The U.S. payment system continues to evolve to meet the needs of an increasingly global, interconnected and information-driven economy. Unfortunately, payments fraud continues to evolve as well. While payments fraud is a small fraction of overall U.S. payments, recently announced data (Off-site) show this fraction has grown significantly between 2012 and 2015 and secondary research (Off-site) points to vulnerabilities in the system. The Federal Reserve is committed to protecting the security and integrity of the U.S. payment system in collaboration with payment industry stakeholders, building on the work of the Secure Payments Task Force, which concluded earlier this year.
The persistence and increasing scale and sophistication of the threats we face create an imperative for ongoing collaboration ... so the Fed has identified four priorities for near-term action based on research, input from the Secure Payments Task Force and ongoing payments industry discussions. Research reinforces the need for us to take a collaborative and holistic approach. We need to overcome incentives and behavior that simply ‘squeeze the balloon’ and push the problem to other channels or stakeholders.
Federal Reserve System Secure Payments Strategy Leader
Remarks at the October 2018 FedPayments Improvement Community Forum
Upcoming Fed initiatives
The Fed plans to focus on four initiatives over the next year:
- Automated Clearing House (ACH) and wire fraud definitions: In order to combat ACH and wire fraud, the industry must first understand where it’s occurring – and there’s just not much data to help us. Recommended ACH and wire fraud definitions would serve as a baseline to consistently define, identify, quantify, report, analyze and mitigate payment fraud. The Federal Reserve plans to form a small, focused work group of 20-30 industry and Fed participants with specialized expertise. They will work over the next nine to 12 months to develop recommended ACH and wire fraud definitions and a roadmap to encourage broad industry acceptance and use of these definitions in fraud reporting. The desired outcome does not include any type of reporting mandate or regulation.
- Synthetic identity payments fraud mitigation: This type of payments fraud occurs when fraudsters use a combination of real information (e.g., a legitimate Social Security number) with fictitious information to create an identity used to defraud or evade payments safeguards. A new law that took effect this year enables online identity verification with the Social Security Administration, which will help but not solve the problem entirely. Fed actions over the next year or so could include white papers on the scope of the issues, observations on potential mitigation opportunities and collaboration on work by other entities that may now be underway.
- Remote payments authentication fraud mitigation: Merchants and businesses operating online or through other remote channels face a bigger challenge authenticating and securing remote transactions. The Fed is in dialogue with the industry to gain broad alignment on effective authentication approaches and methods to help mitigate remote payments fraud and strengthen endpoint security. Fed actions are likely to include education and collaboration.
- Industry dialogue on evolving payments security and fraud issues: This work will include Federal Reserve participation in existing industry work groups and payments fraud information sharing forums.
At the October Forum, Montgomery pledged that the Fed will continue working with the industry under the principles of transparency, collaboration and inclusiveness. “We welcome your input on these ideas – and your continued involvement through the FedPayments Improvement Community,” Montgomery said.
Action Item:
Join the FedPayments Improvement Community (Off-site) and visit the Payments Security Overview (Off-site) page on FedPaymentsImprovement.org for updates.
