Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Comments are moderated and will not appear until the moderator has approved them.
Please submit appropriate comments. Inappropriate comments include content that is abusive, harassing, or threatening; obscene, vulgar, or profane; an attack of a personal nature; or overtly political.
In addition, no off-topic remarks or spam is permitted.
July 12, 2021
Young and Old Want to Keep Their Money Safe
My colleague Doug King recently moderated a panel about age-related attitudes toward banking and payment practices. He spoke with a boomer, a gen-Xer, a millennial, and a gen-Zer.
Most notable about these panelists: not how different they were from each other but how alike. Keeping in mind that a sample of four is not representative and that all were Federal Reserve employees, panelists of every age agreed about risk when it comes to their money: they hate it.
All four had used a brick-and-mortar bank one way or another in the last year, and there was no interest in switching to a digital-only bank or fintech option—even though all panelists struggled to remember the last time they had written a check. One panelist said, "I stick with what I know." Another: "I just don't have time to do the research." A third, "I'm staying with the traditional, just in case." They wanted not the bricks, not the mortar, but rather the security implied by the existence of solid real estate.
They admitted to more risk-averse behavior: no one—not the youngest, not the IT guy—owned crypto assets. Too risky, they said. Most are storing card numbers with an online merchant with high brand recognition but not at other online shopping websites. It's worth the small amount of time to put in the number at lesser known sites, said three of the four.
Do you see a marketing opportunity out there? Some newer services are selling the idea of speed—that is, payments that are fast and frictionless. Or the social benefits of tagging payments with emojis. Or convenience. Or a user-friendly app. But these four people, at least, want safety.
Of course, newer ways to pay do offer security enhancements—for example, two-factor authentication when you use a phone with fingerprint or face ID authentication to pay. And, with so many choices available, panelists said they would like to better understand their payment options. This means that maybe customers are waiting to hear more about product features and benefits that emphasize security and, according to these four, at least, that are delivered by recognized brands they already know and trust.
June 28, 2021
Talk about Payments during the Pandemic—Join Us on July 13
When the conventional wisdom holds true, it still can be a good idea to look under the hood. Sometimes survey data confirm the conventional wisdom. That's the case with new data from the Diary of Consumer Payment Choice, which show that the use of cash for purchases and person-to-person (P2P) payments dropped in 2020. In 2019, cash was used for 31 percent of these payments while in 2020, the pandemic year, the cash share fell to 23 percent.
"Of course," you may say, "I haven't been shopping or paying others in person. And for months, I avoided handing over a payment to a retail clerk. That's why the share of cash fell." I agree, this is a completely obvious point.
Even the obvious, however, contains nuances. That's why the Talk About Payments webinar on July 13 will ask questions about factors that may underlie these data, including the following:
- What's the impact of remote purchasing on payment instrument choice?
- Were there generational differences in purchasing behavior in 2020?
- Fewer consumers carried a balance on their credit cards in 2020. Did that affect purchasing behavior?
- Are more consumers ready to use payment apps?
I hope you'll join me and Joanna Stavins from the Boston Fed alongside Shaun O'Brien from the Cash Product Office at the San Francisco Fed for the next Talk About Payments webinar, July 13, 2021, at 1 p.m. (ET). We'll chat about not only remote shopping but also other factors that could be affecting the use of cash for purchases and P2P payments.
This webinar is open to the public but you must register in advance to participate. (Registration is free.) You can register online. Once registered, you will receive a confirmation email with login and call-in information. We hope you will join us on July 13, when you will have an opportunity to ask questions about the results of the research.
June 21, 2021
Are You Heading Back to the Grocery Store?
My mother-in-law has dropped online shopping like a hot potato. Perhaps you remember that back in November my favorite octogenarian was adjusting with equanimity to the ups and downs of grocery shopping online. Now, fully vaccinated, mom is back at the grocery store, picking every item and making her own on-the-spot decisions about out-of-stock substitutions.
For social science researchers and payments professionals, this is an important question about the past 18 months: Of the changes many of us made, how many were temporary? How many are truly new habits? You can ask this question about a wide range of activities such as hand washing, cooking at home, online shopping, etc. For today, let's ask about shopping in person.
New data from the Survey of Consumer Payment Choice, out last month, show that by September 2020, our collective reaction to the COVID-19 threat was easing. In September 2019, 95 percent of U.S. consumers reported shopping in person at least once in the prior 30 days. That percentage share was pretty much the same in September 2020: 93 percent, a statistically insignificant change.
Compare this to a couple of interim surveys conducted at the height of the COVID lockdowns. In April 2020, just 34 percent of consumers reported shopping in person at least once in the prior 30 to 60 days. By August, many of us had returned to the store: 60 percent of consumers said they shopped in person at least once in the past 30 days.
And as of fall 2020, this measure, at least, is "back to normal." Keep in mind that we're talking about shopping at least once, not the share of all shopping that happens in person. That did change from 2019 to 2020, when in-person purchases dropped from 88 percent of all purchases to 85 percent, a statistically significant change. To learn more about payments behavior in 2020, read the report, the 2020 Survey of Consumer Payment Choice: Summary Results.
June 14, 2021
Four years ago, in a May 2017, Take on Payments post, my colleague Doug King echoed the concern of cybersecurity experts, warning that 2017 and 2018 were going to be the “Year(s) of Ransomware.” This warning came as ransomware attacks were increasing in frequency and being carried out against higher-profile targets. In 2018, the City of Atlanta was attacked. Following the recommendations of law enforcement officials, the city refused to pay the $51,000 ransom. Many city services involving utility billing and traffic court were disrupted for as long as a year, and officials estimated the price tag of investigation and remediation at $17 million.
In its latest report, cybersecurity firm Group-iB described the results of its analysis of more than 500 ransomware attacks: not only did the numbers of attacks in 2020 increase by more than 150 percent over the previous year, but also the sophistication of the attacks themselves had substantially increased.
Over the last month, high-profile attacks against an oil pipeline operation, meat processor, and digital services provider have been reported. While attacks against corporate targets often have limited impact on the general public, the Colonial Pipeline attack led to a shutdown of a major supply pipeline servicing the eastern United States, triggering panic buying and complete outages at more than 11,000 gas stations in addition to a spike in retail gasoline prices, according to a Newsweek article.
Ransomware attack strategies have a number of variables, including the type of criminal organization behind the attack, the target industry, or the size and method of infiltration, whether that’s phishing or finding a network or software security vulnerability or something else. One of the largest concerns of law enforcement is the emergence over the last few years of criminal organizations that provide ransomware as a service (RaaS), as was the case in the Colonial Pipeline cyberattack. Under this scheme, the criminal organization sells or leases their ransomware programming code to users who use it to attack their targets. The Group-iB report indicated that RaaS was used in approximately two-thirds of the ransomware attacks in 2020.
The Ransomware Task Force—an international group of cybersecurity experts from industry, government, law enforcement, and the public sector—was formed in early 2019 to address this threat. In early April, it delivered to the U.S. government a report with recommendations for combatting ransomware attacks. The following list includes some of the 48 recommendations:
- Make proactive diplomatic and law enforcement efforts to reduce and eliminate nation-states from providing protection to ransomware criminals.
- The United States should take a lead role in implementing a comprehensive anti-ransomware campaign including creating a task force composed of government agencies and private industry.
- Organizations should be mandated to report ransomware payments and to consider alternatives before making such payments.
- Since cryptocurrency is predominantly used for ransomware payments, the cryptocurrency operators should be more closely regulated.
On April 21, the U.S. Department of Justice (DOJ) announced the formation of the Ransomware and Digital Extortion Task Force to “bring the full authorities and resources of the Department to bear to confront the many dimensions and root causes of this threat.” An early success of the departments working through the Task Force was detailed on June 7, when the DOJ announced that it had recovered approximately $2.3 million of the $4.4 million ransom paid by Colonial Pipeline.
We will continue to follow the ransomware threat, recognizing that no type of industry or size of business is safe from such an attack.