Retail Payments Risk Forum
Font Size: A A A

Portals and Rails

May 12, 2014

The Art of Balancing Innovation and Regulation

Several factors have converged in recent years to add complexity to the regulatory oversight of retail payments. These elements include new regulation and oversight along with technology advances that have created new payment types. The challenge for regulators in an environment with an abundance of innovation is to align that innovation with appropriate regulation to ensure consumer protection, data security, and fraud mitigation, and to retain consumer confidence in payments.

The 2008 financial crisis led to an increased focus within the regulatory framework on retail payment risk factors. One new regulation was the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank). Dodd-Frank led to many changes—including the creation of a regulatory agency, the Consumer Financial Protection Bureau (CFPB), to focus exclusively on consumer protection. Since the CFPB was created, two of the payments types it has identified as deserving of its oversight are remittances and prepaid cards.

At the same time, evolving technology continues to change the nature of how consumers make payments—moving from the physical to the virtual—and has increased consumers' expectations for speed, control, information, and transparency. Options available for consumers to make payments and for businesses and financial institutions to participate in offering payment services have multiplied as Internet and mobile evolved, cloud-based solutions progressed, and virtual currencies expanded.

Technological advances have led to a retail payments system that is more transparent than ever before, in which all types of entities, from start-up companies to financial institutions, are able to innovate. Nonbank entities are flourishing in retail payments, challenging the historic role of financial institutions as primary payment participants by offering payments products and services in an ever-more complex payments landscape.

While some participants complain that there is too much regulation of payments practices, others call for more or different regulation when problems arise. Still others call for change because they believe the playing field is not level for all participants. Sometimes regulation can be a catalyst for innovation by legitimizing a payments practice after clarifying requirements for all participants. Whatever your perspective, it is a complex undertaking to attain the delicate balance between innovation and oversight.

Photo of Deborah ShawBy Deborah Shaw, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

May 12, 2014 in innovation, mobile payments, regulations, regulators | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01a73dc1c139970d

Listed below are links to blogs that reference The Art of Balancing Innovation and Regulation :

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

December 23, 2013

Here We Go: Number 10!

As the year draws to a close, the Portals and Rails team would like to share its own Top 10 list of major payment-related events that took place in the United States this year.

  1. The Consumer Financial Protection Bureau finalized Dodd-Frank 1073 money transfer rules.
  2. The payments industry experienced increased regulatory scrutiny of third-party processors and high-risk business customers.
  3. Major global ATM cash-out fraud attacks—including many U.S. ATMs—totaled $45 million.
  4. FTC issued a proposal to ban telemarketers from using remotely created checks and payment orders.
  5. Debit networks sought a compromise on an EMV interface—while there is little movement on the issuance of EMV cards.
  6. The newly designed $100 bill with additional security features was released.
  7. Several major data breaches occurred, and identity theft occurrences skyrocketed.
  8. Cyber Monday online sales were up 17 percent, with phones and tablets representing almost a third of the total.
  9. Virtual currencies received increased public, legislative, and regulatory awareness after the U.S. Department of Justice took action to close down virtual currency operators Liberty Reserve and Silk Road.
  10. U.S. District Court Judge Richard Leon threw out Regulation II debit card interchange fees and routing rules.

And as we head into 2014, here are a few payments-related topics we will be following closely:

  • As regulators continue to monitor developments in the virtual currency market, will the usage of virtual currency as a legitimate medium of exchange expand among the merchant community?
  • Will 2014 finally be the “Year of the Mobile Payment” as stakeholders have yearned for over the last several years? What progress will be made in addressing the awareness, security, and education aspects of mobile payments?
  • With online and mobile commerce showing no signs of slowing down, what authentication solutions will be most widely adopted to prevent a rising tide of card-not-present fraud?
  • How will merchants and card issuers deal with EMV implementation?
  • What effects will the regulatory attention on third parties and high-risk businesses have on the due diligence practices of financial institutions?

Wishing you all happy holidays and a fraud-free 2014!

Photo of David LottBy David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

December 23, 2013 in ATM fraud, crime, EMV, identity theft, regulators | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c019b03847b7e970d

Listed below are links to blogs that reference Here We Go: Number 10!:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

July 29, 2013

Suspicious Activity Reports: What the Numbers Show

Initially intended to help law enforcement identify individuals and organizations involved in money laundering and terrorist financing, Suspicious Activity Report (SAR) filings are also used to help detect activities related to consumer fraud and identity theft. Depository institutions (DIs) and money services businesses (MSBs) together file about 98 percent of all SARs submitted annually to the Financial Crimes Enforcement Network (FinCEN). Industry groups are constantly working to educate SAR filers about the various types of activities that they should document so these activities can be properly tracked. FinCEN recently updated its statistics to include SAR activity in 2012, and the summary volumes are shown in the chart below. The Retail Payments Risk Forum believes that an ongoing educational effort of customers, as well as DI employees, is a vital element in recognizing and mitigating fraud in our payments system. As part of that effort, I think there would be benefit in examining the shifts among the different SAR activities and gain an understanding as to possible reasons for these shifts.

SAR Filings by DIs and MSBs: 2013-12

As the above chart shows, the number of SARs filed by DIs has risen steadily over the last two years. SARs from MSBs, on the other hand, dropped 14 percent from 2011 after seeing an average annual increase of 15 percent over the previous two years. So why the ups and downs?

From a pure numbers standpoint, the answer to the question lies in the details of the activities that can trigger a SAR. In the case of SAR filings from DIs, for example, 2012 saw a dramatic increase in identity theft and check fraud filings, while mortgage loan fraud SARs dropped. This shift is explained by the increased diligence being placed on mortgage loans and the alarming growth of identity theft and check fraud incidents. By contrast, SAR filings from MSBs showed a substantial decrease in the category where the person reduced the amount of money order or traveler's check purchase to avoid having to complete a funds transfer record (but still generating a SAR). One wonders whether this reduction represents progress in the fight against money laundering and terrorist financing, or have the individuals engaged in these illegal activities changed their money handling tactics by performing lower dollar value transactions to avoid suspicion and identification?

Every federal judicial district has a SAR review team. This team of regulators and federal and local law enforcement reviews SARs to determine whether they need to initiate new investigations or supplement the filings to existing cases. The efforts of these teams illustrates how more comprehensive reporting, improved data analysis, and stronger monitoring capabilities can help detect and address fraud and abuse within our payments system. FinCEN publishes a semiannual report—Trends, Tips & Issues—that provides a summary of key findings from the teams' reviews of SARs. These reports let involved parties know how they can use the information to provide greater protection to potential victims of fraud. We encourage you to read copies of FinCEN's reports to better understand current fraud trends so you can educate your employees and customers.

Photo of David LottBy David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

July 29, 2013 in money laundering, regulations, regulators | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c0192ac401cf6970d

Listed below are links to blogs that reference Suspicious Activity Reports: What the Numbers Show:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

September 17, 2012

Change Is the Only Constant: Section 1073 Set to Take Effect

If you are reading this post, then no doubt you are familiar with the passage of the Dodd-Frank Act, specifically Section 1073, which is the basis for the new rule pertaining to consumer-originated funds transfers from the United States to consumers or businesses in foreign countries. I recently attended a meeting where representatives from the remittance transfer industry discussed the responsibilities, complexities, and challenges of complying with the remittance transfer rule by the inaugural date of February 7, 2013. Not surprisingly, complying with the rule is a massive undertaking—when you consider that the remittance transfer business is, by definition, a business with a global reach.

One premise behind the rule was to create more transparency in remittance costs and thereby encourage competition in the market, to the ultimate benefit of the consumer. Today’s procedures for sending money abroad are basic. Locate one of more than a half-million domestic locations—in addition to many financial institutions, almost every gas station, drug store, and grocery store offer this service—complete a remittance form, hand money and form to a clerk, and wait a few minutes for confirmation. The funds are then made available to the receiver. A recent report published by the World Bank concluded that the United States currently maintains an average total cost to send a remittance below the global average (6.93 percent of the remittance amount versus 9.3 percent), thanks to the high volume and intense competition among the current large number of products and services available in the United States.

However, unknown to both parties at the time of origination is the exact dollar amount that the recipient will receive, because of hidden fees, taxes, and other costs not necessarily apparent. The rule will replace this "unknown" with a required hard copy receipt outlining, in any language used to market, advertise, or solicit business, all fees, commissions, taxes, the exact dollar amount netted to the receiver, and the time that the funds will be available for pickup. (There are other specifics, but no need to reiterate the entire law in this short blog!) A common pain point yet to be resolved in the compliance effort revolves around the ability of the sending entity to provide accurate receiving-end tax information. As an example, some countries have multiple and changing tax rates for different regions or a variable-fee structure on the receiving end based on the receiver’s status and relationship with the receiving entity. These tax and fee issues suitably demonstrate how achieving compliance will require cooperation from foreign entities in more than 213 country corridors, not under a remittance transfer provider’s control or subject to U.S. jurisdiction. Many in attendance suggested that a central database of tax information may be a way to address the conundrum. Whether provided by a third party in the industry or a government entity, a central database would provide consistent data and minimize research and upkeep costs for all transmitters.

In addition to cooperation, education for all players will be instrumental. Consumers should be made aware of their new right to cancel any transaction within 30 minutes of submitting and that they have contact information on their receipt in the event of any errors. At the same time, all remittance providers, including agents, need to be trained and educated to ensure compliance with this new rule.

With system changes required to produce the disclosures, will remittance providers reduce the number of channels used for remittances until they can modify their systems? With the number of contractual agreements required, will providers reduce the number of countries served or products offered? And given the cost, will remittance providers raise prices? And will U.S. consumers find alternative ways to send money? Only time will tell as the deadline for complying approaches.

The rule may eliminate some existing players from the game, as protection never comes without a price. At the same time, pioneering and innovative competitors might provide new channels and more products that will benefit consumers. Like anything that forces us to reinvent ourselves, change brings with it new threats and challenges, but the opportunities can be vast and rich. With a little imagination and a lot of hard work, the rewards can be enormous.

Remember, "The only thing that is constant is change" – Heraclitus

Michelle CastellBy Michelle Castell, senior payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed

September 17, 2012 in regulators, remittances, Section 1073 | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c017c31eebb32970b

Listed below are links to blogs that reference Change Is the Only Constant: Section 1073 Set to Take Effect:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

August 06, 2012

Policymakers, Regulators Keep a Watchful Eye on Mobile Payments

Policymakers and regulatory authorities are beginning to turn their collective eye toward mobile payment developments and with good reason. The rapidly changing environment and the entry of nonbanks in mobile-enabled financial services create a new paradigm in regulatory oversight for consumer protections, bank safety and soundness, and regulatory compliance.

In recognition of these environmental dynamics, the Federal Reserve Banks of Atlanta and Boston recently convened a joint meeting of the Mobile Payments Industry Workgroup (MPIW) and regulatory authorities to discuss recent mobile payment developments and potential regulatory gaps. The two Reserve Banks then jointly published on July 30, 2012, a summary of the meeting describing the meeting dialogue between members of the MPIW and the regulatory community.

You can read the paper on the Atlanta Fed and the Boston Fed websites, but below are some quick highlights.

The complexity of the regulatory framework for mobile financial services requires further ongoing analysis—While regulators recognize supervisory elements common to both mobile and Internet environments, they say that the fast pace of change requires them to more closely monitor mobile payment developments. Regulators have an interest in ensuring safety and soundness as well as consumer protections in the emerging mobile payments environment. Both these objectives require that financial institutions adequately manage vendors when they outsource and partner with third parties in new mobile payment business models.

Education is needed to teach all stakeholders about the mobile environment, from regulators to consumer advocates to consumers themselves—Security, privacy, and consumer protections are important themes that all stakeholders should understand in order to be able to communicate appropriately with policymakers in mobile payments regulation. As mobile payment systems evolve, it will be important to engender cross-industry dialogue at both the industry and regulatory levels to ensure risks in these key themes are sufficiently addressed.

Next steps
The MPIW plans to continue to meet on regulatory issues with regulators as the mobile payments market matures. These meetings will serve to educate the regulators about mobile payment developments and risk mitigation initiatives. At the same time, regulators will be able to share early insights and concerns about mobile payments with the MPIW, while hearing their input and perspectives on future policy and regulatory decision making.

Cynthia MerrittBy Cynthia Merritt, assistant director of the Retail Payments Risk Forum

August 6, 2012 in innovation, mobile payments, regulators | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c0167691925b9970b

Listed below are links to blogs that reference Policymakers, Regulators Keep a Watchful Eye on Mobile Payments:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

July 23, 2012

The debate on credit card surcharges

Late Friday the 13th, Visa and MasterCard announced that they, along with several major issuers, reached a $7.25 billion class-action settlement with U.S. merchants. In addition to being party to the largest monetary antitrust settlement in U.S. history, the networks agreed to permit retailers to impose a surcharge on credit transactions subject to a cap and a level playing field with other general purpose card competitors. Previously, the no-surcharge rule (NSR) had been a staple for both MasterCard and Visa, ultimately prohibiting merchants from charging consumers more to pay with credit cards. Merchants claim that because of the NSR, all consumers, regardless of their payment method, incurred higher costs. Now, in theory, merchants should be able to lower their prices and pass along the costs of a credit card transaction only to those consumers paying with a credit card.

Theory versus practice
However, in the payment card market, theory and practice can differ. Look no further than the Durbin Amendment. In theory, Congress intended for this legislation to benefit consumers, assuming that merchants would pass along their savings through lower prices. However, the debate continues whether merchants who received interchange relief—some actually experienced increased rates and are in fact passing along these costs to consumers—are really passing on the savings.

Should the settlement be finalized, I believe we will see another debate about whether the consumer actually benefits, as with the Durbin Amendment. Will many merchants actually choose to impose a surcharge on credit-card-paying consumers? Will the surcharging merchants actually drop prices from their current levels or simply add a surcharge on top of existing prices? Will networks lower the effective interchange rates thus making it less costly for consumers to use credit cards should merchants choose to actually surcharge?

Will credit card surcharging take place in the United States?
Again, we have to look at theory versus practice. In theory, the surcharging provision seems like a win for merchants, but in practice, will the surcharge provision have any impact at the point of sale? And what will prevent surcharging from being put into widespread practice in the United States?

For starters, 10 states with 40 percent of the U.S. population—including California, Florida, New York, and Texas—currently prohibit retailers from charging customers a fee for using a credit card. Keeping the consumer in mind, remember the backlash that one bank experienced when it proposed a new debit card fee? Will any merchant that attempts to implement a surcharge—actual implementation of a surcharge with various types of cards and payment environments is worthy of an entire discussion itself—face similar scrutiny?

I also wonder: if a merchant chooses to charge consumers a fee for using a credit card, would the fee and the merchant then fall under the authority of the Consumer Financial Protection Bureau? The surcharging debate around this potential settlement and ultimate outcome will no doubt be interesting moving forward.

Douglas A. KingBy Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

July 23, 2012 in card networks, cards, regulators | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c017616a536b7970c

Listed below are links to blogs that reference The debate on credit card surcharges:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

July 16, 2012

Oh, SNAP! Benefit trafficking costs millions

As I watched the local evening news several weeks ago, one particular story caught my attention. A local convenience store owner had been arrested for the repeated abuse of the Supplemental Nutrition Assistance Program (SNAP), formerly known as the food stamp program. The store owner allowed SNAP recipients to exchange their electronic benefit transfer (EBT) cards for such items as cigarettes and alcoholic beverages, charging a premium of anywhere from 25 to 50 percent of the items' values. This type of SNAP fraud is known as "trafficking." Another form of trafficking fraud occurs when the program recipients sell their cards on the black market in exchange for cash. These cards are then reported as lost or stolen, so recipients receive a replacement card.

Upon performing an Internet search on this topic the next day, I was surprised to discover that SNAP trafficking is actually a $300 million-a-year problem. According to a 2011 report of the USDA Food and Nutrition Service, trafficking diverted an estimated $330 million annually from SNAP benefits, or about one cent for each SNAP dollar redeemed. Interestingly, this figure is down significantly from earlier reports published by the USDA. In 1993, trafficking resulted in more than $800 million of fraud, or nearly four cents per SNAP dollar redeemed. Since the first report, the trafficking rate has fallen, leveling off at its current rate of 1 percent. Still, fraud levels for this EBT program are significantly higher than for general purpose credit and debit card cards.

The main reason for this decline has been the electronification of the old food stamp program. During the mid to late 1990s, some states began replacing food stamps with EBT cards. And since June 2004, all states have used EBT cards to distribute SNAP funds.

Though taking this program from paper payments to plastic payments has dramatically reduced trafficking fraud, fraud is still an issue at 1 cent per dollar redeemed—so much so that the USDA recently proposed a new rule that would allow state agencies to deny replacement cards to recipients who make four replacement requests over a 12-month period.

The USDA's proposed rule is currently open for comment through July 30. I encourage anyone with thoughts or ideas on this particular rule and on trafficking fraud in general to make their voice heard and provide feedback to the USDA. The SNAP EBT fraud rate, which is substantially higher than credit and debit card fraud rates, is the burden of all taxpayers. What else can or should we do to further tackle this particular payments fraud?

Douglas A. KingBy Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

July 16, 2012 in crime, fraud, regulators | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c0167688b6e94970b

Listed below are links to blogs that reference Oh, SNAP! Benefit trafficking costs millions:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

June 25, 2012

An interview with a risk expert: The costs of complying with Dodd-Frank 1073

This week's post features an interview with Devon Marsh, senior vice president and treasury management risk manager at Wells Fargo Bank, N.A. We asked Devon for his thoughts on recent amendments to Regulation E as a result of Section 1073 of the Dodd-Frank Act.

P&R: Devon, what is the interest of Dodd-Frank 1073 to a risk manager?

Devon Marsh: I'm interested for a couple of reasons. First, it imposes a compliance obligation—and a steep one. The second reason I'm interested, and the reason that concerns me more than our ability to comply, is that this rule poses risk to consumers and financial institutions.

P&R: How can a rule aimed at consumer protection pose a risk to consumers?

Marsh: There is a risk that familiar services may become harder to find if some remittance providers such as banks can no longer afford the new compliance costs imposed by 1073. Remittance services are vital to some consumers, and they are at risk of having fewer providers from which to choose.

P&R: The new rule is designed to improve consumer protections in remittance transfers. What are some of the specific challenges that remittance providers will face?

Marsh: The new rule requires very detailed disclosures with a lot more information, so that consumers on both sides of the remittance transaction can better understand how fees reduce the payment transfer. The problem that arises is that remittance providers may not know the exact amount of all the fees. For example, they may not know the tax rates on a given day in a small municipality in another country. In certain countries, tax rates change depending on the day or the total volume of remittances over a period of time. You can't disclose what you can't possibly know.

The new error resolution process defined by the rule is another example where providers will be challenged to comply. In the new rule, remittance providers are responsible not only for their own mistakes, but for errors committed by consumers. If a consumer happens to enter the wrong beneficiary account number, for example, the remittance provider must cover any loss associated with the transaction, even though the consumer error was out of its control.

Because remittance providers are now responsible for consumer error, the rule may create the risk of intentional fraud, whereby a criminal could send a remittance to an accomplice who collects the money. Then the person sending the funds could claim that the funds never reached the intended beneficiary, saying they provided the wrong account number. In such a situation, it would be exceedingly difficult for a remittance provider to prove that an error did not take place, and even more difficult to recover funds.

If fraud losses increase for remittances, the price of remittances will increase. The risk of fraud loss, added to the cost of compliance on the front end, may prove too great for some providers to bear, so they may exit the business. Consequently, consumers could have fewer options for sending remittances, and higher costs for the service due to fraud losses.

P&R: What can remittance providers do to address the challenges in this rule?

Marsh: Given the tight time frame, it looks like remittance providers can't do much to change the rule. Hopefully, more dialogue with regulators and policymakers can influence understanding and lead to new industry perspectives on how remittance providers will deal with compliance challenges imposed by 1073. If not, the consumer may have fewer choices and higher prices than they have today.

June 25, 2012 in consumer protection, regulators | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c017742b3ac33970d

Listed below are links to blogs that reference An interview with a risk expert: The costs of complying with Dodd-Frank 1073:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

May 07, 2012

Regulating mobile: Distinguishing the payment from the channel

The handset is just a device, not a payment
Policymakers and regulators are just beginning to discuss the regulatory environment for mobile banking and payments in the United States. The added dialogue to existing industry conversations can lead to mixed messages about where regulatory and policy action may be needed. Recently we've heard from industry and regulatory agencies that the payments industry should carefully consider introducing new regulations and supervisory guidance.

The mobile handset is "just a device, not a payment," noted Mallory Duncan, senior vice president and general counsel at the National Retail Federation. Duncan, who spoke at the workshop "Paper, Plastic...or Mobile," hosted by the Federal Trade Commission, also said that regulation should be no more stringent than that of the underlying payment. In essence, the laws, regulations, and rule sets associated with a payment type—be it a credit card, debit card, or online payment—should follow that payment through the mobile channel for clearing and settlement. I offered similar conclusions in a previous Portals and Rails post on dispelling myths in mobile payments, adding that "while new networks...may emerge in the future, at present, the payment network systems remain the same."

Fragmented framework on an expanded landscape
One problem the payments industry faces as technology enables new intermediary payment methods (they all start off as something we already use: cash, checks, or cards) is that the legal and regulatory framework includes different consumer protections, disclosure requirements, and error resolution provisions depending on the payment type. While all these payments are used in an Internet environment—whether the Internet is accessed by phone or a traditional PC—the addition of the mobile channel and its telecom partners has seemingly created a tipping point for confusion and speculation. Many of the issues raised about consumer protection for prepaid cards, for example, exist now and have nothing to do with a consumer's ability to use a prepaid account with a mobile device.

Can existing regulatory infrastructure handle new mobile payment business models?
The United States has a more complicated banking system than most countries. National laws, for example, govern national banks, which are preempted from state law. State-chartered banks and nondepository money service businesses (like payday lenders and money transmitters), on the other hand, are responsible for complying with the laws of every state in which they do business. These laws are different from state to state, and sometimes even conflict.

Industry players in each of these separate chartering authorities are stepping into the mobile channel as a way to expand their footprint. While telecoms and technology firms are entering into partnerships with banks to establish new business models in the delivery of mobile payments, so far they're sticking to their knitting and leaving the clearing and settlement, and the extension of credit, to the financial services industry. As long as banks remain the payment issuers in these still nascent business models, caution in rethinking the regulatory infrastructure is probably a good idea as well.

Cindy MerrittBy Cynthia Merritt, assistant director of the Retail Payments Risk Forum

May 7, 2012 in innovation, mobile banking, mobile payments, regulators | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c0168eb46b266970c

Listed below are links to blogs that reference Regulating mobile: Distinguishing the payment from the channel:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 19, 2012

Balancing payments risk management and regulation with innovation

Government must be careful not to overreact to, or stifle, new innovations that can greatly benefit the consumer and the American economy. Government should take advantage of marketplace solutions to issues where appropriate. To do this, and at the same time to be in a position to act appropriately, it is important for government to maintain expertise in electronic money and payments development, and to consider carefully major questions presented by these developments. (Excerpt from 1996 paper prepared by the Department of Treasury on emerging electronic money and banking innovations.)

This quote appeared in a presentation given last week by John Carlson, executive vice president at BITS, a nonprofit group that fosters communication around technology issues that affect the financial services industry. John used this quote to demonstrate that, even in 1996, the Treasury Department recognized the need to not over-regulate at a time when financial institutions were beginning to experiment with Internet banking.

In the presentation "Hardening Payments for the Next Generation," which he gave at the BAI Payments Connect conference, John stressed that we still have to exercise care as financial institutions continue to innovate. The industry must still consider how it will balance the benefits of innovation in payments with the need to manage changing risks and ensure that regulators keep up with the changes. John warned that, despite the myriad of new threats, the temptation to overreact to these with regulation and legislation may stifle payment innovations. He emphasized that, instead, payment stakeholders must collaborate and share information.

Following are a few other noteworthy points from the presentation.

Rise in fraud and security issues in payments
John noted that as more nonbanks enter the marketplace and new innovative alternative products are introduced, payments fraud is evolving alongside. We need to keep looking at emerging payment issues involved with EMV-enabled payments, for example, as well as mobile payments, cloud computing, and payments conducted via social media. At the same time that these products are entering the marketplace, fraud is evolving in new and unexpected ways. And as global crime rings increasingly engage in cross-border activities, for example, a rise in cyber-security threats will likely continue.

We are also seeing some conflicting trends in consumer trust of security issues, according to John. While many consumers respond conservatively in surveys on payments security, for example, consumers generally are becoming increasingly willing to share personal information with "friends" in social media sites like Facebook and LinkedIn. And while consumers are gradually warming up to alternative payments in the mobile channel, most fail to employ general protections such as mobile device password locks.

A challenging regulatory environment
John mentioned that U.S. financial institutions are subject to independent regulatory oversight by a host of federal and state agencies, but the regulatory environment for nonbanks is not well understood. This lack of clarity around the nonbanks results in unclear liability for financial institutions and their customers alike. Consumers are likely to go to financial institutions for error resolution because of trust and familiarity, even when the risk and liability belong to the nonbank partner.

Third-party risk will continue to be a significant concern going forward, said John, as banks recognize the economic benefits they can get from outsourcing. As a result, regulators will focus on banks' vendor management programs to ensure that banks exercise comprehensive due diligence when they engage with vendors, and that they continue to provide oversight of the vendor throughout the duration of the relationship.

John noted that while there is a great deal of discussion on regulation of the emerging mobile channel, it is likely that such regulatory guidance will be embedded in vendor oversight guidance, of which there have been many iterations over the years.

Trust is necessary element of a successful payment system
John's presentation concluded in saying that "trust is central to everything we do." Financial institutions and other stakeholders with access to payment data and personally identifiable information have a growing responsibility to protect that data as the risk grows for network and device compromise. With more personal information exposed via social media, we will need to consider incentives for stakeholders to safeguard information by banks and other competitors in the payments space. Furthermore, those nonbank competitors and outsourcing partners need to be held to similar business practice standards for security and safety and soundness.

Cindy MerrittBy Cynthia Merritt, assistant director of the Retail Payments Risk Forum

March 19, 2012 in innovation, regulators | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c0168e8feaacf970c

Listed below are links to blogs that reference Balancing payments risk management and regulation with innovation:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in