd3d970d

Listed below are links to blogs that reference Be Sure to Dot Your I's and Cross Your T's in Vendor Agreements:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 18, 2013

March Madness on the Hardwoods, Mobile Madness in the Payments Arena

As an avid sports fan, I am eagerly anticipating college basketball's annual rite of spring commonly known as "March Madness." This nickname for the NCAA's Men's Division I basketball tournament is derived from the amazing finishes and upsets that regularly occur during the tournament each year. A big part of the intrigue around this tournament involves millions of people that will "fill out a bracket," meaning they prognosticate the winner of every game, ultimately choosing the winner of the tournament.

As I was thinking about the upcoming tournament, I realized a similar situation is developing with mobile payments at the point of sale (POS). It seems that every day, I read an article or blog with differing viewpoints on what company, wallet, or solution will come out as the "winner" for mobile payments at the POS. This got me thinking how a "bracket" would look for the mobile payments ecosystem. Interestingly, many of the attributes usually found with the successful basketball teams in March are similar to those attributes I believe are necessary for successfully competing in the mobile payments arena.

Fundamentals are extremely important
Teams that are fundamentally sound tend to perform well in the tournament. Fundamentally sound teams run an efficient offense with a high point per possession percentage and low turnover margin, rebound well, and make a high percentage of their free throw shots.

Likewise, in the mobile proximity payments arena, I expect the winner(s) will nail down the fundamentals of the transaction that consumers and merchants alike expect: ease and quickness. Just as basketball teams can employ innovative styles or plans, mobile payment providers are also developing the latest and greatest add-on to the payments experience. However, if both fail to deliver on basic fundamentals, success can be elusive.

Track record of successful risk taking
Besides excelling at the basic fundamentals, teams that make a high percentage of their three-point shots usually do well during March Madness. The three-point shot is the riskiest shot in the game, yet carries the highest reward. Teams who capitalize this risk with a high success rate are difficult to beat.

Besides the fundamentals of a payment transaction, it is no secret that consumers and merchants want more for paying with their mobile phone at the POS. Discounts, couponing, and instant offers through past purchase behavior and geolocation seem to be a major opportunity of differentiation with mobile payments. But I am not convinced these carrots are enough for any particular player to obtain widespread or mass mobile payment adoption. The player that is able to completely transform a consumer's shopping experience with the mobile phone will likely come out ahead. I believe this will require some risk taking by doing something different from the rest of the field beyond coupons, offers, and discounts. Perhaps this might be a mobile solution that allows a consumer to make a purchase and completely bypass the checkout line and POS while also updating the merchant's inventory level in real time. Established companies, as well as young companies led by teams or individuals, with a successful track record of risk taking should be considered closely.

Excellent defense
A common phrase heard in many sports, basketball included, is "defense wins championships." Basketball teams that hold their opponents to a low field goal percentage and generate a high number of turnovers have proven to be extremely difficult to beat in the tournament.

In the world of payments, defense is all about mitigating fraud. For a mobile payments solution to be successful, it must be as secure. And I could even argue that it must be more secure than current payment methods. Research has consistently shown that consumers must perceive these payments to be secure if they are going to adopt them. Secure solutions developed by companies that are trusted by consumers stand to have a solid chance to move ahead in a "mobile payment POS bracket."

The winning team
Using the same attributes of successful tournament teams and applying them to the mobile payments POS space, I think the ultimate winner of a "mobile payment POS bracket" must offer at least the following three attributes in a cost-effective manner:

  • Enable a quick and simple transaction.
  • Greatly transform the shopping experience by being unique and different.
  • Offer a secure solution that consumers will understand and trust.

More often than not, the traditional and established basketball powers come out on top of the tournament, but it's those unexpected upsets by upstarts and underdogs that put the "madness" in the NCAA Tournament. How will the situation for using mobile phones at the POS play out? Will an established payment provider come out on top of the "mobile payment POS bracket" or will an upstart be that "bracket buster"?

Douglas A. KingBy Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

March 18, 2013 in innovation, mobile payments | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c017c37d8df8d970b

Listed below are links to blogs that reference March Madness on the Hardwoods, Mobile Madness in the Payments Arena:

Comments

Excellent discussion and apt analogy. I would add that just like the NCAA Tournament the winner(s) get to the final grouping by winning one game at a time and moving inexorably forward while not letting the hype and hoopla distract them from their goal. In mobile payments, this may mean incremental improvements and constant adjustment to the transaction process with an occasional "fast break" from the old paradigm will ultimately result in an application that addresses all of the needed attributes.

Posted by: Bob Skattum | March 19, 2013 at 11:21 AM

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

January 22, 2013

Parallel Paths or Course to Collision? Technology's Effects in the Payments Industry

I don't believe anyone would challenge the statement that the pace of technological change is faster than ever and is likely to increase its velocity going forward. I remember a conversation with my grandfather in the mid-1970s about the biggest changes he'd experienced in his lifetime, which spanned the first two-thirds of the 20th century. Those changes centered on the automobile and airplane (his lifelong vocation was a railroad machinist/mechanic), electricity for the masses, medicine, and radio and television. Today, we can look back just 10 years and see the exponential level of changes in technology that have impacted our everyday lives in these same areas—transportation, energy, medical care, and communications.

Many of these technological changes have affected the banking world, sometimes in ways that create conflicts among various service channels. Recent changes in the way that U.S. banking customers deposit funds, for example, have the potential to create such conflict across channels.

The all-time teller gets a new face
Since the widespread introduction of the full-service ATM in the United States in the early 1970s, this automated delivery channel has seen little change in functionality. Sure, there have been major technology changes that have improved the channel but not fundamentally changed it. Such improvements include the migration from offline to online transaction authorizations, the ATM's ability to dispense multiple denominations of currency instead of a fixed amount, improved display graphics and component reliability, and the sharing of ATMs through the emergence of regional, national, and international interchange networks. Past efforts in the U.S. to add additional functions and migrate the ATM more to a self-service kiosk have not met with great success. There appears to be another attempt to introducing such functions as remittances, bill payment, money orders, postage stamps and ticketing as ATM volume stagnates.

Deposits made through ATMs seldom represent more than 10 percent of total banking transaction volume, and are more often in the 5–8 percent range. Research has consistently shown that consumers are apprehensive about placing checks and currency in ATMs since ATMs do not verify the deposit envelope contents, as tellers do. Truth be told, banks generally didn't actively promote deposits through ATMs for economic reasons. Because deposit envelopes can be deposited empty, most banks required them to be processed under dual control. As a result, until relatively recently, the cost of handling a single ATM deposit was about $1.50 to $2.

A big breakthrough in ATM deposits was seen in 2006–07, when several of the largest U.S. banks began testing ATMs that could accept envelope-free deposits of checks and currency. This method offered consumers images of their checks or detailed listings of the deposited currency before the transaction was final. Because consumers had this opportunity to verify their deposits, they had a much higher level of comfort. Additionally, consumers could now make their deposits much later in the day and still have them included in that day's processing. These banks soon began widespread implementation of such functionality in a vast majority of their locations, and other top-tier banks followed suit. The reassurance of the deposit verification and the increased convenience has led to a sharp increase in deposit transactions through the ATMs equipped with this feature. Furthermore, studies show that the cost of a deposit transaction dropped below 50 cents.

It appeared like a win-win-win outcome. ATM channel managers and manufacturers both were pleased with the new functionality. And bank customers were obviously pleased, as evidenced by the increased deposit transaction volume through the ATM.

Meanwhile, in a parallel universe...
At the same time that ATMs were getting new functionality, the remote deposit capture product was being developed. This product was first offered to commercial bank customers that received moderate volumes of checks. Company employees scanned the checks on dedicated equipment and then transmitted the captured images to the bank. This product was made possible under the provisions of Check 21. Then the banks expanded the service to include low-volume check businesses using generic scanners that the business likely already possessed. And most recently, a number of banks have begun offering remote deposit capture to both consumer and commercial customers as part of their mobile banking service with the camera feature on a smartphone.

In our ever-changing technology environment, the role of product and channel management has never been more difficult. Products that are technology-dependent can have an extremely short lifecycle and face competition from other sources. Will the proliferation of the remote deposit mobile application dampen the demand for envelope-free deposit accepting ATMs, especially at the smaller banks? Will these technologies collide, or will they continue to move down parallel paths? How will this technology and others come to impact the future of the ATM? We would like to hear your perspective.

David LottBy David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

January 22, 2013 in emerging payments, innovation, mobile banking | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c017c36231934970b

Listed below are links to blogs that reference Parallel Paths or Course to Collision? Technology's Effects in the Payments Industry:

Comments

Banks and Financial institutions invest heavily in improving customer convenience and customer experience. Envelope free ATMs are one such facility that has gained significance off-late. In emerging markets like India, ATMs function well as a self-servicing kiosk. Many ATMs in India support P2P transfers and even opening of "fixed deposit" accounts. Pilots are underway to provide options to open Mutual Fund accounts. Obviously these services attract more customers to the ATM outlets.

On the other hand, remote deposit captures have gained significant acceptance in the market recently. With the smartphones volumes increasingly eating into the feature phone’s market share, “remote deposit capture” is set to gain more popularity, given its sheer convenience to the customer.

At the same time, one has to bear in mind the preferences of Gen Y. Today, customers want everything “on the move”. The advent of mobile technology only accelerates this process. With more innovations coming up in mobile based micro payments, the usage of cash will decrease gradually. It may even reach a negligible size down the years. Paper based checks are already on the decline and will meet its natural death soon – Regulatory bodies in some European countries had mandated the stoppage of check payments long back. With papers based payments going down, the demand for remote deposit capture will also decline.

So when we compare envelope free ATMs with remote deposit captures, my take is that both will meet their natural death soon – may be in a few years. However, in the current scenario, given the nature of Gen Y, remote deposit capture will stand to gain over envelope free ATMs.

Posted by: Pari | January 29, 2013 at 09:33 AM

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

November 26, 2012

Highlights from a Conference on Technology and Payments

The retail payments landscape is rapidly evolving as technological advances promote new electronic payment methods. On October 15–16, the Risk Forum convened at the Atlanta Fed a diverse gathering of stakeholders in the payments industry. Industry representatives were from telecommunication firms, airlines, standards bodies, payments processors, and coffee house retailers, as well as the more traditional players.

Federal Reserve Bank of Atlanta President and CEO Dennis Lockhart kicked off the event. His opening remarks focused on the Federal Reserve System's role as a central bank in the country's retail payment system, both as a payments operator and as the country's guardian of financial stability. In the latter role, the Fed aims to preserve the integrity of both the retail and wholesale payments systems. Lockhart stressed that although this role has national strategy overtones, it is not intended to stifle innovation and competition but rather to support a market-oriented approach to payment developments. By noting the vulnerabilities that the fast pace of change and innovation in the industry create, Lockhart set the stage for the day's session, the highlights of which we are sharing here. You can find the complete presentation materials on the Atlanta Fed website.

Technology developments in card-based payments
Legacy plastic cards are likely to remain important for some time. Nevertheless, significant changes are under way. These technological changes were the focus of this panel. The U.S. payments industry is struggling to collectively shift from magnetic stripe-enabled card payments to a more secure and interoperable environment. Panelists discussed the challenges posed by the planned U.S. migration to chip-enabled cards and to the EMV standards already adopted in most of the globe's major developed countries. They discussed the potential shift in fraud to card-not-present payments in the shift from mag-stripe cards. Panelists said that fraud mitigation in the future U.S. EMV environment will require additional data analysis tools, including the use of better encryption methods and tokenization. They also touched on the benefits of PIN versus signature authentication.

The evolution of technology standards in retail payments
Technology standards provide the cohesion to ensure the critical mass needed for successful payment network adoption. At the same time, the myriad of new market solutions, patent issues, and even standards bodies themselves challenges industry cooperation and consensus building, slowing the standards development process. Panelists discussed the activities of various standards bodies that touch retail payments today. They also talked about how they are working to galvanize industry stakeholders to agree and employ standards that foster security and interoperability.

Mobile payment developments at the point of sale
This panel of experts reviewed technological developments in the mobile channel for payments at the merchant's point of sale (POS), including the rollout of several mobile wallet initiatives. Panelists discussed the challenges associated with the highly dynamic nature of the technologies. They noted that new complex business models are resulting in many different types of payment solutions, creating a confusing ecosystem for mobile proximity payments.

Panelists noted that the many new, thought-provoking products out in the market place today create many unknowns, not only with respect to security, but also future viability. They agreed that it is hard to predict which solutions have true scalability. An interesting discussion took place on the success of new payments such as Square, which changed the proverbial game by expanding the population of merchants that can accept card payments and by repurposing the mobile handset into a payment acceptance device. The panel also discussed how Starbucks unwittingly assumed the role of a payments pioneer when they moved to the mobile channel. Their original aim was not to adopt a new payments method but rather to increase customer loyalty and convenience.

The merits and challenges with the upcoming EMV migration were also top of mind for the panel.

Technology trends in mobile payment transfers
U.S. mobile payment developments have generally centered on payments at the POS. However, remote mobile payments, or person-to-person mobile transfers, are also taking form as a business model. Panelists discussed how nonbank players are entering the money transmission space hoping to leverage new mobile technologies. They explored the current environment for domestic and cross-border mobile transfer payment activity, analyzing the changing roles of payment service providers and the subsequent regulatory and policymaking considerations.

Panelists noted that we are seeing a huge paradigm shift in mobile money, with prepaid airtime credits looking more and more like currency in developing countries. Some countries permit payment service providers to provide airtime cash-out; Kenya's M Pesa is one of these providers. The lack of system interoperability across borders and liquidity management considerations are barriers to a global, scalable airtime transfer system. Panelists also noted, however, that airtime transfers are increasingly becoming a natural complement to traditional remittances.

In addition, traditional remittance providers are partnering with telecom firms to deliver services in emerging markets. These providers also work with banks in more developed countries, like the United States, to use the mobile channel in more efficient ways.

Technology threats and mitigants in electronic payment systems
Whether through scams such as “Obama Will Pay Your Bills” or corporate account takeovers, criminals are increasingly using electronic payments networks to perpetrate fraud. Panelists stressed that industry stakeholders must themselves become more sophisticated in order to develop solutions to better detect and mitigate these risks. Future fraud detection will require more sophisticated approaches to address growing vulnerabilities in web applications. Panelists also stressed that financial institutions must validate transactions to enforce rules and limits and to manage fraud.

Conclusion
The Risk Forum uses events such as this to encourage dialogue and share critical business intelligence among participants. We can then use information that comes out of such discussions to inform our work with the payments industry as we collectively work on better solutions to detect and mitigate risk. Expect to see more discussion in future posts. As always, we value your responses.

Cynthia MerrittBy Cynthia Merritt, assistant director of the Retail Payments Risk Forum

November 26, 2012 in chip-and-pin, collaboration, cybercrime, emerging payments, innovation | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c017c33fde72b970b

Listed below are links to blogs that reference Highlights from a Conference on Technology and Payments:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

August 06, 2012

Policymakers, Regulators Keep a Watchful Eye on Mobile Payments

Policymakers and regulatory authorities are beginning to turn their collective eye toward mobile payment developments and with good reason. The rapidly changing environment and the entry of nonbanks in mobile-enabled financial services create a new paradigm in regulatory oversight for consumer protections, bank safety and soundness, and regulatory compliance.

In recognition of these environmental dynamics, the Federal Reserve Banks of Atlanta and Boston recently convened a joint meeting of the Mobile Payments Industry Workgroup (MPIW) and regulatory authorities to discuss recent mobile payment developments and potential regulatory gaps. The two Reserve Banks then jointly published on July 30, 2012, a summary of the meeting describing the meeting dialogue between members of the MPIW and the regulatory community.

You can read the paper on the Atlanta Fed and the Boston Fed websites, but below are some quick highlights.

The complexity of the regulatory framework for mobile financial services requires further ongoing analysis—While regulators recognize supervisory elements common to both mobile and Internet environments, they say that the fast pace of change requires them to more closely monitor mobile payment developments. Regulators have an interest in ensuring safety and soundness as well as consumer protections in the emerging mobile payments environment. Both these objectives require that financial institutions adequately manage vendors when they outsource and partner with third parties in new mobile payment business models.

Education is needed to teach all stakeholders about the mobile environment, from regulators to consumer advocates to consumers themselves—Security, privacy, and consumer protections are important themes that all stakeholders should understand in order to be able to communicate appropriately with policymakers in mobile payments regulation. As mobile payment systems evolve, it will be important to engender cross-industry dialogue at both the industry and regulatory levels to ensure risks in these key themes are sufficiently addressed.

Next steps
The MPIW plans to continue to meet on regulatory issues with regulators as the mobile payments market matures. These meetings will serve to educate the regulators about mobile payment developments and risk mitigation initiatives. At the same time, regulators will be able to share early insights and concerns about mobile payments with the MPIW, while hearing their input and perspectives on future policy and regulatory decision making.

Cynthia MerrittBy Cynthia Merritt, assistant director of the Retail Payments Risk Forum

August 6, 2012 in innovation, mobile payments, regulators | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c0167691925b9970b

Listed below are links to blogs that reference Policymakers, Regulators Keep a Watchful Eye on Mobile Payments:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

July 30, 2012

Even an Outsourced Cloud Can Have a Silver Lining: Shedding Light on Cloud Payments Risk Management

Outsourcing is not new in financial services. Banks continue to improve their operational efficiency—and even lower their risk exposures—by engaging third-party service providers to perform specific functions they used to manage internally. Now, technological advances are enabling financial institutions and other payment providers to shift certain data management functions to the cloud, an outsourcing practice we discussed in an earlier Portals and Rails post. Cloud outsourcing provides operational cost savings to the end user community, but these new services introduce new risks in payment systems.

On July 10, 2012, the Federal Financial Institutions Examination Council (FFIEC) published a statement on cloud computing to supplement its Outsourcing Technology Services booklet. The aim of the statement is to help financial institutions better understand the fundamental risks associated with these new services and the need for robust vendor management.

Cloud computing basics
The term "cloud computing" in its most basic sense describes a service that stores and processes data on a remote network. Cloud service providers are entrusted with ensuring the security of end user data within that remote network.

A notable feature of cloud computing is its deployment model. Risk profiles may differ, making some models more appropriate for some services than others. Some models may include private clouds operated for a single organization, community clouds that are shared by several organizations, or combinations of the two for hybrid business models.

According to a recent paper authored by Dan Schutzer, chief technology officer of BITS, small devices like mobile handsets have limited storage while communications networks are becoming faster and more efficient. These factors have led to more businesses offering services that allow data to reside in remote servers, or in "the cloud." He cites public cloud examples like Flikr, which allows consumers to store photos in the cloud, and Google Docs, which allows consumers to manage documents remotely.

Risk management in cloud computing
Arguably, the data in these examples may not be as sensitive as that managed by financial institutions and others involved in payment processing. The FFIEC statement notes that as financial institutions consider a cloud computing model in their outsourcing strategies, risk management and third-party oversight to protect sensitive personal consumer data become increasingly important.

The FFIEC statement maps the key elements of risk management articulated in the existing interagency guidance. It starts with due diligence, noting that financial institutions are responsible for ensuring that third-party activity is conducted according to applicable law and regulation, just as if they bank retained those functions in-house. It also discusses the key elements to consider in ongoing vendor management and business continuity planning.

The vendor management challenge
A major takeaway for financial institutions and other payment providers is in the part of the FFIEC statement that discusses "legal, regulatory, and reputational considerations":

The nature of cloud computing may increase the complexity of compliance with applicable laws and regulations because customer data may be stored or processed overseas. A financial institution’s ability to assess compliance may be more complex and difficult in an environment where the cloud computing service provider processes and stores data overseas or comingles the financial institution’s data with data from other customers that operate under diverse legal and regulatory jurisdictions.

While the risk management fundamentals for cloud computing remain the same, the increasing complexity of the operating environment will challenge the effectiveness of vendor management programs going forward. As outsourcing relationships expand geographically, the expertise required to oversee those activities will increase as well. Furthermore, third-party service providers may have outsourced relationships themselves, requiring inclusion of those downstream oversight processes in the financial institution’s vendor management program.

The FFIEC guidance provides a good description of these risks and challenges to consider in selecting and managing a cloud computing strategy, but also notes that "cloud computing may not be appropriate for all financial institutions."

Cynthia MerrittBy Cynthia Merritt, assistant director of the Retail Payments Risk Forum

July 30, 2012 in emerging payments, innovation | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c017743c6d32b970d

Listed below are links to blogs that reference Even an Outsourced Cloud Can Have a Silver Lining: Shedding Light on Cloud Payments Risk Management:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in