Information Sharing for the Mitigation of Payments Risk/Fraud Work Group

The mission of the Secure Payments Task Force was to provide a forum for stakeholders to advise the Federal Reserve in its leader/catalyst and operator roles on payment security matters, and identify and promote actions that can be taken by payment system participants collectively or by the Federal Reserve System. The Secure Payments Task Force established work groups, including the Information Sharing for the Mitigation of Payment Risk/Fraud Work Group, to advance its efforts. The work group members, operating from early-2016 through the conclusion of the task force in 2018, identified their respective views on payment security challenges, industry desired outcomes and solutions as outlined below.

Industry Challenges Desired Outcomes Proposed Solution
There is no centrally organized set of standard metrics, requirements or collection points for fraud data across the U.S. payments industry.

We recognize that specific segments and trade associations within the payments industry collect and publish fraud information to their respective members; however, without a standardized set of definitions and requirements for defining, collecting and formatting fraud data, the U.S. payments industry remains challenged to accurately measure and benchmark fraud data and metrics across industry segments and payment types.

Available payments industry fraud and risk data can be easily, accurately, consistently and confidently interpreted and acted upon by payment industry participants. Phase 1—Identify enhancements to existing payments risk/fraud reports and provide recommendations to the reporting source for future consideration

Phase 2—Identify enhancements to existing payments risk/fraud reports and create an agreed upon roadmap with the reporting source to incorporate changes in the next release of the reports

Phase 3—Implement a defined set of requirements and evaluate the identification/creation of a channel to centralize the capture, analysis and reporting of suspected and confirmed fraud data and other financial crime information by segment and payment type across the payments industry

Phase 4—Evaluate the establishment of a banking industry owned utility that has access to better real-time data across all payment methods and systems to outsource a portion of the financial services industry’s risk monitoring responsibilities (e.g. BSA/AML)

Barriers, including baseline knowledge of available resources, trust and cost to join associations/information sharing and analysis centers, continue to prevent much of the intelligence from being communicated within segments as well as across segments.

Improvements have been made in the US to establish secure channels to communicate cybersecurity and fraud threats among members within a particular industry segment (e.g. Financial Services Information Sharing and Analysis Center (FS-ISAC), Retail Cyber Intelligence Sharing Center (RCISC), etc.). In addition, the implementation of the Cybersecurity Information Sharing Act and Automated Indicator Sharing (AIS) has created opportunity for the private sector to share cybersecurity intelligence with the US Government. However, barriers, including baseline knowledge of available resources, trust and cost to join associations/information sharing and analysis centers, continue to prevent much of the intelligence from being communicated within segments as well as across segments. These barriers limit the amount of information shared within the payments industry which reduces the effectiveness of further preventing fraud/crime from occurring within the U.S. payments ecosystem.

Improved awareness and implementation of inclusive cybersecurity and fraud information sharing among and across U.S. payment industry participants. Phase 1—Document a list of available cybersecurity and fraud information sources that are valuable to the payments industry

Phase 2—Broaden the distribution of currently available cybersecurity/fraud information within and across payment industry participant segments

Phase 3—Establish an industry ombudsman or leverage existing channels to close information sharing gaps, broaden distribution among and across segments and implement a framework for sharing information with key US payment industry participants

Current threats and related trends within the payment industry are global in nature.
Fraud and cybersecurity attacks are often coordinated and carried out from areas across the globe. As the payments industry continues to expand globally, additional coordination and sharing of information is required to effectively mitigate payments risk and fraud.
Establish and facilitate cross border cybersecurity and fraud information sharing. Phase 1—Identify the global entities/resources the US should endeavor to share payments fraud/risk information

Phase 2—Establish points of contact with global resources/entities and begin to manually share critical payments risk/fraud information

Phase 3—Leverage existing channels and technical requirements (e.g. STIX, TAXI) or develop new channels and technical requirements to facilitate the systematic sharing of actionable payments risk and fraud data globally