Wal-Mart Stores Inc.’s announcement this week that it will be offering checking accounts to consumers through Green Dot Corp.’s GoBank mobile-banking services reopened old fissures between banks and non-banking companies over offering financial services to consumers, fissures that radiate out to the topic of payments security.
At the Federal Reserve Bank of Chicago’s annual Payments Symposium on Thursday, a Fed researcher noted that a complex regulatory environment, particularly for non-banks and emerging payments providers, poses problems for public officials in coordinating their supervision and enforcement approaches to payments security. Regulators are beginning to understand that the myriad issues posed by fast-evolving payment technologies and services mean that they must work together more often, according to Barbara Pacheco, senior vice president at the Federal Reserve Bank of Kansas City. Pacheco noted that state banking regulators have begun to coordinate their efforts through a new working group.
“Really, the improvement opportunity here is to enhance…that collaboration,” she said.
Getting regulators to sing the same tune is just one of five security-related issues Fed researchers identified as part of their recent Payment System Improvement Project. The project included a security survey early this year of 40-plus executives from financial institutions, payment networks, technology companies, processors, and other payments-industry stakeholders. Other weaknesses and improvement opportunities identified by the survey participants, according to Pacheco, included:
• Development and adoption of standards and protocols is not keeping pace with technological advances and changes in the threat environment;
• Mobile-payment transactions may be exposed to higher risk because of the greater number of parties in the process and unclear lines of accountability and oversight;
• Suboptimal security technologies or processes can result in data compromises that damage public confidence in payment systems; and
• The collection and reporting of available data on fraud and payment-security threats is insufficient for developing strong prevention strategies. The lack of access to relevant security information by everyone who might need it is a result of privacy concerns, the fact that much of the data are proprietary and held by competitors, and the risk that sharing data might present reputational and legal risks to the data provider.
The remedy for most of these problems, according to a Fed report, is to improve industry coordination on timely adoption of technology, standards, and protocols; better protection of sensitive data and removing or devaluing them from the payment process; and strengthening authorization and authentication of parties and devices across all payment methods and channels.
None of that will be easy, and no expert can say for certain how payments security will evolve. “We live in interesting times,” said Pacheco.