Portals and Rails, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Portals and Rails and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
April 11, 2011
Dispelling the myths about mobile banking and payments
There is a lot of confusion these days when it comes to mobile banking and payments. Consumer advocates warn that mobile payments will be unsafe and we need to develop consumer protections now to create a harbor from scams and rip-offs. While it's true that payment innovations often introduce new risks, they also create opportunities to create better safeguards that ensure a more secure payments system. So the path forward is best armed with accurate information about how the mobile wallet will work in the future. With so many new product trials and service rollouts for both mobile banking and payment services, it's difficult to separate fact from fiction. Today, we take an opportunity to do just that. We’ll look at some of the myths we hear most often about mobile banking and payments in the United States.
Myth #1: Mobile banking and mobile payments are one and the same
We often hear people use the term mobile financial services to refer to banking and to payments, as if they were the same thing. The fact is, they are different services that appeal to consumers in different ways, and they are accompanied by very different types of risk. As a recent position paper published by the Atlanta and Boston Federal Reserve Banks defined it, mobile banking refers to a service that accesses bank information such as account balances and transaction history and that facilitates transfers between accounts and online bill payment. Mobile payments, on the other hand, refers to the use of the phone either to make a payment for purchasing goods or services at a merchant's point-of-sale—a transaction also known as a proximity payment—or to transfer money to another person or a business. The latter transactions, domestic and remittance payments, are referred to as mobile money transfer (MMT) payments and occur remotely either within a country or cross-border. Because mobile banking services are merely extending online functionality from the PC to the cell phone, the risk profile for the mobile phone is not markedly different.
Myth #2: Mobile payments represent digital money and lack regulation
While emerging markets are experiencing some remarkable advances in mobile commerce using text messaging to send a payment via prepaid airtime, the U.S. experience, as with other developed countries, is very different. Text-message-based mobile payment systems work for those emerging markets because they are clearly safer than cash. Here and in other developed countries, we have safe payments already, so the mobile device would merely be another channel to access existing payment instruments and their networks for clearing and settlement. All the rule sets, laws and regulations, and consumer protections that govern retail payments today will simply migrate to the mobile channel. While new networks, or rails, may emerge in the future, at present, the payment network systems remain the same.
Myth #3: Mobile payments are less secure that other payment methods
First of all, the security functionalities resident in the mobile handset provide authentication capabilities that don't exist in the current payments environment. The ability to add passwords and GPS location functionality to the handset represent additional security controls to accessing payment instruments in the future mobile wallet. Today, there are no locks on your leather wallet to preclude a bad actor from stealing your credit and debit cards and using them for illicit activity.
Moreover, the technologies that enable our current payments are becoming increasingly obsolete and vulnerable to fraud. Card payments grow riskier every day as the United States remains reliant upon mag-stripe technology, which is very easy for criminals to breach and then use to clone cards for illegal payments. Because mobile devices will use contactless technology in the form of an embedded computer chip, the mobile phone will be a much more secure payment device than the plastic cards we use today.
Conclusion So maybe the idea of mobile banking and payments isn't that scary—and maybe these things aren’t even that trendy any more. When you get right down to it, the cell phone is just another form factor for a payment.
But that's not to say that a lot of new ideas aren’t percolating out there. We know that telecoms are taking small steps with micropayments by allowing consumers to pay after-the-fact for digital goods—things like avatar accessories, ringtones, and even cows and corn in online games like Farmville—on their regular phone bills. Facebook credits are reportedly evolving into Facebook payments for physical venues outside of virtual online games and stores. And we all are waiting expectantly to see if Apple will make use of its extensive iTunes network as a more open payment system whenever the next iPhone is released.
At the Retail Payments Risk Forum we'll continue to keep an eye on emerging payment developments such as these, and work toward clearing up confusion. So don't wait for a blog post, feel free to send an e-mail to any one of us in the Risk Forum if you have a question. We’d love to hear from you.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum
TrackBack URL for this entry:
Listed below are links to blogs that reference Dispelling the myths about mobile banking and payments:
November 15, 2010
Retail Payments Risk Forum publishes white paper on mobile payments
Everyone has a cell phone these days, and that ubiquity is paving the way for wide acceptance of mobile money person-to-person transfer services, also known as MMT. Emerging countries, where the mobile channel provides a safe, efficient environment for conducting financial transactions and improving financial inclusion, have been especially quick to adopt MMT. In contrast, mobile payment adoption in the United States has been slow, but many experts believe that, with more people acquiring smart phones and having access to all the applications that go with them, MMT is on the brink of becoming widely accepted.
As roaming agreements between wireless carriers and the globalization of commerce in general work together to render our world's geographic borders irrelevant, how quickly can we expect these services to migrate to the United States? More importantly, as various forms of electronic payment crimes emerge, what should the industry do to prepare for new mobile services in a cross-border environment?
To answer these questions, the Retail Payments Risk Forum recently published a white paper titled "Mobile money transfer services: The next phase in the evolution in person-to-person payments," which describes the current landscape for these services and examines the risk environment for mobile money for both developed and emerging countries as new business partnerships between bank and telecom firms take shape.
MMT has the potential to catalyze the mobile financial services market
Infrastructure developments to support MMTs could support the evolution of other financial services. According to the GSM Association, this infrastructure provides the basis for the concept of the mobile wallet, which will allow mobile phones users to conduct banking, proximity payments using the phone at a merchant's point-of-sale terminal, and remote mobile payments, including domestic and cross-border mobile transfers.
The mobile money risk environment
The risks inherent in all retail payments are also present in the mobile space, including money laundering, privacy and security, consumer protection, fraud, and credit and liquidity. As mobile financial services evolve, there will be a number of issues to consider for managing the new risks mobile phone-based payments stand to introduce. The emergence of more nonbank participants in the distribution of mobile payments, including telecom firms and their agents along with technology vendors, may create additional risk considerations for payment regulators. Since mobile technology-enabled payments do not require the face-to-face interaction that takes place with traditional banking, the resulting opaque, anonymous experience can also create more opportunity for criminal activity. This will be increasingly important in a future where mobile retail payments will occur rapidly and across geographic borders, potentially outside the purview of traditional regulatory oversight. Payments regulators have limited expertise and experience in identifying electronic payments crime in communication systems—so the potential for abuse is a real and imminent threat that is still abstract and not well understood in this early stage of the game.
Policy considerations for industry stakeholders, policymakers, and regulators
The integrity and safety of the world's retail payment systems rely on cooperative information sharing about service developments and potential gaps in regulation. A number of considerations should remain at the forefront of industry discussions.
- The new mobile landscape will require dialogue between the regulatory authorities for financial services and telecom firms. Financial and telecom sector regulators will need a comprehensive understanding of the emerging risks in mobile payments with a collective eye toward the potential need to establish new regulatory concepts of electronic money regulation. This may demand a program for routine communication to ensure that regulators understand payment system risk issues and provide effective risk-based supervision for payment services providers.
- An oversight infrastructure for mobile payments, including the financial services of telecom firms, should be established. This oversight might be established through a routinely convening workgroup representing applicable regulators or the creation of a new organization with expertise in the unique and dynamic risk issues in mobile services.
- Cross-border mobile payments may require improved customer-data sharing on an international basis. The anticipated growth in mobile remittances may demand a new environment of international cooperation and sharing of customer data and analysis.
- U.S. mobile payments services providers should be required to establish programs to mitigate the risk of money laundering. Mobile services will require new methods for detecting and monitoring data flows. All service providers, including telecoms, will need to establish risk management programs commensurate with the risk in their service offerings.
- Converged regulatory authorities should examiner consumer protection risks for potential gaps in regulatory oversight. In the United States, it may be necessary to reexamine the applicability of Regulation E protections to stored-value payments as they become more prevalent in the mobile channel, in order to prevent consumer confusion in error resolution scenarios.
The experts are right in saying that mobile adoption still low. But the rapid pace of change means that industry stakeholders, and especially regulators, need to be forward-looking and anticipate where the winds of change will blow. A rearview mirror approach to addressing emerging risks in mobile payments can be modified with proactive thinking, dialogue, and global collaboration.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum
TrackBack URL for this entry:
Listed below are links to blogs that reference Retail Payments Risk Forum publishes white paper on mobile payments:
October 04, 2010
Has existing regulation of money services businesses kept pace with their enhanced financial services options?
Most businesses that meet the definition of money services business (MSB) offer financial services such as wire transfers, currency exchange, check cashing, traveler's checks, money orders, or stored-value cards. In the past, MSBs mostly served consumers without an established banking relationship—that is, the unbanked. Today, consumers with established banking relationships may also use these services on occasion because the MSBs sometimes offer cheaper services, such as wire transfers, than banks do.
Well-established MSBs such as Western Union and MoneyGram have provided the traditional services—wire transfers, currency exchange, check cashing, and so on—for years. Over the past few years, MSBs have rapidly grown and expanded their financial services offerings with options such as Internet-directed services for person-to-person (P2P) and person-to-business (P2B) payments, stored-value products, and, most recently, mobile money transfer service, which permits users to send funds cross-border and domestically using their mobile phone.
But are these expanded financial services within the coverage of the existing regulatory framework for MSBs? Are there new money laundering risks with the introduction of new financial services options not previously anticipated by the existing regulatory framework?
Conforming MSB regulation to mirror MSBs enhanced services
Although states have regulated check cashers and money transmitters for years, regulation of these nonbank financial institutions has not been uniform. The Uniform Money Services Act (UMSA) was adopted in an effort to provide a framework to deal with money laundering issues unique to nondepository providers of financial services. UMSA applies to businesses that provide money services and requires that MSBs be licensed, maintain extensive records of their transactions, and submit to audits. Although some MSBs may only offer one or more of the services listed above, all MSBs are subject to the provisions of UMSA because of the interrelated group of services they offer and because they are not regulated in the same manner as depositary institutions.
UMSA expanded existing MSB regulatory coverage to include what was considered at the time a new type of payment service: Internet-based service. It was believed that this new type of financial service posed the same concerns as did traditional financial services, such as wire transfers and check cashing, for example.
A patchwork of regulation
MSB compliance is a complex patchwork of regulations that involve federal restrictions on money laundering as well as state consumer protection mandates. MSBs are required to follow Bank Secrecy Act/Anti-money Laundering (BSA/AML) regulations that require them to file "Currency Transaction Reports," implement AML programs, and file "Suspicious Activity Reports." The Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has delegated authority to the IRS to examine MSBs for compliance with BSA requirements. State agencies may evaluate MSBs for compliance with BSA, though they may not directly enforce the BSA. Generally, State agencies are charged with enforcing their own MSB state statutes and regulations, which sometimes may impose requirements that overlap with the BSA.
Navigating through MSB regulations
In 2009, FinCEN conducted outreach meetings with some of the largest MSBs in an effort to better understand how MSBs navigate through these numerous regulations. The meetings resulted in the production of a report that stated that as MSBs navigate through these regulations, they place significant emphasis on agent oversight and compliance, value their reputation and consumer trust as the core objective of their business models, and feel that being in compliance with BSA regulations is consistent with their business model. The results of this report do not certify that the participating MSBs were in compliance with MSB regulations.
In the last year, legislation was proposed that would centralize MSB anti-money laundering compliance with the Treasury and authorize that office to recognize a self-regulatory organization similar to the private nonprofit Financial Industry Regulatory Authority (FINRA) that regulates broker dealers. The goal of the bill is to bring about uniform registration and supervision of MSBs without preempting state laws.
MSBs play a vital role in domestic and foreign economies, particularly by providing the needed financial services that facilitate the transmission of money to foreign countries. Establishing uniform legislation may strengthen the continued work of combating money laundering and help prevent the use of MSBs as channels for money laundering or other illicit activities.
By Ana Cavazos-Wright, senior payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Has existing regulation of money services businesses kept pace with their enhanced financial services options?:
June 01, 2010
Mobile P2P money: Contemplating new risks while analyzing adoption potential
Cell phone ubiquity and the growth of wireless networks are helping the world's poor to transcend from informal, cash-based societies to societies with more efficient and safer payments systems. The recent success of mobile operator-led payments services in emerging markets is galvanizing market experimentation in developed countries such as the United States.
Technology ripe for advance of mobile P2P
Mobile network operators and other nonbank firms are beginning to offer mobile-enabled payments transfer services in cross-border environments, using "agents" such as the corner store to accept cash deposits and accommodate withdrawals in lieu of traditional bank branches. These money transfer services, including both domestic and cross-border person-to-person (P2P) payments, are shifting to the mobile channel, providing consumers efficient, electronic alternatives to paper-based P2P payments. However, improved carrier roaming capacity and increased transaction activity may create opportunities for money laundering abuses and other unforeseen financial crimes. As new mobile financial services such as mobile P2P gain acceptance in markets throughout the world, how will industry participants plan for new and unanticipated risks?
The potential for market adoption
According to CGAP—or the Consultative Group to Assist the Poor—more than a billion people worldwide lack access to traditional financial services, but they do have mobile phones. This ubiquity has the potential to extend even more financial services to unbanked peoples throughout the world. In fact, a 2007 survey conducted by the GSM Association found that respondents expected the number of subscribers using mobile domestic money transfers to grow more rapidly for developed markets than for developing markets. These results imply that consumers in developed markets are interested in electronic P2P payment options and would be willing to conduct them via the mobile device.
The game changer when we think about payment adoption is the ability of the cell phone to execute domestic transfers in addition to international exchanges. This expanded functionality may fulfill the needs of mainstream consumers, as well as the unbanked, by giving them a convenient, cheap, and efficient alternative to writing checks or going to an ATM for a cash withdrawal for low-value exchanges.
The risk environment
In emerging markets, the risks of money laundering, identity theft, and other fraud are very real—they are merely eclipsed by the risks inherent in informal, cash-based systems, such as theft and extortion and possibly more violent crimes. So consumers in these countries where mobile payments are successful are arguably better off today despite the new risks introduced. However, this may not be the case in the United States, where we have a vast array of secure payment alternatives in place already. If convenience ultimately leads to adoption here, as it has abroad, what risks will P2P mobile money introduce, and how will we manage them?
The risks inherent in all retail payments systems are also present in the mobile space, including money laundering, privacy and security, consumer protection, fraud, and credit and liquidity risks. However, the mobile environment adds a dimension of complexity that makes quantifying risk more difficult. Participants in the payments value chain are increasingly disintermediated and outside the traditional legacy banking environment where the regulatory and legal governances are well established. In addition, there are other risks more unique to telecom firms that financial institutions and their regulators lack experience in detecting and monitoring. Finally, the regulatory domains governing banking and telecommunications are accustomed to operating independently and autonomously from one another and may be challenged to work collaboratively.
Implications for the United States
Domestic and international mobile money transfers are gaining adoption in world markets whose participants are likely to transact with U.S. consumers as wireless carriers provide services cross-border. Today, evidence in support of U.S. consumer demand is inconclusive because of the limited availability of P2P services and limited user experience. However, prevalence in offerings may not be the appropriate benchmark for determining whether discussions on risk management and payment system integrity are important going forward, as risk exposure may not be directly correlated to the rate of adoption. In order to protect the integrity and ensure continued security of retail payments systems in the United States, all participants in the emerging mobile payments industry should engage in proactive dialogue on emerging risk issues inherent in mobile money transfers.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum
TrackBack URL for this entry:
Listed below are links to blogs that reference Mobile P2P money: Contemplating new risks while analyzing adoption potential:
- Under Pressure: The Fate of the Independent ATM Operators
- What’s Unsettled in Faster Payments?
- Consumer Prepaid Protections May Be Catching Up with Prepaid Use
- Virtual Currency Environment Still Fluid after Latest Rulings
- ISO 20022 in the United States: What, When, Why, and How?
- Let's Talk Tokens, Part III: What Problem Does Tokenization Solve?
- Mobile Biometrics: Ready or Not, Here They Come
- Starting Off on the Right Note with Mobile Enrollment
- Let's Talk Token, Part II: Distinguishing Attributes
- New ACH Return Rate Threshold on the Horizon
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud