The business of payments in the U.S. continues to change rapidly. Treasury professionals must stay up-to-speed when it comes to the latest trends. Are you aware of these two major issues in payments today?
Ask any treasury professional what keeps him or her awake at night, and the likely response is “cybersecurity.” Announcements of data breaches continue to jar the industry, shining a spotlight on the importance—and increasing difficulty—of protecting customer data. In addition, treasury professionals must remain on high alert as hackers move from their once-favored approach of corporate account takeover, in which they attempt to compromise the online banking credentials of the corporate and then initiate fraudulent transfers. The fraudsters’ latest approach favors business e-mail compromise (BEC), in which they use compromised or spoofed e-mail accounts and social engineering, attempting to get the treasury professional initiate the payment himself or herself.
The Association for Financial Professionals’ (AFP) 2016 Payments Fraud & Controls Survey indicated that BEC scams are increasing, with 64 percent of respondents experiencing attempted or actual BEC. Of those that experienced BEC, 56 percent did so via wire transfer. This is a grave concern, as wires move quickly, and it can be very difficult to retrieve funds associated with a fraudulent wire.
The FBI provides information on how to avoid becoming the victim of BEC. Two crucial pieces of advice include the use of dual verification for wire transfers at the corporate—separate users for creation and approval of wires—and the use of callbacks by financial institutions to a known party and phone number to confirm wire transfer instructions.
October 2016 witnessed the one-year anniversary of the October 1, 2015, “liability shift” associated with the implementation of the EMV standard in the U.S. As of that date, the party that is not able to facilitate a chip-card transaction—either the issuer or merchant—can be held liable for fraud losses from card-present counterfeit fraud at the point of sale.
The liability shift was intended to encourage the adoption of EMV-enabled terminals at merchants and issuance of chip cards by banks and credit unions. While issuers continue to churn out new EMV cards, EMV acceptance at by merchants has lagged. Visa, the largest of the card networks, announced that, as of September 2016, its U.S. issuers have issued 363 million chip cards. The Payments Security Task Force (of which Visa is a member) forecasts 98 percent of cards in the U.S. will have EMV chips by the end of 2017. Visa reported 1.46 million merchants have the equipment and software to actively accept EMV chip cards). Visa expects 50 percent of locations to be enabled by the end of 2016. This means that a significant portion of the merchant base in the U.S. will not be EMV-enabled for some time, and cards will continue to carry the fraud-prone magnetic stripe.
Businesses who have not yet done so should work with their merchant services providers to develop a plan for moving forward with EMV compliance. Financial institutions should work with their processors, if they have not yet done so, to develop a plan for issuing EMV chip debit and credit cards.
Matt Davies, AAP, CTP, CPP, is an Assistant Vice President in the Communications & Outreach Department at the Federal Reserve Bank of Dallas. Davies is also an instructor for the CTP program at the Glasscock School. Contact him at firstname.lastname@example.org.
The views expressed are those of the author, and do not necessarily represent the views of the Federal Reserve Bank of Dallas, the Federal Reserve System or the Glasscock School of Continuing Studies.