Retail Payments Risk Forum Collaborates to Fight Payments Fraud
The Atlanta Federal Reserve Bank’s anti-fraudcooperative is designed to bring together thought leaders in thepayments space to improve security. (from the Portals and Rails Blog) Portals and Rails, a blog sponsored by the Retail Payments Risk Forumof the Federal Reserve Bank of Atlanta, is intended to foster dialogueon emerging risks in retail payment systems and enhance collaborativeefforts to improve risk detection and mitigation. We encourage youractive participation in Portals and Rails and look forward tocollaborating with you.Collaboration to address payments risks and fraud
In the world of payments, all players share an interest in seeingthat risks are detected and mitigated quickly and effectively. However,when threats emerge, is it everyone for themselves? How does thevariety of interests and goals among all the players converge? In aprivate marketplace mixed with government actors, how can we workbetter together?Participants at a 2008 conference hosted by the Retail Payments Risk Forum discussed these issues and described the challenges and potential solutions. A year later, the findings of this forum are worth revisiting.
Information sharing
Real or perceivedinformation-sharing limitations among financial institutions,regulators, law enforcement, and others can substantially impedeaddressing retail payments risks on a timely and effective basis.Examples include inconsistent or incomplete payments data, varyingsuccess levels of intra- and interagency collaborations, varied andoverlapping jurisdictions, an incomplete network of memoranda ofunderstanding (MOUs), privacy restrictions, perceived barriers beyondlegal restrictions, competitive interests, costs, and trust.Suggestions for improvement in this area focused on:
- collection, consistency, and commonality of paymentsdata, better understanding of its utility, and analysis tools. Whiledata needs vary, a first step would be to focus on data elements ofshared interest. A working group could facilitate ongoing payments datacompilation and analysis efforts;
- formal and informal dialogue among various agencies and others, including simple measures such as shared contact lists;
- developmentof a “matrix” of various roles/responsibilities/information sources forshared use to facilitate more timely location of information andexpertise available; and
- a more systematic, organized mechanism for informationsharing, perhaps by establishing “brokers” for relevant informationsuch as payments data.
Many noted that communication about bad actors is often ad hocand that information is too widely dispersed to be useful and timely.Individual agency efforts, published enforcement actions, SAR filings,interbank collaborations, and industry self-regulatory efforts, whileall worthwhile, have not fully promoted effective information gatheringand sharing among all the parties who can have an impact. Suggestionsfor improvement in this area included:
- better understanding of risks across paymentchannels, both for front-end access point(s) and back-end processing,to mitigate fraudster arbitrage of vulnerabilities;
- publishing enforcement actions and related settlements more effectively as a deterrent;
- establishing a central “negative list” or “watch list” of bad actors;
- extendingregistration requirements for third parties participating in paymentsnetworks beyond existing targeted voluntary efforts;
- strengthening and clarifying regulatory guidance, such as that for counterfeit checks and consumer account statements;
- better educating consumers and banks regarding common issues;
- a more direct means of compensating victims;
- mining specific activity reports and other existing agency databases such as consumer complaints data; and
- potential new SEC codes within ACH to better track risks.
Participants identified collaborative efforts to help detect and/ormitigate retail payments risk issues and identified benefits and gaps.Examples included bank regulatory groups (intra- and interagency),national and regional law enforcement partnerships, interstatecollaboration, federal-state working collaborations, jointinvestigative task forces, examination- or case-driven ad hoc efforts, and industry data-sharing efforts. Potential avenues for improved collaborative action included:
- a law enforcement/regulatory payments fraud working group;
- a virtual collaborative forum via Web sites, e-mail lists, or regular phone calls;
- greater attention paid to requests for comments on proposed NACHA rules;
- examiner and law enforcement training opportunities;
- participation in and/or support for industry database sharing efforts;
- engagement with industry groups to improve best practices;
- a Web-based resource for consumers supported by all (“fraud.gov”);
- implementation of further MOUs among agencies; and
- efforts to identify fraud patterns across agencies, such as the federal government’s Eliminating Improper Payments Initiative.
Participants were asked to describe substantive retail payments riskissues that keep them up at night. Some common themes emerged,including:
- strengthening the oversight of third-party payments processors and others not covered by the Bank Service Company Act;
- quantifying and better managing the misuse of remotely created checks;
- understanding and mitigating risks associated with “cross-channel” fraud;
- “Know Your Customers’ Customer” due diligence, compliance, andassociated risks and potential liabilities for frauddetection/mitigation purposes;
- establishing a common means of redress for consumers regardless of the payment channel; and
- improving the clarity of consumer account statements by instituting standards and reducing jargon.
By Clifford S. Stanford, assistant vice president and director of the Retail Payments Risk Forum at the Atlanta Fed.
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vD4ON7HnY8Aa66lIxjBBRwMz4pWJ8Wr8IcrJKWcwPAxmSgQMO5jVmtSmcjO-bKI3kKnWvlZpeyAApi1_2mtwG0eu3shdDl8ClKyO9VvCPt-D_BHe2AEgu60crc1WZ0YzQ6KRpuiLCq14e6pD3ciLCS=s0-d)
