The impending deployment of EMV chip cards throughout the United States represents an important step forward in improving the U.S. payment system, but stakeholders cannot stop there, Federal Reserve Governor Jerome Powell said last week before an audience in Kansas City, Mo.
“For some years, members of the public have told us with increasing frequency and intensity that they see the United States falling behind other nations in the speed and security of our payment system. We hear all the time that the Federal Reserve should do something about this. But, despite our multiple roles, the Federal Reserve does not have broad authority to simply restructure or redesign the payment system,” he said before “The Puzzle of Payments Security” conference.
Powell discussed some of the Fed’s work in this area, including its release two years ago of a consultative paper on the matter and its release earlier this year of another paper, “Strategies for Improving the U.S. Payment System,” which outlines the Fed’s grand vision for doing just that.
On the heels of that second paper, he said, the agency also organized two special payments task forces that will advise the Fed on these goals: one that will specialize in faster payments and another that will specialize in more secure payments. More than 300 participants have joined the faster payments task force and more than 200 joined the secure payments task force, Powell said.
Turning to the challenges of building a safer, faster payment system, Powell contrasted two stories of criminals exploiting weaknesses in the system. In the 1960s, he said, Frank Abagnale, the con man portrayed in “Catch Me If You Can,” was able to cash fraudulent checks because he would use routing numbers that sent those paper checks cross-country by plane or truck to be cleared. By the time the checks were returned to the bank that had cashed them, Abagnale would be gone.
In 2013, Powell said, ATM thieves were able to use counterfeit prepaid debit cards to withdraw large amounts of cash – to the tune of $40 million – by first hacking into a payment processor’s database, stealing personal account information to create counterfeit cards and then deploying a wide network of “cashing crews” to make the actual withdrawals.
“These well-known payment fraud schemes were perpetrated in different eras, and juxtaposing them highlights how the payment security landscape has changed,” he said. “Frank Abagnale relied on the slow speed of the paper check-clearing system and in-person social engineering. In contrast, the ATM thieves relied on rapid transmission of data to remotely steal account information and alter withdrawal limits, all without interacting with bank employees. Today, fraud can be executed quickly, perpetrated on a massive scale, and carried out remotely.”
Powell then suggested four steps that all payments stakeholders ought to be taking. Stakeholders should adopt new technologies prudently, they should assume they will be attacked and accordingly take prevention measures, they should plan for a cyber-attack and they should do more to educate the general public, he said.
“The things I’ve discussed today apply to all payment system participants,” Powell said. “Each of us has an important role to play in building a safer payment system. Given the payment system’s complexity, it’s important to keep in mind that we all need to work together when we innovate, prevent, plan, and educate.”
