Portals and Rails, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Portals and Rails and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
September 12, 2011
Retail Payments Risk Forum publishes discussion paper on peer-to-peer payments
Peer-to-peer (P2P) payment products are some of the most innovative developments from the payments industry in the past decade. Consumers have never had so many payment choices. Alongside a host of recent entrants like PayPal and CashEdge, longstanding industry players like Fiserv, Visa, and MasterCard all offer P2P products. Additionally, three major banks have announced a collaborative P2P initiative called ClearXchange.
Despite this range of innovative offerings, however, the industry lacks a standard understanding of how the various P2P payments in the market work. Further, consumers and businesses are also confused by the many options, and a lack of familiarity may be a source of the inertia that keeps consumers relying on cash and checks for most P2P payments.
The Retail Payments Risk Forum recently published a working paper on P2P payments as a resource for regulators, consumers, and the payments industry in general. The paper offers a framework to organize a discussion of P2P payments and evaluate the associated risks. This framework should help bankers and regulators better manage the risk exposure of different P2P products currently in the market. The framework categorizes transactions by counterparties, access channel, funds load and receipt instruments, and settlement network. Any P2P payment can be mapped across this lifecycle into categories that are mutually exclusive and comprehensively exhaustive.
Consumers send P2P payments by first initiating the transaction through an access channel. Traditionally limited to face-to-face, mail, or bank branches, today you can send payments at a kiosk, online, or even with your mobile phone. The payment funds are loaded and received through an instrument like cash, a bank account, credit card, or prepaid balance. In the background, the funds clear and settle over traditional networks, including ACH, wire, and card networks.
The paper goes on to detail specific P2P payments with case studies indicating how a provider fits across the payment lifecycle. Two of the covered providers have been mentioned in this blog before: Western Union and CashEdge's PopMoney.
In a Western Union P2P transaction, both counterparties are consumers. The sender can initiate a payment at an agent location, a kiosk, or online, or by using their mobile phone in some limited markets. The sender can fund the transaction using cash or a credit, debit, or prepaid card. Senders can also use their account and routing numbers to fund transactions made online or by mobile. Western Union has been proactive in expanding the access channels and funding instruments available to remittances senders. The transaction clears by ACH in countries where the network is available, and by wire in other geographies. Finally, the recipient can receive the funds as cash, or can direct them to their bank account using account and routing numbers.
Consumers can use CashEdge's Popmoney to send a payment to another consumer or to a small business, and can access the service through online or mobile banking. The payment is funded from the sender's bank account using the account and routing number, and the recipient receives funds into their bank account the same way. CashEdge recently partnered with MoneyGram, an international money transmitter, and some recipients may be able to pick up their payment in cash at MoneyGram agents around the globe. Transactions are usually settled via ACH, although recent partnerships with EFT networks enable card network settlement as a speedier option in some cases.
The working paper concludes by discussing some of the risks of P2P payments. P2P payments may seem new and unprecedented from the industry and media buzz surrounding them, but, as described above, most P2P payments actually rely on traditional networks and banking channels. Therefore, the risks posed by P2P payments are not original, but rather map to the risks of the underlying payment type. The risk profile of each P2P product must be evaluated across the specific use case, access channel, and settlement network, a specific risk profile. A one-size-fits-all risk management plan cannot work for such a diverse market. Finally, in evaluating the risk of P2P payments, consumers, banks, and third parties should make comparisons to the status quo of cash and check transactions. Many times new products will offer benefits in terms of efficiency and innovation that may outweigh their greater risk, and in some cases the risk of new products may be lower than that of the status quo.
By Jennifer C. Windh, a payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Retail Payments Risk Forum publishes discussion paper on peer-to-peer payments:
August 01, 2011
Regulation E expected to add new consumer protections for remittance transfers
One of the many changes required by the Dodd-Frank Wall Street Reform and Consumer Protection Act is an update to Regulation E to reflect new protections for consumers who make remittance transfers to recipients in foreign countries. A remittance transfer is a transaction in which a consumer sends funds to someone in another country. The proposed rule is expected to help carry out the Dodd-Frank Act's overall intent to improve accountability and transparency in the financial system through new disclosures, notices, and error resolution procedures for remittance transfers. Recently, the Federal Reserve Board (the Board) formally announced its request for public comment on the proposed rule and model disclosures.
According to some initial comments on the proposed rule, some industry participants believe that the added requirements could increase costs and add unnecessary burdens to a system that is, as they view it, already functioning properly. Others expect that the proposed changes will reduce errors and even, in some instances, improve the speed for remittance transfers because of enhanced communications between the sending and receiving agents.
Will these changes to Reg E stifle progress in the remittance industry or help it become more consumer-friendly? And will these changes enable a thriving business environment for transfer providers—rather than stifling market growth—while preserving consumer protections?
Prevalence of remittance transfers
Remittance transfers are typically consumer-to-consumer payments of low monetary value. The World Bank estimates that a total of $440 billion in remittances was sent worldwide in 2010, of which $325 billion went to developing countries. The World Bank further estimates that the United States had the highest volume of remittances in 2009, totaling $48.3 billion.
New disclosures, notices, receipts, and error resolution procedures
Some of the proposed disclosure requirements call for remittance transfer providers to disclose to the sender, before the sender pays any money, the remittance value in the currency of the recipient's country, all fees charged in connection with the remittance transfer, and the exchange rate that will be used (to the nearest 1/100 point). Then, after sending the payment, the provider must provide the sender a series of other disclosures on the receipt. Separate notices are required for transfer providers that offer Internet-initiated remittance transfers.
Additionally, remittance transfer service providers may be required to prominently display notices describing a model remittance transfer in every storefront location that the provider owns or controls. The proposal also adds new error resolution procedures for remittance transfers. Under the proposal, the deadline for a consumer to report an error is 180 days from the promised delivery date. This notice may be oral or written, but it must contain the amount of the transfer shown in the foreign currency amount, as indicated in the receipt.
Testing existing disclosures, notices, and error resolution procedures
Prior to releasing these proposals, the Board consulted with a research group to help determine whether these requirements would help the consumer price shop remittance services or understand their fee structure. Overall, the resulting study found that most participants (remittance senders) were satisfied with their experiences.
The study, when determining what information participants received from remittance transfer service providers during an in-person transaction, found that participants infrequently received written information before they completed the transaction. However, the participants indicated they could get needed information by asking an agent. In contrast, they almost always received some form of written information after the transaction, including the exchange rate, fees, amount of money sent, and so on.
Study participants were also asked to share their experiences with dealing with errors or problems during a remittance transaction. Most reported having had problems with at least one service provider, but almost all reported that their problems were resolved expeditiously. The most common error they reported was the misspelling of the recipient's name.
Remittance transfers are an increasingly important source of income for households in lower-income countries. Yet, given the results of the study on the current state of remittance transfers, it is difficult to know whether the Dodd-Frank's remittance provisions will increase efficiency in the remittance industry while preserving consumer protections. What is clear, though, is that the proposed amendments to Reg. E will establish standardized disclosures and notices, thereby creating more transparency in the remittance industry so that a consumer can confidently price shop providers while fully understanding fee structures and services. Although the Board has initiated these proposals, the Consumer Financial Protection Bureau assumed responsibility over this new regulation on July 21, 2011.
By Ana Cavazos-Wright, senior payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Regulation E expected to add new consumer protections for remittance transfers:
April 25, 2011
Bank-enabled P2P payments: Do potential data compromise risks outweigh the benefits?
I paid little attention when news broke on the April 1 announcement by the marketing services firm Epsilon that a subset of their clients' data—e-mail addresses and names—was compromised. However, my interest in the story grew as I began receiving numerous e-mails from various financial institutions and merchants letting me know that my name and e-mail address, which I voluntarily supplied to them at some time, were part of the compromise. Unbeknownst to me, these companies had provided my data to Epsilon for marketing services.
Perhaps if I had taken the time to read the service agreements and privacy notices from these companies, I would have been more aware that my data might be shared with a third party. But in today's digital and mobile world that's all about speed and convenience, does anyone really take the time to read these privacy notices before submitting personal information? And I have to think that for most people, the e-mails and snail mail about changes to privacy policies that seem to come on a monthly basis from various companies quickly find their way unread into the trash. Do current bank-enabled P2P offerings present data compromise risks for customers and are banks offering other P2P alternatives that offer convenience without the potential risks?
The current bank-enabled P2P environment
In light of the Epsilon data compromise, it seems only fair for consumers to be fearful about the amount of personal (and highly sensitive) information they hand over to financial institutions to complete a P2P transaction. These institutions could potentially share this data with third parties that provide P2P services for banks or with companies that provide marketing services—such as Epsilon. Once a consumer provides information to the bank, he or she does not necessarily know how much of the data is shared and with whom it is shared. This person is left in the dark about who actually has access to PII and the corresponding privacy and security policies of those companies.
Are today's bank-enabled P2P services solid replacements for cash and checks?
Based on my two recent experiences with these bank-enabled P2P solutions, their value—even ignoring the cost of the service—appears to be small for one-time, small-dollar payments between individuals. The idea of bank-enabled P2P payments may be cool and trendy. However, the amount of information the sender’s bank requires about the receiver to complete the transaction not only is time-consuming to enter but also presents risk issues that outweigh any perceived benefits, especially for the recipient. Perhaps banks are realizing the challenges behind P2P services for small value, one-time payments given the recent proliferation of banks offering an alternative to traditional check depositing, remote deposit image capture (RDIC), which is potentially simpler and less risky for the consumer than banks' current P2P offerings.
By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Bank-enabled P2P payments: Do potential data compromise risks outweigh the benefits?:
January 24, 2011
The future role of financial institutions in the domestic P2P environment
Although the use of online banking and online bill payment has flourished over the past decade, banks have yet to capitalize on the opportunity of the thriving online and mobile domestic person-to-person (P2P) transaction market. Online banking use more than doubled from 20 percent of households in 2000 to 53 percent in 2009, according to a December 2009 Javelin Strategy report (Multi-Channel Account-to-Account Transfers and P2P Payments Forecast: Evaluating Trends and Assessing the Future 2006–2014). Further, online bill payment usage has grown from 5 percent of households to 36 percent during the same time period. However, the traditional bank P2P methods of check, cash, and wire transfer continue to decline while online and mobile domestic transfers are expected to grow at a 9 percent compound annual growth rate, according to the Javelin Strategy report. As banks face continued downward pressure on revenues and intense competition from both new and existing players, the online and mobile P2P market represents a threat to banks' traditional check business. However, it also represents a potential opportunity for banks to offer a distinct service to their customers.
The expanding domestic P2P market
A 2009 TowerGroup report (Noncash P2P Payments: Checks in Decline Still Rule the Roost) estimates the U.S. noncash domestic transfer market at $1.1 trillion, composed of more than three billion transactions. Checks remain the dominant P2P means of settlement. However, the availability of the Internet to households, impressive growth of smartphones, exponential increases in consumer mobile data usage, and numerous mobile applications (especially for the iPhone) are creating a healthy environment for the growing online and mobile domestic transfer market in the United States. The Javelin Strategy report suggests nearly 44 percent of the 86 million online households made at least one online P2P transfer, up from 27 percent in 2008.
The online and mobile P2P market has been dominated by PayPal to date. However, payment processors, electronic card networks, and new emerging payment service providers have launched competing products over the last several years. PayPal and other service providers, such as CashEdge, Fiserv, FIS, and MasterCard, have each created products designed to integrate into banks' existing online and mobile channels. Although these products can be integrated into banking channels and the transactions are more convenient for consumers than a traditional bank wire or check transaction, the transaction is far from seamless. In order to use the online and mobile P2P products that banks currently offer, consumers must register not only with their bank but also with the bank's P2P service provider partner, which often requires them to submit their personal and banking account information. Adding further complications, completing the transaction may require the receiver of the payment, or the receiver’s bank, to have a relationship with the P2P provider that the payer uses.
Tapping the ACH network?
While it appears that the migration from paper checks to electronic forms of payment in the consumer-to-business market is crossing over to the P2P market, banks still have many hurdles to clear before they can capitalize on the P2P opportunity as online and mobile P2P payments become widespread. The P2P providers offer banks a solution that allows for quicker settlement than either checks or wire transfers, but the solution is still far from consumer-friendly. In order to provide banking consumers a friendlier P2P online and mobile service, banks could consider the development of a P2P solution that leverages the extensive ACH network in a manner similar to a person-to-business transaction. Much like mobile banking or bill payment, consumers could opt into the P2P service and transfer or receive funds between any banking institution on the ACH network without having to register with and provide confidential data to a third-party P2P service provider to access the service.
By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference The future role of financial institutions in the domestic P2P environment:
November 15, 2010
Retail Payments Risk Forum publishes white paper on mobile payments
Everyone has a cell phone these days, and that ubiquity is paving the way for wide acceptance of mobile money person-to-person transfer services, also known as MMT. Emerging countries, where the mobile channel provides a safe, efficient environment for conducting financial transactions and improving financial inclusion, have been especially quick to adopt MMT. In contrast, mobile payment adoption in the United States has been slow, but many experts believe that, with more people acquiring smart phones and having access to all the applications that go with them, MMT is on the brink of becoming widely accepted.
As roaming agreements between wireless carriers and the globalization of commerce in general work together to render our world's geographic borders irrelevant, how quickly can we expect these services to migrate to the United States? More importantly, as various forms of electronic payment crimes emerge, what should the industry do to prepare for new mobile services in a cross-border environment?
To answer these questions, the Retail Payments Risk Forum recently published a white paper titled "Mobile money transfer services: The next phase in the evolution in person-to-person payments," which describes the current landscape for these services and examines the risk environment for mobile money for both developed and emerging countries as new business partnerships between bank and telecom firms take shape.
MMT has the potential to catalyze the mobile financial services market
Infrastructure developments to support MMTs could support the evolution of other financial services. According to the GSM Association, this infrastructure provides the basis for the concept of the mobile wallet, which will allow mobile phones users to conduct banking, proximity payments using the phone at a merchant's point-of-sale terminal, and remote mobile payments, including domestic and cross-border mobile transfers.
The mobile money risk environment
The risks inherent in all retail payments are also present in the mobile space, including money laundering, privacy and security, consumer protection, fraud, and credit and liquidity. As mobile financial services evolve, there will be a number of issues to consider for managing the new risks mobile phone-based payments stand to introduce. The emergence of more nonbank participants in the distribution of mobile payments, including telecom firms and their agents along with technology vendors, may create additional risk considerations for payment regulators. Since mobile technology-enabled payments do not require the face-to-face interaction that takes place with traditional banking, the resulting opaque, anonymous experience can also create more opportunity for criminal activity. This will be increasingly important in a future where mobile retail payments will occur rapidly and across geographic borders, potentially outside the purview of traditional regulatory oversight. Payments regulators have limited expertise and experience in identifying electronic payments crime in communication systems—so the potential for abuse is a real and imminent threat that is still abstract and not well understood in this early stage of the game.
Policy considerations for industry stakeholders, policymakers, and regulators
The integrity and safety of the world's retail payment systems rely on cooperative information sharing about service developments and potential gaps in regulation. A number of considerations should remain at the forefront of industry discussions.
- The new mobile landscape will require dialogue between the regulatory authorities for financial services and telecom firms. Financial and telecom sector regulators will need a comprehensive understanding of the emerging risks in mobile payments with a collective eye toward the potential need to establish new regulatory concepts of electronic money regulation. This may demand a program for routine communication to ensure that regulators understand payment system risk issues and provide effective risk-based supervision for payment services providers.
- An oversight infrastructure for mobile payments, including the financial services of telecom firms, should be established. This oversight might be established through a routinely convening workgroup representing applicable regulators or the creation of a new organization with expertise in the unique and dynamic risk issues in mobile services.
- Cross-border mobile payments may require improved customer-data sharing on an international basis. The anticipated growth in mobile remittances may demand a new environment of international cooperation and sharing of customer data and analysis.
- U.S. mobile payments services providers should be required to establish programs to mitigate the risk of money laundering. Mobile services will require new methods for detecting and monitoring data flows. All service providers, including telecoms, will need to establish risk management programs commensurate with the risk in their service offerings.
- Converged regulatory authorities should examiner consumer protection risks for potential gaps in regulatory oversight. In the United States, it may be necessary to reexamine the applicability of Regulation E protections to stored-value payments as they become more prevalent in the mobile channel, in order to prevent consumer confusion in error resolution scenarios.
The experts are right in saying that mobile adoption still low. But the rapid pace of change means that industry stakeholders, and especially regulators, need to be forward-looking and anticipate where the winds of change will blow. A rearview mirror approach to addressing emerging risks in mobile payments can be modified with proactive thinking, dialogue, and global collaboration.
By Cindy Merritt, assistant director of the Retail Payments Risk Forum
TrackBack URL for this entry:
Listed below are links to blogs that reference Retail Payments Risk Forum publishes white paper on mobile payments:
- Top 10 Payments Events in 2014
- Under Pressure: The Fate of the Independent ATM Operators
- What’s Unsettled in Faster Payments?
- Consumer Prepaid Protections May Be Catching Up with Prepaid Use
- Virtual Currency Environment Still Fluid after Latest Rulings
- ISO 20022 in the United States: What, When, Why, and How?
- Let's Talk Tokens, Part III: What Problem Does Tokenization Solve?
- Mobile Biometrics: Ready or Not, Here They Come
- Starting Off on the Right Note with Mobile Enrollment
- Let's Talk Token, Part II: Distinguishing Attributes
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud