Archive

Go to:

August 2017
SMTWTFS
12345
6789101112
13141516171819
20212223242526
2728293031
< Jul Sep >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

Fed's Powell Discusses the U.S. Payment System
Wednesday, July 1, 2015 6:35 AM

Addressing the Federal Reserve Bank of Kansas City conference, the Federal Reserve Board Governor Jerome H. Powell shared his views on how to build a safer payment system in the United States.

"Americans make more than 120 billion noncash payments each year. But it's only when something goes wrong, like a data breach at a major retailer or bank, that the typical end user takes notice of the payments process," Powell said.

He noted that as the nation's central bank, the Fed plays many roles in the payment system, including payment system operator, supervisor of financial institutions and systemically important financial market utilities, regulator, researcher, and catalyst for improvement. He discussed the agency's current efforts to improve the speed, efficiency and security of the payment system, and outlined four things all players within the payments system should be doing to enhance payment security.

Those things, Powell said, involve:

  1. Safe innovation: To innovate safely, payment system participants must work together by participating in coordinated efforts to improve the payment system.
  2. Prevention: You will be attacked and criminals today are often motivated, intelligent, well-organized and well-funded. Therefore it is important to layer security tools and procedures. Methods to devalue payment data, like tokenization and encryption for data at rest, in use, and in transit, mitigate the effect of a data breach. Analytics can identify and prevent fraudulent transactions. Firewalls and segmentation of technology supporting critical functions can protect networks from outside attacks.
  3. Planning: Be ready to detect, respond and recover. The median amount of time it took to discover a breach was about 200 days last year so plans need to include methods to detect attacks. Also, consider an investment in new tools and approaches to aid in rapid recovery, and participate in industry-led tabletop exercises to help think through how to respond and recover from cybersecurity events.
  4. Education: More could be done to empower consumers to use financial products safely by educating them on the risks they face and the steps they can take to protect themselves. For example, financial institutions can provide and help consumers understand online banking tools like credit card transaction alerts that can help consumers spot or stop fraud. Knowledge is power. Education is critical to fostering the security of the payment system and, ultimately, to maintaining public confidence.

Powell also said that EMV payment card technology represents an “important step forward,” but security should not stop there, and he outlined his thoughts on safer payments systems.

“For many years, traditional authentication methods like signatures and static passwords have been used to verify that an individual is authorized to initiate a payment. New approaches to authentication increasingly offer greater assurance and protection,” he said. “Given the current technologies that we have at our disposal, we should assess the continued use of signatures as a means of authenticating card transactions.”

EMV (Europay/MasterCard/Visa) involves the use of chip-enabled payment cards and terminals. Powell said that stakeholders in the payments system should keep searching for new approaches to authentication.

“It is important to layer security tools and procedures. Methods to devalue payment data, like tokenization and encryption for data at rest, in use, and in transit, mitigate the effect of a data breach. Analytics can identify and prevent fraudulent transactions,” he said. “Firewalls and segmentation of technology supporting critical functions can protect networks from outside attacks.”

CUNA has previously reported that a recent study estimated less than a quarter of merchants will be EMV-ready by Oct. 1, the date when liability for card-present losses shifts to the entity with the least amount of security.