Payments in 2022: What Had Our Attention? Transcript - December 15, 2022

Federal Reserve Bank of Atlanta Talk About Payments Webinar

Payments in 2022: What Had Our Attention?

December 15, 2022

Transcript

Nancy Donahue: Good afternoon, everyone, and welcome to the Retail Payments Risk Forum's year-end webinar, "Payments in 2022: What Had Our Attention." We appreciate you taking time out of your day to join us for today's conversation.

First, I'd like to start us out with our disclaimer: the views expressed in this presentation are those of the presenters and do not necessarily reflect the positions or policies of the Federal Reserve Bank of Atlanta or the Federal Reserve System.

I'd like to quickly address some logistical issues. If you are experiencing any technical issues, please submit your issue in the chat window in Webex, and our host will try and assist you. The chat function is just for technical issues. It will not be monitored after the first several minutes of the webinar, and we don't want to miss any of your questions. Questions for the speakers should be submitted in the Q&A tab in the Webex platform.

Immediately following the webinar, we will send you a short survey. We welcome your feedback on today's session, and it helps inform our future events.

Lastly, the recording of today's webinar, with the presentation and transcript, will be posted on the Federal Reserve Bank of Atlanta website in approximately a week, if you would like to go back and review the materials again.

The Retail Payments Risk Forum's mission is one of research and education in the area of payments—and when we say "payments," this includes payment instruments that people use, such as cash, checks, debit and credit cards, mobile, digital, and emerging payments, as well as those payments providers. We examine risks and trends in the payments space. Speaking engagements are one such way that we communicate about findings from our research initiatives, such as the Federal Reserve Payments Study and the Survey and Diary of Consumer Payment Choice. We write and publish white papers, a weekly blog called Take On Payments, and quarterly webinars, such as this one today, called Talk About Payments, in which we explore topics of interest.

So let's introduce today's panelists. I'll start us off. My name is Nancy Donahue. I'm a manager here in the Retail Payments Risk Forum, and my primary area of focus is the Federal Reserve Payments Study.

Jessica Washington: Hello. I'm Jessica Washington, assistant vice president in the Retail Payments Risk Forum, and this is my favorite webinar of the year. I'm glad to be here.

Dave Lott: Welcome, everybody. I'm Dave Lott, a payments risk expert. I've been with the Federal Reserve just over 10 years, but in the payments/banking space for more decades than I would care to admit. It's great to have you here.

What we wanted to cover in the webinar today—several areas, with a focus on the events of 2022 as well as looking forward to the major issues we see for 2023. One of the first things we wanted to cover is, we thought it'd be interesting to come up with the payment "word of the year"—where we all have two nominations for word of the year, and then in just a little bit we're going to ask you to vote on which of those six words you feel should be the word of the year.

Then I'm going to cover some of the current and past issues with regard to the payments infrastructure evolution, Nancy is going to talk about B2B [business-to-business] payments, and Jessica is going to end up with a discussion about fraud, collaboration, and some of the issues the industry is facing, and potential solutions. As always, we welcome your questions, and so we are reserving time at the end of the webinar in order to answer and address those questions that we can.

Donahue: So as Dave said, we're going to kick things off today with our thoughts on the word in the payments sphere that resonated most with us, or that we think best represents what we have seen in 2022. Jessica, would you like to start us off with your thoughts?

Washington: Sure thing. My word of the year—my first word of the year—is "interoperability." If you've been to a conference this past year, you might have had a session on the push for interoperability. This is a topic that comes up in many industries, especially those that are a complex ecosystem (like payments is, increasingly). We hear this a lot around cross-border payments, where there's a lot of energy around promoting efficiencies in cross-border payments. But it really brings up, for me, collaboration, which I'm going to talk about later.

My other word of the year is "frictionless." Now, this word actually causes quite a bit of friction in my mind, because when I first learned about it, it was "invisible" payments. But as "frictionless" payments might be convenient for consumers, it keeps me up at night to think about what the payments industry is actually doing behind the scenes in order to create that frictionless experience.

I'll pass it over to Dave.

Lott: Thanks. The first word I'm nominating is "irrevocable"—easy for me to say. You're familiar with the word in the past from the standpoint of wire transfers, in that, with very few exceptions, once a wire transfer is sent, it really can't be reversed. The funds are gone. But due to the significant increase in peer-to-peer transactions through Zelle, Venmo, Cash App, and other proprietary applications, the issue of finality—irrevocability—has come to the surface again. It's becoming the payment of choice for criminals. For that reason, there's been activity by the CFPB [Consumer Financial Protection Bureau] looking at potential new rules with regard to peer-to-peer payments, and we'll talk about that a little bit more later.

My second candidate word is "payment facilitators," or "payfacs." The card brands officially define a "payfac" as the merchant of record, but the business model has changed a little bit to where it's more of a sub-merchant account provided and managed by a merchant service provider. There's a number of benefits for smaller merchants with regard to being a payfac, in terms of easier and quicker onboarding to be able to accept card payments, but there are also risks for the merchant service provider, in that they are the ones ultimately responsible for settlement chargeback and other aspects of the transaction support.

So those are my two words. Nancy, over to you.

Donahue: Sure. My first word is "omnichannel payments." So in general terms, omnichannel payments refer to offering multiple payment options to consumers and customers that provide an integrated and consistent user experience between the physical and digital channels. Omnichannel payments allow customers the convenience and flexibility to make payments how they choose, whether that's in person, online, by phone or text, using an app on their phone or mobile device, or by mail, just to name a few.

Buy online and pick up in store (or "curbside pickup"), which we have written and spoken about on several occasions in our blog and webinar series, is just one example—and one that many of us adopted for our grocery pickup or dinner take-out during the pandemic. And the risks associated with ecommerce, such as card-not-present fraud, are also present in omnichannel commerce.

My next word is "metaverse," and metaverse is not a new word. It actually goes back to the '90s, at least. But metaverse refers to people interacting in virtual reality, whether that's gaming, socializing, working, or transacting commerce. And we've all likely seen stories in the mainstream news about people purchasing virtual real estate, with some prices rivaling traditional real estate—or celebrities, sports stars, and musicians issuing NFTs. Numerous well-known financial services companies and social media firms have invested in the metaverse, establishing a presence for future development and exploration of a virtual marketplace.

So one question that I have going forward is how users will pay for digital objects in the metaverse—whether that's cryptocurrency, stablecoins, or some type of digital token. Currently, blockchain platforms provide the rails for many payments in the metaverse. Payments using cryptocurrencies in the metaverse perhaps pose less risk for merchants, as they are not currently subject to chargeback rules. However, risk could increase should merchants and sellers decide to accept traditional payment methods, such as debit and credit cards.

But another question that I have about the metaverse is how ownership of digital assets will be established or verified in the virtual marketplace, and will a universal standard for digital identity emerge?

So now that you have heard our thoughts, we would like to know what you think. You should see the poll launch on the lower right-hand corner of your screen. Which word gets your vote for the payments word of the year for 2022: frictionless, interoperability, irrevocable, metaverse, omnichannel, or payfacs? We'll give everyone 60 seconds to vote.

Okay. So, it sounds like we already have the results, so we're going to close out the poll and see how everyone voted. Dave or Jessica, how did we end up?

Washington: We have a tie between frictionless and interoperability.

Donahue: Interesting.

Washington: With metaverse and omnichannel falling just behind.

Donahue: Interesting. Well, Dave, I'm going to turn things over to you now to talk about payments system evolution this year.

Lott: Thanks. As I mentioned, I've been around the payments business for a number of years, and I've been fortunate to witness the evolution of the payments system. When I first got into banking in the early '70s, there were really only three ways for a consumer to pay for goods and services, and that was either cash, a check, or a credit card. But I've seen the electronification of checks; the emergence of ATM cards, initially, which migrated over to debit cards; and then of course the launch of prepaid (or "stored-value") cards—as well as the launch of the ACH system, and some of the newer modifications and enhancements to the existing legacy system.

I wanted to take a few minutes and comment on some of the items that drew our attention in 2022 and looking forward to 2023. With regard to instant payments, the Clearing House just celebrated the fifth anniversary of its real-time payments product. When it was launched in 2017, it represented the first new payments platform in almost 40 years. Of course, the Federal Reserve is going live in 2023 with its FedNow platform, and both platforms will be offering near-instantaneous processing and settlement of consumer push transactions—eventually incorporating business transactions as well.

The Clearing House has projected that overall, instant payments will quadruple from 1.8 billion this year to almost 9 billion by 2026. So this is going to be an important part of the payments system, and one that we will continue to monitor in the future.

Related to that is same-day ACH. Nacha and the two ACH operators—which, of course, are the Clearing House and the Federal Reserve System—had been working over the last several years to provide a faster payments and settlement time for ACH transactions. Same-day ACH was first introduced in 2016, but volumes have increased considerably over the last two years.

In 2021, there were 604 million same-day transactions, which represented a 74 percent increase over the volume in 2020. For the third quarter of 2022, same-day ACH volume was almost 24 percent higher than the same quarter in 2021. However, despite these robust increases, same-day ACH volume still only represents about 2 percent of the total ACH volume—so there's plenty of room for growth.

The next item I wanted to cover is contactless payments. The stage was set for contactless payments by the major issuers issuing contactless cards by 2019 for credit cards initially, and then debit cards. Certainly, the COVID pandemic—with its increased health concerns, and the issue of physical activity—spurred the usage of contactless payments at the point-of-sale as the consumers returned to physical stores. In January of this year, Visa reported that nearly 20 percent of its in-person card transactions in the United States were contactless. And even though they didn't give a specific breakdown, they did indicate that card usage was substantially more than the use of smartphones.

The next topic is one that has been very important to the Federal Reserve System as a whole, and in particular the Federal Reserve Bank of Atlanta, and that is with regard to economic and payments inclusion. My colleague, Jessica Washington, has been heavily involved in the efforts of the Atlanta Fed in this area, and so I'm going to turn it over to Jessica to give us a little bit more information. Jessica?

Washington: Thanks, Dave. In the vein of payments evolution, we started to notice how the rapid digitization of payments was creating a bit of a rift for those with a cash-reliant payment need. And so it occurred to us that we might want to start thinking about cash preservation in a certain regard, and also making sure that there's a bridge to the benefits of digital payments—ensuring that there's actually optionality, that consumers can choose the way that they want to pay and that works for them, and that there's equitable access to those options. And our end goal is really to focus on promoting economic mobility and resilience.

Cash-reliant populations tend to be vulnerable populations, and we want to make sure that they're not further marginalized from the digital economy. There are so many benefits to digital payments, like Dave was describing, so we want to make sure that the right benefits meet the needs of unique and vulnerable populations.

Lott: Thanks, Jessica. We thought it'd be interesting to display this slide, which shows some results from the most recent Diary of Consumer Payment Choice, and that is showing the various payment methods and the usage by the consumers. This diary is about 4,600 consumers, a nationally representative survey. And it's one of the few—if not the only—publicly available survey that measures the use of cash. And as you can see here, cash remains the most common form of payment by consumers.

We're going to talk about the future of cash a little bit later on, but as you can see it is a critical aspect—and, as Jessica indicated, it is oftentimes the preferred method of payment by the vulnerable population, particularly those that don't have other options such as checking accounts or credit cards. But there is a reminder here that the variety of payment methods should be open to all consumers, although the Federal Reserve has taken the position that a business has the right to choose which payment methods it accepts based upon the needs of its business, but encourages businesses to accept all payment methods in the belief that the more consumers that can participate with that business, the better it is for that business.

The next topic I wanted to cover is open banking. This has been a subject that's been talked about in the United States for a number of years. There have been some products announced or available for the last several years. Initial ones involved "screen scraping," which certainly poses some security considerations associated with that. But open banking has become very prevalent in the UK and the European Union over the last several years, and it's finally getting attention here in the United States.

In October of this year, the CFPB, based upon a directive by President Biden, issued a definitive roadmap for the introduction of open banking in the United States. They have issued a preliminary set of rules, but it's really focused on a legislative requirement that they have to evaluate the impact on small businesses. But later in 2023, there will be a proposed rule with regard to open banking issued for general comment.

And then after that comment period ends, they will finalize that rule—which is expected to be sometime in 2024, with a mandated implementation some time generally about six months after publishing of the final rules, so that's probably going to be the latter part of 2024, or early part of 2025. So, this is an area that we will continue to monitor over the next several years.

The next topic I wanted to cover is debit routing, in that Regulation II back in July 2011 mandated that merchants have the capability of choosing at least two unaffiliated networks to route their debit transaction. Largely, there was compliance with this with regard to card-present transactions, but the merchant community complained that that wasn't always the case with regard to ecommerce or card-not-present transactions. So the Federal Reserve just recently issued a final rule stating that the "at least two networks" option must be made available to merchants for card-not-present transactions as well, with an implementation by July of 2023. So again, it's another development that we will continue to monitor.

Finally, I mentioned at the forefront some of the future technology, such as instant payments, efforts by the Clearing House, the FedNow service—we're seeing a lot of activity in the fintech sector. But what does the future hold, particularly with regard to business-to-business transactions? I'm going to turn it over to Nancy to give a little bit more insight into that area.

Donahue: Thank you for that, Dave. Setting the stage with a business payments landscape: this table was produced earlier this month by Aite based on a survey of a few hundred employees of mid-sized and large companies in the United States and Canada in the second quarter of this year. The payment types appear to run the gamut and based on my interpretation, likely included payments to both consumers and businesses.

What was notable to me is that check use had the largest percentage reported of all types. Check use remains high for B2B payments because current electronic options pose challenges for payment reconciliation, and also the need to obtain payee electronic payment account information in advance. One of the reasons that checks are ubiquitous is that everyone can accept a check—and almost anyone can write a check—without any requirement of technology or set-up. With a check, a business can make a payment to another business without first knowing that payee's financial information.

However, as we know, as technology has advanced, businesses have sought options for electronic payment methods. As part of its long-running work to enhance payments efficiency, the Federal Reserve System partnered with the Business Payments Coalition to address the barriers to electronic payment adoption for businesses through the modernization of B2B payments. Also included in this work is the implementation of ISO 20022 standards in remittance information for B2B payments. Detailed information about this collaboration can be found at fedpaymentsimprovement.org and also businesspaymentscoalition.org.

One of the major milestones in this work was the development of an electronic-, or e-, invoice exchange framework. This framework laid out a set of standards, policies, and guidelines that would enable businesses to connect with one another and exchange electronic invoices with each other, and also one that supported straight-through processing of invoice, payment, and remittance data, regardless of the payment method. "Straight-through processing" is when the entire payment process—including the invoice, payment, and remittance data—is completely automated from start to finish.

Like email, which is globally interoperable due to standardized format and delivery, the e-invoice exchange framework works across an open network of providers. The diagram that's here on this slide illustrates that proposed framework, so let's walk through it.

The supplier (in the middle row, on the left) issues an invoice for goods and services purchased—and they send it to their service provider, which is also referred to as an "access point." That service provider might be their accounts payable service, as an example. The service provider then sends that electronic invoice to the buyer's access point. At that point, if necessary, the buyer's service provider would convert that invoice to a format that is compatible with the buyer's accounting system, and then they would send it electronically to the buyer.

The buyer can then transmit the payment to the supplier, and they can do that via ACH, wire, instant payment, or card. Remittance information—reference information—about the payment could be sent by a parallel set of electronic access points, if sending that information with the payment is not an option.

In October of 2021, the Federal Reserve and the Business Payments Coalition announced two industry work streams to pilot this framework. These two work streams were called the E-invoice Exchange Market Pilot and the Remittance Delivery Assessment Work Group.

The purpose of the E-invoice Exchange Market Pilot is the development, testing, and implementation of the US e-invoice exchange framework—and this is based on a successful proof of concept for this framework by the Business Payments Coalition. This work has been conducted throughout 2022 for the pilot, with the goal of establishing an operational B2B invoice exchange framework for the US market in 2023.

The Remittance Delivery Assessment Work Group's purpose was to assess the feasibility of an e-remittance framework for use in the exchange of remittance information across all payment types. Their work was conducted in September 2021 through mid-year of this year. And what that work group determined was that the proposed framework was adaptable, so that businesses could share with one another payments remittance information.

So there's a lot of innovation taking place in the business payments space, as we all know. And I'd just like to touch on a few of those here today, the first one being virtual cards. Virtual cards provide flexibility to businesses for different uses, including payments to suppliers and also employee travel. Issuance, monitoring, spending control, and reconciliation of virtual cards is simplified compared to that of physical cards.

Virtual cards are often single-use payment methods with a short expiration date. The randomly generated 16-digit card numbers become invalid once a supplier processes the predesignated, fixed amount. These features may also lower the potential for risk in those payment types.

In the omnichannel category, there's the continued emergence of super-apps. Colloquially, "super-apps" are described as a mobile one-stop shop for consumers to manage their financial needs, such as banking services, bill payments, C2B payments for goods and services, and shopping, with several tech giants competing for superiority in this space. Tech companies are also targeting businesses with enhanced app features as well.

In the instant payments space, the launch of FedNow next year will enable businesses and consumers to send instant payments through their depository or financial institution on a "24/7/365-processing" basis. Use cases for businesses, specifically, include on-demand payment and e-invoicing. What's also noteworthy in this space is the movement beyond P2P, with testing currently underway for bill payment functionality on one popular platform.

So, talking about some of the continued risks and challenges in business payments—ransomware attacks for 2022, as shown in yellow on this chart, are tracking higher than the two prior years. According to BlackFog's global ransomware report for November 2022, the US led the number of attacks globally with 46 percent, based on the data collected. The top three industries were education, government, and health care. Attacks in November of 2022 represented a 180 percent increase year over year compared to 2021. And finally, the median ransom payment for third quarter 2022 was nearly $42,000.

So this chart here shows the vectors employed in ransomware attacks since 2018. RDP, or remote desktop protocol, compromise, which is the navy-blue line in the chart, has shown a significant drop during 2022 compared to 2018, when it represented more than 75 percent of attacks. It's the only vector to have shown a decline in 2022.

Email phishing, which we have written about frequently in our blog series, is increasing in 2022 after having declined in 2021, while software vulnerability is largely unchanged. And Jessica, I believe you are going to share some thoughts on business email compromise as well.

Washington: Yes, I am. Thank you. It's really great to hear that, through payments evolution, B2B is making such advances, because I think we know we're winning or advancing when B2B can come along, because it's such a big market to move with so many interdependencies. So I think that's really important to see that as an example of innovation and evolution.

Donahue: It drives our economy, for sure.

Washington: Absolutely. I'm going to focus on fraud collaboration. A lot of times when I do presentations, I end with fraud trends and it's really depressing. So we're going to focus on the positive, collaboration side of fraud. And over the course of COVID, we did see that many organizations kind of withdrew or retracted from collaboration—at least, external collaboration—so that they could figure out how to internally collaborate from that remote environment.

And in 2022, I'm really pleased to see the collaboration efforts that are going on in person. I mean, look at us—we're in the same room with each other. When you were talking about "metaverse," I was like, "We're in the same room. That's so great."

Donahue: We're not virtual this year.

Washington: So I really do think 2022 has been a collaborative year, and unfortunately it's been a collaborative year for the bad guys as well. I first want to point out that I think we are entering a new normal for payments—and I say that actually untethered to COVID. I say "a new normal for payments," thinking about Dave's payments evolution. And that means that we're moving towards a new credit push model in payments, and that really is going to be our new normal.

When I first started in payments, credit push-type payments were warm and fuzzy. You had the strong wire payment that was irrevocable, you had the fun and happy ACH direct deposit that brought you the money, and hardly ever did we talk about fraud in the same sentence as credit push payments—but today, that is the center of our focus.

Credit push scenarios are very costly, as Nancy pointed out, with business email compromise (and vendor and payroll impersonation) especially costly to our businesses, our government agencies, nonprofits, and other public-sector organizations. Also costly, at the bottom of the slide here, are chargebacks, first-party fraud, and e-commerce/online fraud. Obviously, this is possibly to different types of organizations where liabilities lie, and financial institutions are still struggling with debit pull, as I pointed out.

A few years ago, for a collaboration effort, Nacha actually released a standard for payroll credit formatting to fight payroll impersonation. It's a voluntary standard, but it did take collaboration to get there.

I also want to point out something very important about fraud fighting: while we do tend to focus on, "Was it a BEC [business email compromise] compromise? Was it account takeover? Was it a particular P2P, or person-to-person, scam? What network—what provider—provided that P2P scam? Well, the fraud must lie there"—I think authorized push payment is a great kind of capture of all, and I think what I want to think about as collaborative here is to be agnostic in our fraud-fighting strategies. Because if you look at these, it is still a credit push payment. And they may fall on different payment networks, but there are strategies we can learn from each other across networks, and I think that's very important moving forward.

As far as collaboration with chargebacks and e-commerce fraud, we are starting to see partnerships here. A lot of vendors are coming to play, but there are still so many different types of standards and go-to-market for fraud fighting in this space, so I do hope to see more collaboration, especially in e-commerce.

Now I'll give an example of collaborative effort, and this is Nacha's new Risk Management Framework. This was to focus on credit push payments, and the framework attempts to show the scams that are trending, as well as looking for best practices that financial institutions can take to fight these credit push-types of fraud—making sure that the detection is available and prevention is key, and then also making sure that we can attempt to recover funds in a reactive way. Also, this framework has a theme of collaboration and making sure that information sharing is top of mind.

You'll see here that the areas of focus do identify what a receiving bank or payment account provider can do. It also focuses on enabling fraud information sharing among the banks and giving a framework and infrastructure in order to do so, and expanding end-user access and awareness of types of scams and education provided to those end users in a standard way.

The next example that I'll provide as a collaborative effort in the journey to classifying fraud: the FraudClassifier Model was developed by the Fraud Definitions Work Group, which was comprised of a variety of payment industry fraud experts. It actually started back in 2019, but the roadmap has continued. And in 2022 through 2024, the focus is wider adoption and making sure that industry segments that have not been early adopters, or even exposed to the FraudClassifier Model, that they are aware of it.

The other part of the framework that we're now entering in is making sure that the FraudClassifier Model, which standardizes the terminology of the type of fraud occurring across payment types—making sure it integrates well with the studies and data that we collect about fraud. That's something kind of close to our hearts, as we work on the Payments Study, which does recognize fraud data as well. The benefit of the FraudClassifier Model is information sharing and tracking. If we're using the same terminology standards across the board, we know how to qualify different types of fraud based on what occurred.

Also, improving customer education when we have a standard way to communicate. I think with all the acronyms that we have in payments, it's sometimes difficult to reach the consumer and have them understand. I know "ACH" is not necessarily a household name, for example—especially not the SEC [Securities and Exchange Commission] codes in ACH.

And then really understanding payment fraud across the different payment types—because again, the model is similar: the way that the criminal gains access, the way that they socially engineer these types of fraud scams and scenarios—so we do want to make sure that we are able to capture when criminals do hop from network to network.

Lott: I would just add, the FraudClassifier Model as you said has been in the works for a number of years. The idea originated in the Secure Payments Task Force work group—and give credit to the Payment Strategies group at the Federal Reserve Bank of Boston, who took the lead in the further development of this, and all of their work in the area of synthetic identity, as well.

Washington: Thanks, Dave. That's a good history on it. I wanted to highlight some activities, and some groups that have really been pushing for fraud collaboration. The first activity I have listed is—back to my word of the year—"interoperable" network modeling. So I've started to paint a picture that we need to be a bit more agnostic as we strategize around fraud fighting, and we can learn from different networks, different payment types.

The card networks have been very sophisticated with their fraud intelligence databases across the globe. For instance, we can still learn here with our new payment networks that are out today, and also our existing ones—ACH, or other proprietary networks. We can learn from a network like Brazil's Pix instant payments. They're a little further along in their credit push journey, and therefore we can learn from the modeling and data that they're collecting around fraud.

So I do encourage being open to that. I know that this is a very difficult area, because if you belong to or associate with a certain payment network, we have a hard time admitting that fraud is happening on our network. But ideally we would like to see more collaboration across the networks, and I think it's starting to happen a good bit.

Another activity I would like to point out are attack exercises, or even hackathons or tech sprints. I was really excited to see the adoption of hackathons and tech sprints, these attack exercises that are very collaborative. I've even seen regulators really jumping on board with this type of innovative collaboration.

And for the bottom areas, these are the groups that I think have really been present, especially this year. First, the payment associations across the country who offer grassroots representation of a diverse group of financial institutions, as well as payment service providers, and so they are able to capture robust fraud information from their membership, and they are also able to share it across the globe. For instance, one is even sharing information about official counterfeit checks, so much down to the details as what color paper they're printing on or what areas of the country they're finding the pockets of these checks. You can find more information on payment associations at centerforpayments.org.

And then Financial Services Information Sharing and Analysis Center, or FS-ISAC, as we like to say. This group is also a membership group, but I have seen a new, refreshed approach to payments risk councils and a lot of collaboration taking place. They also have attack exercises that happen annually, and there's new leadership in their fraud and payments risk area—just really excited to see that group continuing.

As far as law enforcement collaboration goes, the electronic crimes task forces—these are local groups that law enforcement puts together, and I was really glad to see—not being able to participate like we used to—they're very small and you can have very collaborative discussions. I know, Dave, you had spent some good time with them, but these electronic crimes task forces are open to stakeholders, and I was very excited to see them start back up.

I would be remiss not to mention the FBI's Internet Crime Complaint Center. This is ic3.gov. This continues to be a great data source for finding out how much we have lost in business email compromise. But it takes us reporting these types of fraud scams into this database in order for us to get the information we need to really drive our fraud-fighting strategies.

Also, I'll highlight something new from regulators. The National Credit Union Information Sharing & Analysis Organization, also membership based, but really seeing the unique needs of the nation's credit unions and focusing on advancing cyber resilience through information sharing and education. The Fed, as we've mentioned—I think Dave pointed out the Federal Reserve payments improvement is also going through a refresh, and there will be the ability to collaborate on work groups like the Secure Payments Task Force. There will indeed be more groups like that going forward, so something I look forward to.

I think that closes us out for now. Nancy, we did have an issue where the poll started a little early, so not everyone got to vote—so I was going to suggest that we run it one more time before we move into our closing.

Donahue: Sure, let's do it. All right. We'll give everybody a few seconds to respond once again. We'll see if our results change from the first one. Sounded like we had a split decision on the first one.

Washington: We did. And there could be so many other words here.

Donahue: Yes. Unfortunately, we couldn't give the option to let people put their own word in there, but, yes, I'm sure there are many other very deserving words for word of the year.

Lott: I always loved "quishing." I was so tempted to make it one of my two, but it just lost out in the battle there.

Washington: What is quishing?

Lott: Quishing is basically a scam where they use a false QR code in an email or some other communication to try and get the victim to use that QR code, to shoot that QR code, which will take them to a counterfeit or a malicious website to gather false information from.

Donahue: I think it's just, "Insert issue here." We have so many. So, have we shut the poll down?

Washington: We have.

Donahue: All right. What's it look like?

Washington: So honestly, not too much different. Frictionless, number one; everybody likes frictionless. Next is interoperability. And then coming in third, omnichannel.

Donahue: There we go.

Washington: Those are the buzzwords.

Donahue: There we go. Very good. So now that we have recapped what had our attention in 2022, what topics do we anticipate watching in 2023?

Washington: Well, I'll start. I am particularly watching banking as a service. And just recently, banking-as-a-service providers recorded higher third-quarter return on average assets, net interest margin, and deposit and loan growth than the banking industry median. So I see banking as a service continuing to be a model that more will move to, and more opportunities to really innovate in that capacity.

Lott: And I'm going to be watching buy now, pay later [BNPL]. Certainly, it took the US by storm in 2022, and we are continuing to see very strong activity. The numbers in from the holiday shopping over Thanksgiving and cyber week were still very strong for BNPL, but the payment is facing some strong headwinds. First of all, the higher interest rates are putting some financial pressure on the providers, especially those who are using a third party for their financing source.

The CFPB has been alerted to a number of consumer complaints with regard to late fees and other items, and so they have really sharpened their oversight of the industry and have recently issued a study that they did of the top five providers with regard to late fees, disclosures, and credit reporting. So we'll continue to see how this develops in 2023.

The million-dollar question everybody has is: What is the new normal? Jessica talked about that, in the sense that we know that activity changed during the COVID lockdown period of time. We saw the major shifts from in-store transactions over to e-commerce transactions. So the question remains, that as we continue to move into the post-lockdown environment, are consumers going to gravitate back to the habits beforehand or have they realized additional convenience and other favorable aspects that will continue to allow them to move forward?

As I said, some activity has continued to increase. The e-commerce activity has remained strong in all aspects. But we have seen some changes. One particular change is that while the number of online transactions in the food sector—grocery stores, quick-service restaurants, casual dining—has remained very strong, the delivery of those goods to people's business or homes has dropped down about 10 percent. Instead, people are going to the store and picking up either in the store or at the curb. So, something we'll continue to watch.

Donahue: One of the things that I'll be watching is the gig economy. So, a couple of topics in the gig economy going into 2023—the first is to continue to increase adoption of Earned Wage Access, or EWA. EWA is a valuable benefit for many individuals and provides an alternative to payday lending or overdrafts.

The second topic is the recently announced IRS ruling regarding 1099K requirements for payment card and third-party network transactions.

Washington: That's an interesting... that one kind of keeps me on my toes a bit, because it's just really challenging business models as we know it.

So I'm going to say this. It's going to sound sarcastic, but I promise I mean it, very sincerely: there's nothing better than getting together with a room full of people and talking about payments. So, what I'm highlighting here within instant payments—Dave, you mentioned the real-time payments network celebrating five years, their volume growing, that they're posting their volume now on their website so we can watch that grow.

FedNow: the birth coming mid-2023, so we'll all be watching—right? Just last week, FedNow announced forming an industry work group to establish voluntary principles for consistent end-user customer experiences, and this is in the "request for payment" space. So if you are just needing to get into a room and collaborate, there's an opportunity for you.

Donahue: It's a great suggestion. So, the last item on our 2023 watch list is master accounts. Earlier this year, the Board of Governors finalized guidelines for evaluating nontraditional financial institutions' requests to be granted faster accounts and access to the Fed's payment services. Fintech firms have held the promise of greater financial inclusion and wider access to financial services, so it'll be interesting to follow this space going into the new year.

Washington: Very exciting. So we do have some questions that I'd like to pose to the group here. The first is: What is your view on persons with disabilities, how this consumer segment needs payment access and yet has vulnerability, and at the same time meeting their needs opens up innovation and opportunity?

Lott: Great question.

Washington: It is a really great question, and I actually have a bit of a response—I don't know if it's a full response, but I think that within Nacha—I mentioned Nacha before, the ACH rule-making body, industry leader/catalyst— they actually have a work group on voice-activated payments, or voice banking, and creating some standards around that, so I do think that there's some options there for people with disabilities. And actually, on my calendar for this afternoon, the FIDO Alliance, who focuses on authentication standards, is hosting a webinar called "Making FIDO Deployments Accessible to Users with Disabilities."

And so I do think that we are collaborating in this space and thinking more about this segment of the population, but I love people asking this question because it does get forgotten quite a bit.

Donahue: Yes, that is a great question.

Lott: Do you think we have time for one more?

Washington: One more question?

Lott: Our hosts say "no." So, we'll respond back to the questioners either individually through email or post it on the website with the webinar.

Donahue: That's right.

Lott: Nancy, do you want to close us out?

Donahue: Yes. Thank you again to everyone for joining us today and continuing to engage with us on payments and payments risk. Immediately following the webinar, a feedback survey will appear in your web browser that we hope you will complete. We greatly appreciate your feedback.

Lastly, please visit the Retail Payments Risk Forum web page at atlantafed.org for access to all of our blogs, webinars, and research. We wish you all a very safe and joyous holiday season, and we will see you in 2023.

Lott: See you then.

Send questions about the webinar to David Lott at david.lott@atl.frb.org.

You can also view previous Talk About Payments webinars.