Collaboration and Action in Advancing Payments Security
Since 2013, the Federal Reserve has collaborated with industry stakeholders to advance payments security. From June 2015 through March 2018, the Fed established and led the Secure Payments Task Force (Off-site) as it identified and proposed actions to advance security.
Based on feedback from the task force and industry, the Fed considered five areas to reduce fraud risk and advance the safety, security and resiliency of the payment system:
- Endpoint security
- Identity authentication
- Data protection
- Fraud information sharing
- Secure interconnectivity of emerging payments.
With facilitation support from the Fed, in November 2017, the task force (Off-site) developed and published a list of currently available fraud and risk Information Sharing Data Sources (Off-site) that may be used to mitigate fraud and cyber threats, in an effort to broaden the use of actionable information across payment system participants.
After continued collaboration, the task force concluded its efforts in March 2018 with the publication of Payment Lifecycles and Security Profiles (Off-site), which serve as an educational reference guide for payment and security practitioners on the lifecycles of the most common payment types.
View the work product voting reports and records below:
- Payment Lifecycles and Security Profiles Vote Report (PDF)
- Payment Lifecycles and Security Profiles Vote Record (PDF)
- Information Sharing Data Sources Vote Report (PDF)
- Information Sharing Data Sources Vote Record (PDF)
- Decision-Making Framework Vote Report (PDF)
- Decision-Making Framework Vote Record (PDF)
To help inform its next steps to collaborate with the industry on advancing secure payments, the Fed commissioned Boston Consulting Group to assess fraud and associated costs in the U.S. payment system, as well as identify fraud causes and contributing factors. The executive summary, A View of Payments Security: Trends, Gaps and Vulnerabilities (PDF), highlights key findings of the group’s review of academic literature, surveys and industry reports. The team also conducted stakeholder interviews to corroborate or help eliminate gaps in the existing research.
Work Groups: Gaining Momentum Through Collaboration
The task force created targeted work groups that discussed industry challenges and proposed solutions for effecting lasting payments security improvements.
- The Data Protection Work Group and Payment Identity Management Work Group collaborated to create an educational resource that describes the lifecycle for the most common payment types. This resource, the Payment Lifecycles and Security Profiles (Off-site), highlights not only how a given payment type works, but also security methods, sensitive data and associated risks throughout three key phases of the lifecycle: enrollment, transaction and reconciliation.
- The Law and Regulation Coordination Work Group and the Standards Assessment Team also provided significant input on the Payment Lifecycles and Security Profiles (Off-site), including subject matter expertise on applicable laws, regulations, standards and other references.
- The Information Sharing Work Group focused on improving awareness of inclusive cybersecurity and fraud information sharing among and across U.S. payment industry participants. This work group created Information Sharing Data Sources (Off-site) that can help organizations address payments fraud risk. The work group also highlighted the need for a recommended fraud classification model to use in discussing and reporting fraud.
Fraud Definitions Work Group: A Focus on Fraud Education
In March 2019, the Federal Reserve announced the establishment of the Fraud Definitions Work Group (FDWG) to help address industry challenges stemming from inconsistent fraud classification and lags in reporting.
The work group concluded their efforts with the announcement of the FraudClassifierSM model in June 2020. Voluntary industrywide adoption of the model can serve as an important step toward improving the consistency of fraud classification and providing the ability to speak the same language about fraud.
Focus Group Defines Synthetic Identity
The use of multiple definitions for synthetic identity fraud throughout the industry poses a fundamental problem – inconsistent categorization and reporting, making it difficult to identify and mitigate this type of fraud.
To respond to this challenge, the Federal Reserve convened a cross-industry focus group of 12 fraud experts in the fall of 2020 to develop a recommended definition of synthetic identity fraud.
With the conclusion of their work in the spring of 2021, the Federal Reserve announced a recommended definition to be used by the payments industry as it relates to synthetic identity fraud.