The mission of the Secure Payments Task Force is to provide a forum for stakeholders to advise the Federal Reserve in its leader/catalyst and operator roles on payment security matters, and identify and promote actions that can be taken by payment system participants collectively or by the Federal Reserve System. The Secure Payments Task Force established work groups, including the Information Sharing for the Mitigation of Payment Risk/Fraud Work Group, in an endeavor to advance its efforts. The work group identified their respective views on payment security challenges, industry desired outcomes and solutions as outlined below.
|Industry Challenges||Desired Outcomes||Proposed Solution|
|There is no centrally organized set of standard metrics, requirements or collection points for fraud data across the U.S. payments industry.
We recognize that specific segments and trade associations within the payments industry collect and publish fraud information to their respective members; however, without a standardized set of definitions and requirements for defining, collecting and formatting fraud data, the U.S. payments industry remains challenged to accurately measure and benchmark fraud data and metrics across industry segments and payment types.
|Available payments industry fraud and risk data can be easily, accurately, consistently and confidently interpreted and acted upon by payment industry participants.||Phase 1—Identify enhancements to existing payments risk/fraud reports and provide recommendations to the reporting source for future consideration
Phase 2—Identify enhancements to existing payments risk/fraud reports and create an agreed upon roadmap with the reporting source to incorporate changes in the next release of the reports
Phase 3—Implement a defined set of requirements and evaluate the identification/creation of a channel to centralize the capture, analysis and reporting of suspected and confirmed fraud data and other financial crime information by segment and payment type across the payments industry
Phase 4—Evaluate the establishment of a banking industry owned utility that has access to better real-time data across all payment methods and systems to outsource a portion of the financial services industry’s risk monitoring responsibilities (e.g. BSA/AML)
|Barriers, including baseline knowledge of available resources, trust and cost to join associations/information sharing and analysis centers, continue to prevent much of the intelligence from being communicated within segments as well as across segments.
Improvements have been made in the US to establish secure channels to communicate cybersecurity and fraud threats among members within a particular industry segment (e.g. Financial Services Information Sharing and Analysis Center (FS-ISAC), Retail Cyber Intelligence Sharing Center (RCISC), etc.). In addition, the implementation of the Cybersecurity Information Sharing Act and Automated Indicator Sharing (AIS) has created opportunity for the private sector to share cybersecurity intelligence with the US Government. However, barriers, including baseline knowledge of available resources, trust and cost to join associations/information sharing and analysis centers, continue to prevent much of the intelligence from being communicated within segments as well as across segments. These barriers limit the amount of information shared within the payments industry which reduces the effectiveness of further preventing fraud/crime from occurring within the U.S. payments ecosystem.
|Improved awareness and implementation of inclusive cybersecurity and fraud information sharing among and across U.S. payment industry participants.||Phase 1—Document a list of available cybersecurity and fraud information sources that are valuable to the payments industry
Phase 2—Broaden the distribution of currently available cybersecurity/fraud information within and across payment industry participant segments
Phase 3—Establish an industry ombudsman or leverage existing channels to close information sharing gaps, broaden distribution among and across segments and implement a framework for sharing information with key US payment industry participants
|Current threats and related trends within the payment industry are global in nature.
Fraud and cybersecurity attacks are often coordinated and carried out from areas across the globe. As the payments industry continues to expand globally, additional coordination and sharing of information is required to effectively mitigate payments risk and fraud.
|Establish and facilitate cross border cybersecurity and fraud information sharing.||Phase 1—Identify the global entities/resources the US should endeavor to share payments fraud/risk information
Phase 2—Establish points of contact with global resources/entities and begin to manually share critical payments risk/fraud information
Phase 3—Leverage existing channels and technical requirements (e.g. STIX, TAXI) or develop new channels and technical requirements to facilitate the systematic sharing of actionable payments risk and fraud data globally