FTC Amends Telemarketing Sales Rule, Bans Payment Methods Used by Scammers

On November 18, the FTC announced that it approved, by a 3-1 vote, final amendments to the Telemarketing Sales Rule (TSR) that ban telemarketers from using certain payment methods that are commonly used by scammers. Per the amendments, telemarketers are prohibited from (i) using specific types of checks and “payment orders” that are remotely created by the telemarketer or seller and which permit direct access to consumers’ bank accounts; (ii) receiving payments through traditional “cash-to-cash” money transfers, which allow scammers to easily obtain consumer funds anonymously and without the ability to reverse the transaction; and (iii) accepting as payment “cash reload” mechanisms. The FTC concluded that the aforementioned payment methods constituted abusive practices because they caused or were likely to cause “substantial injury to consumers that is neither reasonably avoidable by consumers nor outweighed by countervailing benefits to consumers or competition.” Finally, according to the FTC, “the amendments address changes in the financial marketplace to ensure consumers remain protected by the TSR’s antifraud provisions, but are narrowly tailored to allow for innovations with respect to other payment methods that are used by legitimate companies.”


DOJ Unseals Indictment Against Individuals for Alleged Involvement in Hacks Against Various U.S. Institutions

On November 10, the DOJ unsealed an indictment against three individuals, Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein, for allegedly orchestrating and committing computer hacking crimes against U.S. financial institutions, brokerage firms, and financial news publishers. According to the DOJ, “these three defendants perpetrated one of the largest thefts of financial-related data in history – making off with the sensitive information of literally thousands” of Americans. The DOJ alleges that, from approximately 2012 to mid-2015, Shalon and Aaaron hacked financial institutions to steal the personal information of more than 100 million customers, and then manipulated the price of certain U.S. publicly traded stocks, seeking to “market the stocks, in a deceptive and misleading manner, to customers of the victim companies whose contact information they had stolen in the intrusion.” Additionally, Shalon engaged in illegal businesses with Orenstein between 2007 and July 2015, allegedly operating (i) unlawful internet gambling businesses; (ii) multinational payment processors for illegal pharmaceutical suppliers, counterfeit and malicious software distributors, and unlawful internet casinos; and (iii) Coin.mx, a Bitcoin exchange company that violated federal anti-money laundering laws. Read more…


Texas Department of Banking Issues Supervisory Memorandum to Money Services Business License Holders

On October 29, the Texas Department of Banking (the Department) issued a supervisory memorandum to Money Services Business (MSB) license holders. The purpose of the memorandum “is to provide license holders with industry best practices regarding the documentation of [authorized delegate] and agent compliance monitoring efforts.” According to the Department, agents and Authorized Delegates (AD) pose substantial compliance risks to MSBs, with agent and AD file review comprising “a significant component of the examination process for assessing compliance with AML Program requirements and Texas law.” The memorandum provides MSBs with industry guidance on how to meet regulators’ expectations for maintaining documentation in compliance with agent and AD oversight. The Department identifies various documents that support effective agent and AD on-boarding due diligence, including: (i) agent and AD BSA policies and procedures; (ii) approval by foreign regulators to conduct money transmission; (iii) evidence of initial AML/BSA training; and (iv) credit review and approval documents, such as financials and credit reports. Moreover, the memorandum indicates that on-going due diligence requires MSBs to maintain, among other things, evidence to support (i) periodic BSA training; (ii) agent compliance with independent AML review requirements; and (iii) the license holder’s review of updated BSA/AML Program policies and procedures.


Digital Insights & Trends: Embracing EMV Technology for Fraud Reduction and Loss Prevention

Jeffrey Hydrick 5 x 7October 2015 represents a significant milepost in the migration of U.S. payments products to EMV chip technology. It also serves as a useful evaluation point as to what the technology achieves and where it falls short. By now, many U.S. cardholders have been issued EMV chip cards, the microprocessor-equipped cards that store the specific cardholder data on the embedded chip. For decades, U.S. payment cards stored cardholder data on a magnetic stripe on the back of the card, instead of a chip. Indeed most cards in the marketplace, including EMV cards, still contain the familiar “magstripe.” Unfortunately, the static nature of the data contained on the magstripe makes the production of counterfeit magstripe cards relatively easy. Once the cardholder data for a particular person is obtained, through “skimming” or other means, a usable counterfeit magstripe card can be produced and readily used at the point-of-sale, until the cardholder realizes that his or her data has been compromised. In contrast, EMV chip cards use a dynamic system of authentication at the point-of-sale, which makes the production of a counterfeit card with EMV chip technology much more difficult. As a result, merchants can safely conclude that an EMV chip card presented for payment in a point-of-sale transaction is authentic and not counterfeit, and card issuers should similarly experience smaller fraud losses.

The four major U.S. payment networks (Visa, MasterCard, American Express and Discover) have long-recognized the fraud-reduction potential of EMV chip cards and, individually and through their jointly-controlled EMVCo. consortium, have pushed for the implementation of EMV technology in the U.S. As part of their efforts to encourage increased EMV chip card issuance by card issuers and acceptance by merchants, beginning in October 2015 the networks shift liability for card-present fraud losses to the party (i.e., merchant, merchant acquirer or issuer) that is least compliant with EMV requirements. For example, if fraud loss results from the use of a counterfeit magstripe card at point-of-sale, where the merchant maintains certified EMV chip terminals but the card issuer has not reissued its magstripe cards as EMV chip cards, the loss will be assigned to the card issuer. On the other hand, card issuers that have issued EMC chip cards may be able to avoid liability that arises from fraudulent transactions where the accepting merchant lacks a EMV chip terminal to be used to process the transaction. Read more…


Federal Banking Regulators Schedule EGRPRA Outreach Meeting in Chicago

On September 28, the Federal Reserve, the FDIC, and the OCC announced that the latest outreach meeting under the Economic Growth and Regulatory Paperwork Reduction Act (EGRPRA) will be held on October 10 in Chicago, Illinois. The meeting will feature panel presentations from industry insiders and consumer advocates. Senior officials from the Federal Reserve, OCC, and FDIC are also scheduled to attend. This meeting will be the fifth of six outreach meetings focused on identifying outdated or burdensome regulatory requirements imposed on financial institutions. The sixth and final meeting is expected to take place on December 2 in Washington, D.C. Previous InfoBytes coverage on EGRPRA can be found here.


Federal Reserve Appoints Chicago Fed Official to Payments Security Post

On September 10, the Federal Reserve announced the appointment of Federal Reserve Bank of Chicago Senior Vice President Todd Aadland as its Payments Security Strategy Leader. Aadland will also continue to serve as a Senior Vice President and Chief Information Officer within the Federal Reserve Bank of Chicago’s Customer Relations and Support Office. In his new role, Aadland will lead the Federal Reserve System’s initiatives to address fraud risk, and promote the safety and security of the U.S. payment system. In addition, Aadland will serve as chairman of the Secure Payments Task Force, a group comprised of more than 170 payments stakeholders representing academia, government, and industry. Aadland’s appointment follows a Federal Reserve announcement naming a Faster Payments Strategy Leader tasked with improving the speed and efficiency of current and emerging payment systems.


Federal Reserve Bank of Boston’s Payment Strategies Team Provides Snapshot of Mobile Banking Landscape

On August 17, the Federal Reserve Bank of Boston published a report that outlines the results of a 2014 survey intended to capture “a point-in-time snapshot of mobile banking and payments at [financial institutions]” across five Federal Reserve bank districts. One of the largest U.S. surveys completed on mobile banking and payment services at financial institutions, the collected data mostly came from banks and credit unions – a combined total of more than 600 – with less than $500 million in assets. The survey showed that with the rise of smartphones, consumers are more easily able to use mobile devices for payments, and they demonstrate “growing comfort with mobile and digital wallets as well as willingness to pay with mobile-based solutions.” As competing mobile technologies emerge, such as non-bank technology service providers, the report found the need for financial institutions to “create mobile banking and payment strategies to respond to [the] changing environment” becomes more relevant. The report highlighted that roughly 75 percent of the financial institutions surveyed offer the following mobile services, with a majority of the remaining 25 percent planning to offer them by 2016: (i) checking balances; (ii) transferring funds between a single owner’s account; (iii) viewing statements and transaction history; (iv) ATM / branch locator; and (v) bill payment. The report further suggested that financial institutions should “keep pace” with the growing mobile banking market and “be proactive and help make the best solutions succeed.”


FinCEN Determines That Issuing a Digital Certificate Evidencing Ownership in Precious Metals, and Buying and Selling Precious Metals, Are Subject to The BSA

On August 14, FinCEN issued an Administrative Ruling, FIN-2015-R001, determining that a company who: i) provides Internet-based brokerage services between buyers and sellers of precious metals; ii) buys and sells precious metals on its own account; and iii) holds precious metals in custody, opens a digital wallet, and issues a digital proof of custody certificates evidencing ownership of such metals, is subject to the BSA.

FinCEN determined that, as a broker or dealer in e-currencies and e-precious metals, the company did not fall under the e-currencies or e-precious metals trading exemption from money transmission:  “when the Company issues a freely transferable digital certificate of ownership to buyers, it is allowing the unrestricted transfer of value from a customer’s commodity position to the position of another customer of a third-party, and it is no longer limiting itself to the type of transmission of funds that is a fundamental element of the actual transaction necessary to execute the contract for the purchase of sale of the currency or the other commodity.” As such, it is acting as a convertible virtual currency administrator (the freely transferable digital certificates being the commodity-backed virtual currency). Further, the purchases and sales of precious metals made on its own account render the Company a dealer in precious metals (subject to certain monetary thresholds and other considerations), and thus a financial institution for purposes of the BSA.


OCC Comptroller Talks Future of Financial Services, Eyes FinTech Industry

On August 7, OCC Comptroller Thomas Curry delivered remarks at the Federal Home Loan Bank of Chicago, which was hosting a conference highlighting the future of financial services. Specifically, Curry discussed innovation in the emerging financial technology industry, or “fintech,” noting the risks and benefits associated with mobile payments, virtual currency, and peer-to-peer lending products within the U.S. banking system. With respect to virtual currency, Curry stressed how important it is for financial institutions to implement adequate procedures to deter money laundering and terrorist financing. Curry also recognized that the OCC is “still early in the process” of evaluating a regulatory framework to examine some new and innovative products and services. Rounding out his remarks, Curry expressed his growing concerns with so called “neobanks,” which operate primarily online but provide similar services to brick and mortar retail branch banks, including the heightened privacy risks that neobanks present in light of recent cybersecurity attacks.


Digital Insights & Trends: Regulating Faster Electronic Payments – More Complexity or Improved Consistency?

David-Whitaker-webIn January of this year, the Federal Reserve System issued a white paper titled “Strategies for Improving the U.S. Payments System.”  The white paper notes that current technological developments (including the widespread availability of high-speed data networks, the ubiquity of mobile devices, and the increasing use of real-time commercial transaction processing) are outpacing the functional ability of the payments system to handle electronic payment authorization and processing.  In an effort to develop strategies for addressing this growing gap, the Federal Reserve has established a Faster Payments Task Force (“FPTF”).  The FPTF, which had its first meeting in June, seeks to engage a wide range of stakeholders to “identify and evaluate alternative approaches for implementing safe, ubiquitous, faster payments capabilities in the United States.”

A key question raised by such an initiative is this:  what should the legal and compliance requirements for a modern electronic payments system include, especially in connection with consumer transactions?  Current U.S. regulations for electronic fund transfers form a cumbersome patchwork — the rights and obligations of the parties to the transaction vary by the payment method used, and in some cases may change during the course of the transaction as the payment method is converted from one form to another (for example, the time frames within which a consumer may identify and reverse unauthorized or erroneous payments are often very different, depending on the form of payment).

The Consumer Financial Protection Bureau (“CFPB”), which is participating in the FPTF, has just issued a position paper on “Consumer Protection Principles” for faster electronic payments.  The CFPB has identified the following as key elements of the legal and compliance framework: Read more…


Federal Reserve Appoints Faster Payments Strategy Leader

On July 30, the Federal Reserve announced the appointment of Sean Rodriguez as its Faster Payments Strategy Leader. Rodriguez serves as a Senior Vice President at the Chicago Federal Reserve Bank. In his new role, Rodriguez will lead the Federal Reserve’s Faster Payments Task Force focusing on improving the speed and efficiency of various current and emerging payment systems. More information related to the Federal Reserve’s efforts to improve the U.S. payment system is available at fedpaymentsimprovement.org.


Federal Reserve Announces Members of Faster Payments and Secure Payments Task Force

On July 21, the Federal Reserve Board of Governors announced the members of the Faster Payments and Secure Payments Task Force as described in the Strategies for Improving the U.S. Payment System white paper released earlier this year. The committees will advise the Federal Reserve task force chair on meeting agendas, and help prioritize various task force activities, among other payments initiatives. The members include various interest groups representing industry, tech, and government, among others. More information about the task forces and the Fed’s payments improvement initiatives can be found at fedpaymentsimprovement.org.


CFPB Recommends Consumer Protection Principles for Faster Payment Networks

On July 9, the CFPB issued a set of guiding principles aimed to help private industry better protect consumers as new, faster electronic payment systems continue to emerge. “While American consumers benefit from and make use of these payment systems, there remain opportunities to improve efficiency, reduce transaction costs for consumers, and reduce credit and fraud risks,” the CFPB’s announcements stated. Accordingly, the principles advocate for more secure, transparent, accessible, and affordable networks for consumers, and recommend proposals concerning funds availability, fraud and error resolution, and privacy concerns. The Bureau’s announcement comes as the Federal Reserve is currently engaged in an initiative to improve the U.S. payment systems network.


Digital Insights & Trends: It’s All About the Blockchain

Amy-Kim-webJust returning from a blockchain workshop in London, where I worked with a number of incredible people to consider solutions to some of the pressing regulatory issues impacting the blockchain technology.  While considering these issues I wondered if Bitcoin had gained popularity solely as a protocol and not as a currency, would it have evolved faster and more readily. The almost instantaneous (compared to current standards) transfer of value across the globe would be just one component of the potential possibilities for the technology as recognized by the mainstream public.  A secure ledger of property ownership, notarization, recordation of wills and trusts, claims for corporate names and intellectual property – all would be pursued at a much faster, or perhaps more public, pace.  Currently, progressive financial institutions have announced their active experiments with the technology, while others quietly research the potential use cases.

The opportunities for developing a cryptographic, distributed, public ledger are endless, rendering predictions for the future, even 5 years from now, difficult.  What is clear is that the way we conduct financial transactions will be forever altered – for the better.  Payments and payment systems will be more efficient, secure, faster, and less expensive for all in the ecosystem and will also lead to financial inclusion.  Government regulation – while antithetical to the original thesis of the Bitcoin protocol – is a necessary component of the “algorithm” as the protection of the public from acts of terrorism and other crimes is in everyone’s interest.  So let’s work with it, think creatively about it, and help prepare the protocol, governments and the public for the next 5 years.


Financial Action Task Force Issues Guidance Urging Risk-Based Approach to Virtual Currencies and Services

On June 29, the Financial Action Task Force (FATF) issued a report, Guidance for a Risk-Based Approach to Virtual Currencies,part of a staged approach focusing on the points of intersection that provide gateways to the regulated financial system, in particular, convertible virtual currency exchangers.  The Guidance explains the application of the risk-based approach to AML/CFT measures in the virtual currency context, identify the entities involved in virtual currency payment products and services (VCPPS), and clarify the application of the relevant FATF Recommendations to convertible virtual currency exchangers.  The guidance provides, among other things, recommendations and encourages member nations to adopt regulations and guidelines similar to those applicable to traditional financial institutions to reduce risk exposure to the banking system.