Retail Payments Risk Forum
Font Size: A A A

Portals and Rails

July 28, 2014

Where's the Mobile Payment?

I was a big fan of the '80s Wendy's commercials that featured an older woman uttering the phrase, "Where's the beef?" I recently found myself muttering something similar to myself: "Where's the mobile payment?" In early July, I came across the American Banker website headline "Six Fintech Startups That Wowed Bankers." The article highlighted six tech startups that recently pitched their financial products and services to executives from 15 of the largest banks at a one-day event. I was expecting to read about several mobile payment or mobile wallet startups, but surprisingly, none were mentioned.

According to the article's author, for a fintech startup to capture a banking executive's attention, it must address a need in the marketplace that few others are meeting. Could it be that the executives don't view mobile proximity payments as a customer need? I recently blogged about mobile payments fatigue and received some mixed feedback—but I heard little from our banking community readers. From a mobile payments perspective, they are extremely active in both person-to-person and bill payment initiatives. But outside of a few limited pilot programs, financial institutions have made little noise regarding mobile proximity payments or mobile wallets.

Given the prominent role financial institutions are playing in mobile payments through person-to-person and bill payments, why aren't they actively participating in proximity payments at retailers? Are they failing to meet the needs of their customers? According to the J.D. Power 2014 Retail Banking Study, customer satisfaction with banks is at an all-time high. And though the study found that some banks are falling short of meeting their customers' needs, the large banks covered in the survey experienced a significant rise in customer satisfaction scores, leading me to believe these banks are doing as good of a job as ever in listening to their customers and fulfilling their needs.

Is it possible that there isn't currently a driving consumer need for banks to deliver a mobile proximity payment or mobile wallet solution? My colleague Dave Lott suggested earlier this year that for mobile adoption to take place, the experience needs to follow Andy Grove's 10x rule and be 10 times better than what consumers are used to. What do you think it will take to catch the eyes of banking executives in the mobile proximity payments space?

Photo of Douglas A. KingBy Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

July 28, 2014 in innovation, mobile banking | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01a511eb09ff970c

Listed below are links to blogs that reference Where's the Mobile Payment?:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 03, 2014

An Efficient Mobile P2P Payment: The Paper Check

Having had the chance to spend some time reviewing the 2013 Federal Reserve Payments Study, I was struck by the lasting power of the check in the consumer-to-consumer (or P2P) space. Although overall check usage has declined (checks written by businesses and by consumers to businesses have all declined significantly), check usage in the P2P space increased between 2006 and 2009 and was stable from 2009 to 2012. And this has occurred when the number of bank and nonbank mobile P2P payment solutions that have entered the marketplace or matured during the past few years.

As a parent of two young children, I have acquired ample experience in the P2P payments space—that is, in paying babysitters. As a self-proclaimed payments geek, I am always interested in learning how the babysitter prefers to be paid. Cash remains king with most, at least the high school-aged ones. We have one college-aged sitter who likes being paid through a nonbank P2P payment provider. And most recently, another college-aged sitter wanted to be paid by check, which really caught me off guard. She informed me that she uses her mobile banking app to process her checks through mobile remote deposit capture (RDC) and that she prefers having access to the funds through her debit card over cash. The amazing thing that has struck me from these weekly transactions is the efficiency of this P2P payment transaction.

If the babysitter makes the mobile deposit before 9 p.m. (ET), she has access to the funds the following day. If after 9 p.m. , the funds are available to her in two days. On my end, the transaction appears in my banking activity the morning following the deposit. Talk about efficient—fast and inexpensive (no fees paid by either of us)!

Obviously, the efficiency of this transaction would have been diminished were this not a face-to-face transaction. And maybe that is where the true value of online or mobile P2P payments comes into play. However, the resilient check and mobile RDC banking application worked really well in this face-to-face setting. According to a recent report, mobile RDC was offered by approximately 20 percent of U.S. banks in 2013, up from 7 percent at the end of 2012. As more financial institutions roll out the offering in the upcoming year, maybe it will be the case that the old paper check is here to stay and will flourish in the P2P payments space. And based on my experience, that might not be a bad thing!

Douglas A. KingBy Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

March 3, 2014 in checks, mobile banking, mobile payments, payments study | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01a5117ad29c970c

Listed below are links to blogs that reference An Efficient Mobile P2P Payment: The Paper Check:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

July 15, 2013

In Memory of a Beloved Colleague: Protecting Your Bank Account

This repost of a blog post, originally published on April 8, 2013, is in memory of our beloved colleague and friend, Michelle Castell. Michelle died earlier this month after a long and courageous battle against cancer. The blog summarizes a white paper Michelle wrote earlier this year concerning online account takeovers, a topic that is still timely. Michelle was new to the world of payments when she joined the Retail Payments Risk Forum in mid-2012. In her enthusiasm to learn about payments, she experimented with different payment types and channels to gain a personal understanding of how they work and the risks they pose. Michelle was immediately intrigued and concerned by the account takeover risks posed to consumers and businesses from the alarming growth of malware on mobile phones. It was through her personal and enthusiastic approach to her work that Michelle became an advocate for improved consumer education when it comes to payments security—which is the conclusion of this post and her account takeover white paper. You can find a link to the white paper at the end of the post.

Today's news is loaded with stories of account takeovers of both businesses and individuals. With an alarming frequency, accounts are hacked, identities are stolen, and money disappears. Have the availability of smartphones and their increased use for conducting social, financial, and personal business sparked this increase? With a 78 percent penetration rate in the United States alone, mobile phones are not going away, and smartphone growth is catching up.

Currently, there are 6 billion mobile subscribers worldwide, with more than 1.2 billion of them accessing the web at any given time. These individuals are shopping, banking, watching videos, playing interactive games with other players, texting, or e-mailing on their devices. Smartphone users are actually three times more likely to provide their log-in information when prompted than those accessing the Internet from a personal computer, according to the computer and network security company RSA. Given these trends, fraudsters are once again taking advantage of the weak spot and using technology to spread malware onto mobile phones.

Less than 50% of Mobile Consumers Find Many Dangerous Behaviors to be Risky

While the number of individuals accessing the web is staggering, perhaps even more amazing is the increased usage of mobile devices for sending text messages. In 2011 alone, more than eight trillion text messages were sent. As such, text messaging fraud—or “smishing,” a term created from the abbreviation for short message service SMS—is now becoming a tool of choice for fraudsters.

Is your phone protected? Studies conducted in the United States and abroad show that only 4 to 10 percent of all phones have antivirus software, compared to over 80 percent for personal computers. It's just as easy for a cybercriminal to gain access to your financial institution through a mobile text or a mobile e-mail account as it would be on a computer. Could protection and education about mobile security be the ticket to reducing account takeovers? I believe it can. Taking a bite out of that 90-percent statistic for unprotected smartphones most certainly will deflect attacks that could penetrate through to the financial environment. T-Mobile recently announced it was teaming up with Lookout virus protection to begin shipping most Android models with out-of-the-box protection against malware and viruses. This move could be a significant first step in virus protection, especially if other phone manufactures were to follow suit.

What can you do? Well, there are a few things, including:

  • Install a certified virus application on all family devices and set them to run weekly (many good options are free).
  • Don't change the default security restrictions by jail breaking your device. Only download applications from a reputable vendor application marketplace (Google Play store or iTunes, for example).
  • Review and make sure you understand any pop-ups, e-mails, or texts before you click.

For more information related to account takeovers, check out the Risk Forum's recent survey paper, "Mitigating Online Account Takeovers: The Case for Education."

Michelle CastellBy Michelle Castell, senior payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed

July 15, 2013 in cybercrime, identity theft, mobile banking | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01901e4679ba970b

Listed below are links to blogs that reference In Memory of a Beloved Colleague: Protecting Your Bank Account:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

July 01, 2013

The Cost of "Free"

Many retail-centric banks have found themselves in a fee-revenue dilemma as the impact of regulations regarding overdraft fees and debit card interchange revenue begins to be felt. After decades of providing "free" services to consumers, these banks are under significant customer pressure to continue this practice even as they roll out new products and services. But this pricing model poses financial risk. The operating expenses of the bank are increasing at the same time that the banks are receiving minimal—if any—incremental revenue.

I recently participated in a conference that had a session comprised of a panel of four MBA students. The goal of the session was for the audience of bankers to better understand the driving forces for financial service decisions by the Gen Y, or millennial, customer. (I wrote a bit about this panel in a previous post.) One eye-opening statement universally shared by the panel was the expectation that mobile banking and mobile banking services be provided free of charge. When asked for a justification, they believe that by using the mobile channel they "saved" the bank money over writing a check or going into a branch office. When further questioned as to how the bank was going to pay for the development and operating expenses of such new products and services, their response was essentially that they believe the bank earns sufficient revenue from its lending operations, including credit cards and installment and mortgage loans. I am sure that many other consumer segment groups have this attitude as well.

After Regulation II capped debit card interchange fees for banks with assets exceeding $10 billion, some banks announced they would begin charging a monthly debit card fee. Consumer and media response was so negative that banks withdrew the proposed fee changes. Subsequently, many banks changed their checking account service fee waiver conditions by raising minimum balance requirements, requiring other account relationships (to provide additional revenue support), or eliminating some previously bundled services. The Bankrate 2012 Checking Survey found that only 39 percent of banks were offering free checking without a minimum balance requirement or maintenance fee. This percentage is down from 45 percent in 2011 and 76 percent in 2009. Credit unions have not followed suit—the number of them offering free checking is holding fairly steady at around 72 percent.

Is there anything banks can do to shift consumers' expectations and ease some of the financial risk associated with controlling operating expense levels? We would like to hear from you.

Photo of David LottBy David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

July 1, 2013 in financial services, mobile banking, regulations | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c0192abd00149970d

Listed below are links to blogs that reference The Cost of "Free":

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

May 13, 2013

Which Is Riskier, Change or Avoiding It?

There is no denying that any level of change brings with it some level of risk. However, sometimes avoiding change can result in even greater risk. That is the quandary many retail banks find themselves in today as they grapple with the issues of mobile banking and payments and their role in the bank's overall delivery-channel strategy. Sustainability and regeneration are principles normally associated with the community development and environmental arenas, but they can be easily applied to the banking industry and its consumer delivery channels.

Numerous research studies document a large gap in banking attitudes and product or channel usage between the Gen Y or millennial customers and the older customer segments (those who are over 35, if you consider that old). (The Retail Payments Risk Forum discussed some of this research in a paper posted on our website in April.) Younger customers have less loyalty to bank brand, readily adopt new technology, are highly influenced by advertising and peers, expect free or low-cost banking products and services, and are driven by convenience. While they do have a higher overall trust level of banks compared to nonbanks, the gap is not anywhere near as large as that of the older customer segment. The younger segments have eagerly adopted online and mobile banking and are viewed as the early adopters of mobile payments. In fact, when they select a financial institution, the quality and expansiveness of the mobile banking offering is a major factor in their decision.

So what does this changing landscape have for the future of the traditional brick-and-mortar-branch delivery channel? For some time, banks have tried to establish branches primarily as sales centers while moving basic service transactions to alternative automated, less-expensive delivery channels. This effort will continue, but banks must also regenerate their overall delivery-channel strategy to provide sales and service capabilities through virtual channels in order to attract and retain the growing Gen Y customer segment. This regeneration and sustainability effort involves the "right sizing" of each channel to provide their existing and future customers with the appropriate level of services and features as well as capacity to meet service quality goals. Not only will this effort require risk assessments to be continually made for each delivery channel, but also to develop a holistic risk assessment of each customer across all delivery channels.

Let us know what changes, if any, you are making in your overall delivery-channel strategy to address the changing demographics of existing and potential bank customers.

David LottBy David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

May 13, 2013 in mobile banking, mobile payments | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c0191021786d2970c

Listed below are links to blogs that reference Which Is Riskier, Change or Avoiding It?:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

April 08, 2013

Can These Three Steps Protect Your Bank Account?

Today's news is loaded with stories of account takeovers of both businesses and individuals. With an alarming frequency, accounts are hacked, identities are stolen, and money disappears. Have the availability of smartphones and their increased use for conducting social, financial, and personal business sparked this increase? With a 78 percent penetration rate in the United States alone, mobile phones are not going away, and smartphone growth is catching up.

Currently, there are 6 billion mobile subscribers worldwide, with more than 1.2 billion of them accessing the web at any given time. These individuals are shopping, banking, watching videos, playing interactive games with other players, texting, or e-mailing on their devices. Smartphone users are actually three times more likely to provide their log-in information when prompted than those accessing the Internet from a personal computer, according to the computer and network security company RSA. Given these trends, fraudsters are once again taking advantage of the weak spot and using technology to spread malware onto mobile phones.

Less than 50% of Mobile Consumers Find Many Dangerous Behaviors to be Risky

While the number of individuals accessing the web is staggering, perhaps even more amazing is the increased usage of mobile devices for sending text messages. In 2011 alone, more than eight trillion text messages were sent. As such, text messaging fraud—or “smishing,” a term created from the abbreviation for short message service SMS—is now becoming a tool of choice for fraudsters.

Is your phone protected? Studies conducted in the United States and abroad show that only 4 to 10 percent of all phones have antivirus software, compared to over 80 percent for personal computers. It's just as easy for a cybercriminal to gain access to your financial institution through a mobile text or a mobile e-mail account as it would be on a computer. Could protection and education about mobile security be the ticket to reducing account takeovers? I believe it can. Taking a bite out of that 90-percent statistic for unprotected smartphones most certainly will deflect attacks that could penetrate through to the financial environment. T-Mobile recently announced it was teaming up with Lookout virus protection to begin shipping most Android models with out-of-the-box protection against malware and viruses. This move could be a significant first step in virus protection, especially if other phone manufactures were to follow suit.

What can you do? Well, there are a few things, including:

  • Install a certified virus application on all family devices and set them to run weekly (many good options are free).
  • Don't change the default security restrictions by jail breaking your device. Only download applications from a reputable vendor application marketplace (Google Play store or iTunes, for example).
  • Review and make sure you understand any pop-ups, e-mails, or texts before you click.

For more information related to account takeovers, check out the Risk Forum's recent survey paper, "Mitigating Online Account Takeovers: The Case for Education."

Michelle CastellBy Michelle Castell, senior payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed

April 8, 2013 in cybercrime, identity theft, mobile banking | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c017d42a1a985970c

Listed below are links to blogs that reference Can These Three Steps Protect Your Bank Account?:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 25, 2013

What's Next in Mobile Payments?

I recently participated in two banking conferences that displayed the full spectrum of strategic options and plans of banks regarding mobile payments. The first event was the annual operations/technology conference of a statewide bankers' association with all the attendees being small- to mid-sized community banks. All these banks currently offer an online banking application to their customers; about half of these have customized their online banking application for mobile device usage. Only one bank indicated they had a mobile payments application currently in operation. I was surprised to find that only a couple other banks planned to offer a mobile payments application within the next 12–18 months.

Later in the day, a panel of four MBA graduate students from a prestigious business school of a private southeastern university gave their views on mobile payments. The objective of this panel was to help the bankers understand the key drivers of this demographic's banking relationships and needs. All four panel members indicated they frequently accessed their banks' online banking services with their mobile devices as well as their laptops and tablets. They also unanimously stated they would switch financial institutions if the banks didn't offer the service or if they began charging a fee for the service. Interestingly, only one panelist used the mobile payments application from his bank, and his usage was infrequent. The reasons the panel members gave for their disinterest in mobile payments included difficulty of use of a mobile phone versus a laptop or tablet for bill payment or little need for the service because they found their existing payment methods to be as or more convenient.

At the Bank Administration Institute's (BAI) Payments Connect 2013 conference the following week, a featured track of the two-and-a-half-day event was the wide range of marketing, operational, risk, and technology issues related to mobile banking and payments. The prognosis for mobile payments couldn't have been more optimistic, with a number of panelists declaring that the tipping point for mobile payments had been realized earlier in the year. They credited the adoption rate for smartphones and other indicators they believed to be key drivers. Of course, we have to realize that many expressing such optimism worked for a company that has a vested interest in the success of mobile payments. However, that optimism was supported by a number of research studies delivered during the conference that concluded that the rate of smartphone penetration, the growing volume of mobile payment transactions, and overall consumer attitudes would translate to successful mobile payments programs.

One of the questions bankers frequently asked during the BAI conference was what a panelist would recommend the bank do regarding their mobile payments strategy. While there were some slight variations, panelists consistently responded that banks should get involved now and try a number of different, small-scale strategies. Several panelists used the gambling analogy of placing a distributed number of bets of small amounts rather than going "all in" with one particular mobile payments scheme. They acknowledged that the technology winner(s) of mobile payments was far from certain at this point, with near field communication, QR codes, and cloud options all in different states of adoption and each with their individual advantages and disadvantages.

The practice of "spreading your bets" is certainly a valid risk management strategy, but how practical is such a strategy for small financial institutions? The large banks have their research-and-development budgets, IT development staff, and other resources that allow them to participate in multiple pilot programs, but smaller institutions do not have such resources. Most would be able to offer only a mobile payments program supported by their core application processing provider.

As with many new payment products in the past, larger banks have led the initial efforts, and the smaller banks followed suit after customer demand for the service became more certain and with the realization that not offer the service would put them at a competitive disadvantage. Could this be the reason many banks, especially the smaller ones, have been sitting on the sidelines for now until the mobile payments picture becomes a bit clearer? Let us know what you think.

David LottBy David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

March 25, 2013 in mobile banking, mobile payments, payments | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c017ee9bac3b9970d

Listed below are links to blogs that reference What's Next in Mobile Payments?:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

January 22, 2013

Parallel Paths or Course to Collision? Technology's Effects in the Payments Industry

I don't believe anyone would challenge the statement that the pace of technological change is faster than ever and is likely to increase its velocity going forward. I remember a conversation with my grandfather in the mid-1970s about the biggest changes he'd experienced in his lifetime, which spanned the first two-thirds of the 20th century. Those changes centered on the automobile and airplane (his lifelong vocation was a railroad machinist/mechanic), electricity for the masses, medicine, and radio and television. Today, we can look back just 10 years and see the exponential level of changes in technology that have impacted our everyday lives in these same areas—transportation, energy, medical care, and communications.

Many of these technological changes have affected the banking world, sometimes in ways that create conflicts among various service channels. Recent changes in the way that U.S. banking customers deposit funds, for example, have the potential to create such conflict across channels.

The all-time teller gets a new face
Since the widespread introduction of the full-service ATM in the United States in the early 1970s, this automated delivery channel has seen little change in functionality. Sure, there have been major technology changes that have improved the channel but not fundamentally changed it. Such improvements include the migration from offline to online transaction authorizations, the ATM's ability to dispense multiple denominations of currency instead of a fixed amount, improved display graphics and component reliability, and the sharing of ATMs through the emergence of regional, national, and international interchange networks. Past efforts in the U.S. to add additional functions and migrate the ATM more to a self-service kiosk have not met with great success. There appears to be another attempt to introducing such functions as remittances, bill payment, money orders, postage stamps and ticketing as ATM volume stagnates.

Deposits made through ATMs seldom represent more than 10 percent of total banking transaction volume, and are more often in the 5–8 percent range. Research has consistently shown that consumers are apprehensive about placing checks and currency in ATMs since ATMs do not verify the deposit envelope contents, as tellers do. Truth be told, banks generally didn't actively promote deposits through ATMs for economic reasons. Because deposit envelopes can be deposited empty, most banks required them to be processed under dual control. As a result, until relatively recently, the cost of handling a single ATM deposit was about $1.50 to $2.

A big breakthrough in ATM deposits was seen in 2006–07, when several of the largest U.S. banks began testing ATMs that could accept envelope-free deposits of checks and currency. This method offered consumers images of their checks or detailed listings of the deposited currency before the transaction was final. Because consumers had this opportunity to verify their deposits, they had a much higher level of comfort. Additionally, consumers could now make their deposits much later in the day and still have them included in that day's processing. These banks soon began widespread implementation of such functionality in a vast majority of their locations, and other top-tier banks followed suit. The reassurance of the deposit verification and the increased convenience has led to a sharp increase in deposit transactions through the ATMs equipped with this feature. Furthermore, studies show that the cost of a deposit transaction dropped below 50 cents.

It appeared like a win-win-win outcome. ATM channel managers and manufacturers both were pleased with the new functionality. And bank customers were obviously pleased, as evidenced by the increased deposit transaction volume through the ATM.

Meanwhile, in a parallel universe...
At the same time that ATMs were getting new functionality, the remote deposit capture product was being developed. This product was first offered to commercial bank customers that received moderate volumes of checks. Company employees scanned the checks on dedicated equipment and then transmitted the captured images to the bank. This product was made possible under the provisions of Check 21. Then the banks expanded the service to include low-volume check businesses using generic scanners that the business likely already possessed. And most recently, a number of banks have begun offering remote deposit capture to both consumer and commercial customers as part of their mobile banking service with the camera feature on a smartphone.

In our ever-changing technology environment, the role of product and channel management has never been more difficult. Products that are technology-dependent can have an extremely short lifecycle and face competition from other sources. Will the proliferation of the remote deposit mobile application dampen the demand for envelope-free deposit accepting ATMs, especially at the smaller banks? Will these technologies collide, or will they continue to move down parallel paths? How will this technology and others come to impact the future of the ATM? We would like to hear your perspective.

David LottBy David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

January 22, 2013 in emerging payments, innovation, mobile banking | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c017c36231934970b

Listed below are links to blogs that reference Parallel Paths or Course to Collision? Technology's Effects in the Payments Industry:

Comments

Banks and Financial institutions invest heavily in improving customer convenience and customer experience. Envelope free ATMs are one such facility that has gained significance off-late. In emerging markets like India, ATMs function well as a self-servicing kiosk. Many ATMs in India support P2P transfers and even opening of "fixed deposit" accounts. Pilots are underway to provide options to open Mutual Fund accounts. Obviously these services attract more customers to the ATM outlets.

On the other hand, remote deposit captures have gained significant acceptance in the market recently. With the smartphones volumes increasingly eating into the feature phone’s market share, “remote deposit capture” is set to gain more popularity, given its sheer convenience to the customer.

At the same time, one has to bear in mind the preferences of Gen Y. Today, customers want everything “on the move”. The advent of mobile technology only accelerates this process. With more innovations coming up in mobile based micro payments, the usage of cash will decrease gradually. It may even reach a negligible size down the years. Paper based checks are already on the decline and will meet its natural death soon – Regulatory bodies in some European countries had mandated the stoppage of check payments long back. With papers based payments going down, the demand for remote deposit capture will also decline.

So when we compare envelope free ATMs with remote deposit captures, my take is that both will meet their natural death soon – may be in a few years. However, in the current scenario, given the nature of Gen Y, remote deposit capture will stand to gain over envelope free ATMs.

Posted by: Pari | January 29, 2013 at 09:33 AM

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

January 07, 2013

Boston Fed on mobile phone technology: "Smarter than we thought"

When it comes to mobile payments security, will the most secure solution win out, or will convenience rule the day? Mobile payment services are coming to market, however slowly, and as they do, security in supporting technology platforms is a critical consideration for merchants and consumers. In fact, many consumer surveys, such as this one released by the Federal Reserve Board, have reported that U.S. consumers consider security to be an important factor when deciding if they will use a mobile device to access financial information or engage in a payment service. Because security is a major contributor to the success and ultimate broad adoption of mobile payments, Boston Fed researchers examined how the primary technologies supporting mobile payments at the merchant point-of-sale address payments security. These technologies include near-field communication (or NFC) and cloud solutions.

This post looks at some of the high points of a paper written by the Boston Fed researchers about their analysis. The paper, published November 2012 and titled "Mobile phone technology: 'Smarter than we thought,'" discusses the unique characteristics of each technology and why security practices will vary accordingly.

NFC mobile payment options vary in security and convenience
The three primary approaches to NFC mobile payments all involve storing payment credentials in an encrypted smart card chip within the mobile phone. This chip, also known as the "secure element," may reside in the subscriber identity module (SIM) card, it may reside in the micro secure digital (SD)—or memory—card, or it may be hardwired into the actual device. Each of these approaches has benefits and disadvantages with respect to convenience and security.

For example, the SIM card's storage capability provides an additional layer of security. The wireless carrier can manage the SIM card remotely to prevent unauthorized access if the phone is lost or stolen or if the SIM card is removed. In other words, the mobile network operator controls access to the SIM card, which, depending on your perspective, may also be a drawback.

The memory card is also portable and communicates with apps to enable mobile payments. This method can be speedy to deploy. As a result, several U.S. banks, card networks, and transit authorities have piloted solutions using memory cards. However, these cards typically support only a single application or payment account, so they may not be the best long-term solution. Furthermore, their portability presents security concerns because there is no lock or PIN to prevent removal of the card from the phone and then subsequent unauthorized access to the payment information stored within it.

The third approach has the chip soldered into the hardware, making it relatively tamper-proof. Although it is less costly than the other NFC options, it provides no portability feature. So despite the stronger security features, this lack of portability makes this approach inconvenient because consumers cannot easily transfer payment credentials and applications when they switch phones.

Mobile payments in the cloud: A new security paradigm
While industry stakeholders were discussing the security options of NFC technology deployments, new alternatives emerged that rely on cloud computing. In cloud-based payment business models, the consumer's payment credentials are stored remotely on a server—which a merchant or payment services provider manages—as opposed to on the phone's hardware. Cloud-based services are less costly to deploy than NFC-based services. In addition, because they are hardware-agnostic, they are essentially portable and convenient for the consumer. In some ways, cloud-based payments can be more secure than in-phone solutions, since the consumer's payment credentials are not stored in the mobile phone and are not potentially exposed during transactions. However, it is still necessary to take steps to secure the remote storage of payment credentials and other important data. And, as the paper notes:

There are still many unknowns to be addressed. Because payments data can be compromised in the cloud, it is essential that: 1) payments data is not transmitted via SMS [short message service, or instant messaging] or email because these platforms are not encrypted; and 2) payments to the cloud are transmitted between secure, encrypted endpoints handled either by mobile carrier data networks or merchant-provided secure Wi-Fi hotspots, and are not transmitted unencrypted over any network.

Data privacy remains a critical concern
Cloud providers have a responsibility to protect consumer data. They must comply with privacy laws and obtain explicit permission before sharing data or mining it for other monetization opportunities. Ultimately, cloud providers must make sure that the underlying payment services are secure and resilient.

When it comes to new mobile payment methods in the cloud, how will we make sure that cloud service providers are fulfilling these responsibilities? This new paradigm requires new processes for vendor management, especially for banks in mobile payments. Banks will need to be able to demonstrate to regulators that they have conducted a comprehensive risk assessment on service offerings and done third-party due diligence at the onset of an outsourced relationship. Regulators must provide ongoing oversight for financial stability and fulfillment of contractual responsibility.

Complex business models likely will use combinations of technology
As the paper notes, it is likely that we will see hybrid models that use both NFC and the cloud for managing different pieces of information associated with a payments transaction. As we noted in a previous post, there are benefits and challenges to both NFC and cloud technologies. Numerous complex variables are at play when it comes to their security environments. As these technologies are likely to coexist, it will be important to understand the underlying security features as new mobile payment solutions come to market in the future.

Cynthia MerrittBy Cynthia Merritt, assistant director of the Retail Payments Risk Forum

January 7, 2013 in consumer protection, mobile banking, payments | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c017d3f94af97970c

Listed below are links to blogs that reference Boston Fed on mobile phone technology: "Smarter than we thought":

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

November 19, 2012

The Art of Capturing Customers with Mobile Remote Deposit Capture

Last November, Portals and Rails took a look at remote deposit capture (RDC) and wondered if deposit fraud would rise as more financial intuitions roll out the service to more customers. We've seen no evidence in the past year to support an uptick in fraud. However, we have ample evidence demonstrating that the product is becoming mainstream through the mobile channel. With four large financial institutions incorporating RDC with their mobile applications over the summer, eight out of the ten largest depository institutions currently offer the product.

As with any new offering, financial institutions need to understand the risks behind new products and develop strategies to mitigate these risks. At a recent conference, I sat in on a wonderful discussion led by Terri Ferrise and Hunter Wolfe with Cachet Financial Solutions that highlighted the growing demand for mobile RDC and best practices for risk management of the product. Given banks' rapid adoption of the product, Portals and Rails would like to pass along some of the best practices for mobile RDC shared by Terri and Hunter as well as other financial institutions that were engaged in the discussion.

Customer management
"Know your customer" (KYC) is essential with mobile RDC. Financial institutions should prioritize their customers and offer mobile RDC only to their best customers, closely aligning the product offering with customer characteristics. When considering which customers to offer the product to, they should take into consideration these issues:

  • The length of the customer's relationship. Some financial institutions require that an account be open for at least 90 or 180 days before offering the service to their customers.
  • The depth of the customer's relationship. The more products the customer has with a financial institution, the better the financial institution should know that customer.
  • The experience with the customer. For example, has the customer previously used check deposit at the ATM? Has the customer previously attempted to deposit bad checks?

Deposit and velocity limits
Even with strong customer controls in place, financial institutions must also consider and employ deposit and velocity limits, which would include taking these steps:

  • Set realistic deposit limits (daily, weekly, and monthly) and availability rules based on the customer profile.
  • Consider velocity limits and other tools to analyze individual transactions and customer trends. Have a system in place to flag certain deposited items that are out of the ordinary for closer (or even manual) examination.
  • Continually monitor these limits and adjust them depending on the customer's behavior.

Front and back end processes
Financial institutions must also have adequate risk management at both the front end and the back end of the deposit process, which would include some of these strategies:

  • Procedures for dealing with RDC items post deposit. Destruction and franking protect against double presentment.
  • Strong user and hardware authentication routines.
  • Strong image validation and quality guidelines.
  • Customer education to ensure that images are not being stored on their mobile devices.

Just like any other successful product launch, mobile RDC creates new risk considerations. To date, it appears that those financial institutions offering the product are successfully controlling their risks. As this product begins to become commoditized, perhaps the biggest risk to financial institutions may be losing customers if they don't offer the product. For additional information on risk management of RDC, I encourage everyone to read the Federal Financial Institutions Examination Council's guidance on the topic.

Douglas A. KingBy Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

November 19, 2012 in fraud, mobile banking | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c017ee5607a72970d

Listed below are links to blogs that reference The Art of Capturing Customers with Mobile Remote Deposit Capture:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in