FREE ELECTRONIC LIBRARY - Thesis, dissertations, books

Pages:     | 1 |   ...   | 11 | 12 || 14 | 15 |   ...   | 18 |

«July 2012 THE WORLD BANK Acknowledgements The preparation of this paper was led by the Financial Inclusion Practice of the World Bank. Lead author is ...»

-- [ Page 13 ] --

Guideline 3. Effective oversight of retail payment systems by the central bank is crucial to balance cooperation and competition issues.

• An effective payment system oversight is the tool authorities have to address market and coordination failures and achieve an appropriate balance between cooperation and competition in the National Payments System. In particular, the overseer plays the role of a central agent who is best placed to solve the coordination problems that typically plague multi-agent decisional contexts by mobilizing efforts from individual participants, prompting them, to act collectively when circumstances so require, and facilitating the development of private sector institutions equipped to deal with these problems.

• Central banks are the natural overseers on payment systems and should persuade themselves (or be persuaded) to play a central role due to their stake on the confidence in money and functioning of commerce and the economy in general.

• Other authorities might have an important role, as well, due to multiple implications of retail markets (e.g., competition authorities, financial supervisors, Ministries of Finance, etc.). The central bank, as primary oversight authority, should ensure all public policy goals are aligned.

• The scope of the oversight function should extend over the totality of the payment arrangements to ensure that new instruments and players (such as non-bank financial institutions and nonfinancial service providers) be appropriately covered.

• There is a broad range of oversight instruments, ranging from regulations and incentives (including those on access and pricing) to moral suasion and policy dialogue, from antitrust enforcement to structural measures (e.g., government-owned service provision).

Guideline 4. Institutional mechanisms to promote cooperation and information sharing are essential.

• Policy-making is complex due to the institutional fragmentation of relevant policy makers as well as by the different—and sometimes overlapping—scope of their mandates.

• Sometimes authorities have already established cooperative arrangements but normally with a narrow scope that has to be broadened, other times these arrangements are nonexistent and need to be established.

• In particular, it is essential to develop a good cooperative framework between the overseer and the anti-trust agencies that rule against uncompetitive behavior.

Guideline V: Retail payments should be supported by appropriate governance and risk management practices.

Description Good governance arrangements provide incentives for an organization‘s top management to pursue the long-term interests of the organization, such as continued growth, increased coverage, profitability (where applicable), and overall viability.

Payment system operators and other infrastructure services providers should be subject to mechanisms of accountability and independent oversight, including independent audits, to ensure they are pursuing such long-term interests.

All economic activities face a variety of risks, and it is the role of management to determine whether the identified risks should be avoided, accepted, shared or transferred to third parties. Major risks in operating and using payment instruments and

systems include:

 Systemic risks, arising from linkages between various national payments system components and international payment systems.

 Legal risks (e.g. the legal framework not supporting some common practices, or the inadequate or erroneous compliance of the applicable legal and regulatory framework).

 Settlement risks, arising from liquidity or credit risk problems of the participants.

 Business risks, arising from the general operation and administration of the various participants in the retail payment systems.

 Operational risks, issues related to operational reliability of the various participants and infrastructures including issues such as fraud, data theft, or usage of retail payment for unlawful activities like money laundering or financing terrorism related activities.

Management will need to establish internal controls to mitigate the risks it decides to accept.

Risks specific to payment cards Payment card infrastructures are for the most part globalized infrastructures and by far the most fraud-prone but also with the most advanced fraud risk management mechanisms. Counterfeit risk is a significant risk. However, technology to address this risk is available. Typically, payment card transactions involve exchange of the information about the card being used for payment, read from the cards magnetic stripe or physically entered by the payer. This information is static throughout the life of the card. This information can be compromised at the point of transaction, in transit, at any intermediary processing system, at issuers processing system or finally by physically copying card information or extracting card information from the cardholder through social engineering attacks like phishing and vishing. A card prepared using this compromised information is called a counterfeit card. A counterfeit card can be used successfully for completing a transaction if it manages to evade the risk detection

systems at the various levels, for example:

 Physical inspection of the card for verifying presence of standard physical security features like hologram stickers, issuer specific information, name of cardholder etc;

 Fraud detection at acquirer, network operators and issuers, using advanced fraud detection software often based on neural networks; and  Strong authentication mechanisms such as a PIN number or 2-factor authentication for Internet and offline transactions.78 In other cases the risk mitigation mechanism includes using chip in a card to create dynamic data that varies from transaction to transaction, hence making compromised information unusable. Box 8 describes a recent initiative by the payment card industry to create a data security standard for payment cards.

§ Box 10: The Payment Cards Industry Security Standards Council The Payment Card Industry (PCI) Security Standards Council is an open global forum, launched in 2006, that is responsible for the development, management, education, and awareness of the PCI Security Standards, including the Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) requirements—all created to mitigate data breaches and prevent payment cardholder data fraud.

The PCI Security Standards Council operates a number of programs to train, test, and certify organizations and individuals to assess and validate adherence to PCI Security Standards.

The Council's five founding global payment brands—American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc.—have agreed to incorporate the PCI DSS as the technical requirements of each of their data security compliance programs.

Each founding member also recognizes the organizations and individuals certified by the PCI Security Standards Council.

All five payment brands share equally in the Council's governance, have equal input into the PCI Security Standards Council and share responsibility for carrying out the work of the organization.

Other industry stakeholders are encouraged to join the Council as Participating Organizations and review proposed additions or modifications to the standards.

The enforcement of compliance with the PCI DSS and determination of any non-compliance penalties are carried out by the individual payment brands and not by the Council.

§ The information in this Box has been adapted from the information in the website of PCI Security Standards Council: https://www.pcisecuritystandards.org/index.php Identity theft is also a significant risk for payment cards. Data on the cardholder can be extracted and used by either redirecting a replacement card or applying for a fresh card which can then be used to conduct fraudulent transactions.

Risks specific to EFT based products The EFT payment instructions can be delivered using a variety of channels—walk-in to a branch, phone, Internet, ATM, mobile phones, and kiosks. Except in the case of walk-in to a branch, all other channels are non face-to-face and hence are exposed to typical authentication, social engineering, and data security risks.

3D-Secure is an authentication protocol that enables multi-factor authentication for card payments where the acquirer and issuer are not the same institution.

However, since the respective financial institution manages these channels, a range of risk mitigation measures can be deployed. However, where the payer or payee uses Internet, the computing device is generally outside the control of the financial institution, and can be exposed to standard Internet virus, Trojan and bots-based attacks. These attacks could harvest the authentication information used by the payer or payee, and use that to generate fraudulent transactions. These risks to a large extent are mitigated by two-factor authentication, requiring prior registration of beneficiaries (which could require stringent offline verification), fraud detection systems to detect abnormal transaction patterns, and by providing customers with robust transaction alerts.

EFT transactions are also exposed to data entry error, as the transaction initiator has to provide the account details of the beneficiaries and transaction amount. EFT transactions require the initiator to provide account details of the beneficiary—the account number, name, branch, bank name, country etc. Any errors in these could result in the transaction being misdirected. These risks are mitigated by: requiring prior registration of beneficiaries to reduce the potential of errors; reducing the number of data entries required by providing data for bank names, routing codes etc., as standard dropdown lists; educating the transaction initiators to exercise caution, and requiring confirmations before executing the transaction; providing a cool-off period allowing the initiating institution to retract the transaction; and, finally by using robust fraud detection and transaction alert systems.

Risks specific to innovative payment schemes Innovative payment mechanisms are basically exposed to many of the same risks as payment cards and EFT-based traditional products, and probably have heightened exposure to money laundering and terrorist financing risks. For example, the Financial Action Task Force (FATF) in its recent report identifies anonymity, high negotiability, and utility of funds as well as global access to cash as some of the major factors that can add to the attractiveness of innovative payment schemes for money launderers. 79 Anonymity can be reached either ―directly‖ by making use of truly anonymous products (i.e., without any customer identification) or ―indirectly‖ by abusing personalized products (i.e., circumvention of verification measures by using fake or stolen identities, or using straw men or nominees).

Additionally, as many of the innovative mechanisms are operated by non-banking entities, their supervision might not be as rigorous. Moreover, these schemes might not have other protection measures like deposit insurance or the operator being able to access short-term funding to mitigate settlement risks. Figure 6, compiled based on the responses to the Global Payment Systems Survey 2010 (see that survey‘s annex on retail payments innovations), captures the percentage of innovative products/product groups that were reported to have full protection of consumer funds.

–  –  –

Figure 6: Protection of Customer Funds in Innovative Payment Products Source: GPSS 2010 Possible Actions Ensure that infrastructure operators and payment service providers have appropriate governance structures and mechanisms. These mechanisms should provide for proper accountability of management and, where applicable, of board members, and should include independent audits or reviews. Moreover, governance arrangements should ensure appropriate identification and management of risks, through a system of sound internal controls and risk management mechanisms.

In consultation with the industry players, the central bank can develop guidelines with respect to risk management covering key areas: These may include data security and privacy standards, authentication standards, settlement risk, incident reporting, protection of IT and networking systems, data back-up, retention and business continuity procedures, disaster recovery planning, and anti-money laundering - combating the financing of terrorism AML/CFT procedures.80 Requiring the industry players to demonstrate compliance through an independent assessment can enforce compliance with these standards and guidelines.

Fraud prevention is an area where collaboration amongst all the industry players is particularly important: The central bank and industry players can jointly create mechanisms to exchange information about fraudulent incidents and best practices, and also develop common repository of previous incidents to serve as a reference against which all future transactions or new applications can be cross-referenced to aid decisionmaking.

There are well developed international standards for most of these aspects, especially for the data security, IT security, and authentication areas.

Guideline VI: Public authorities should exercise effective oversight over the retail payments market and consider direct interventions where appropriate.

Description In general terms, the payment system oversight function aims to ensure that the

infrastructure and the market for payment services:

 Work smoothly, efficiently, and fairly to all participants and users;

 Pursue the level of technological and institutional development necessary to satisfy the payment needs of a growing and open economy; and  Minimize the risk of transmitting shocks across the economy.

As discussed throughout this document, some of the key foundations for exercising oversight over retail payment systems include the existence of market failures (e.g.

externalities, information asymmetries, and non-contestable markets, among others), coordination failures among stakeholders, and the existence of dominant positions due to, among other reasons, the ―natural monopoly‖ feature of the infrastructures supporting retail payment services.

Pages:     | 1 |   ...   | 11 | 12 || 14 | 15 |   ...   | 18 |

Similar works:

«Andrews University Seminary Studies, Summer 1991, Vol. 29, No. 2, 117-126 Copyright @ 1991 by Andrews University Press. JESUS, THE SON OF DAVID TERENCE Y. MULLINS Philadelphia, PA 19129 In 2 Sam 5:410 David's conquest of Jerusalem and his making it the city of David are described. The great taunt which his enemies, the Jebusites, the natives of the land, hurled at him was, You will not come in here, but the blind and the lame will ward you off (5:6). David conquered the city (v. 7), after which...»

«Mediterranean Journal of Social Sciences ISSN 2039-2117 (online) Vol 6 No 6 S3 ISSN 2039-9340 (print) November 2015 MCSER Publishing, Rome-Italy Education as Market Product: Identification Problems Kateryna V. Astakhova1 Victor V. Astakhov2 Sergey S. Shestopal1 1Vladivostok State University of Economics and Service Kharkiv University of Humanities People's Ukrainian Academy Doi:10.5901/mjss.2015.v6n6s3p211 Abstract The analysis of the activity of the education market is carried out in the...»

«Computer Science Honours School of Computer Science Important Degree Information: B.Sc./M.A. Honours The general requirements are 480 credits over a period of normally 4 years (and not more than 5 years) or part-time equivalent; the final two years being an approved honours programme of 240 credits, of which 90 credits are at 4000 level and at least a further 120 credits at 3000 and/or 4000 (H) levels. Refer to the appropriate Faculty regulations for lists of subjects recognised as qualifying...»

«11/10/2015 Literary Reference Center ­ powered by EBSCOhost Record: 1 Title: The Masque of the Red Death Source: Masterplots II: Short Story Series, Revised Edition; January 2004, p1­3 Article Author: May, Charles E.; Includes bibliography Document Type: Work Analysis Biographical Information: Poe, Edgar Allan Gender: Male National Identity: United States Language: English Publication Information: Salem Press Abstract:...»

«Mittwoch, 18. März // Wednesday, 18 March 9.30 Anmeldung // Registration 10.00 Begrüßung // Opening Barbara Pichler, Festivalleitung Diagonale // Festival Director Diagonale Tagungsüberblick // Program overview Ursula Wolschlager, Diagonale-Branchentreffen 2015 10.15 Impulse The Future is now Films that are being devolped now, will be distributed in 2020. Film financing expert Linda Beath provides an overview of changes experienced by the industry due to the growth of internet distribution....»

«On February 4th 2013 Neil Gaiman embarked on a fantastic art project in partnership with BlackBerry and millions of his fans. He tweeted twelve questions to the world, one for each month of the year. From the tens of thousands of responses he received, Neil picked his favourite answers and wrote twelve short stories inspired by them. Releasing these back to the world, Neil asked people to contribute art to illustrate the stories. Whap! “Is it always like this?” The kid seemed disoriented....»

«ED.06/RSC II.ENA/1 UNESCO Forum Occasional Paper Series Paper No. 6 Diversification of Higher Education and the Changing Role of Knowledge and Research Papers presented at the Second Scientific Committee Meeting for Europe and North America Papers produced for the UNESCO Forum Regional Scientific Committee For Europe and North America Paris, March 2004 (ED-2006/WS/44) TABLE OF CONTENT 1. Changing Structures of the Higher Education Systems: The Increasing Complexity of Underlying Forces, by...»

«Kansas Department of Transportation Bridge Construction Manual 3.0 TEMPORARY DETOUR BRIDGES Table of Contents 3.1 General 3.2 STORAGE SITES: 3.3 BID ITEMS: 3.4 INDEX OF PLAN SHEETS with H-Pile: 3.5 INVENTORY SHEET FOR DETOUR BRIDGES WITH H-PILE: 3.5.1 COLUMN HEADINGS: 3.5.2 LINE ITEMS: Version 1/07 KDOT Bridge Section 3.0 Temporary Detour Bridges i Kansas Department of Transportation Bridge Construction Manual Disclaimer: This website and documents are provided for use by persons outside of the...»

«C&SPapersSeries 12/P PROCEEDINGS International Conference held in Stockholm, Sweden, 7–11 May 2001 Organized by the International Atomic Energy Agency in co-operation with the World Customs Organization, the International Criminal Police Organization — Interpol and the European Police Office, and hosted by the Swedish Nuclear Power Inspectorate Measures to Prevent, Intercept and Respond to Illicit Uses of Nuclear Material and Radioactive Sources INTERNATIONAL ATOMIC ENERGY AGENCY The...»

«Chapel Library • 2603 West Wright St. • Pensacola, Florida 32505 USA Sending Christ-centered materials from prior centuries worldwide Worldwide: please use the online downloads worldwide without charge. In North America: please write for a printed copy sent postage paid and completely without charge. Chapel Library does not necessarily agree with all the doctrinal positions of the authors it publishes. We do not ask for donations, send promotional mailings, or share mailing lists. ©...»

«The Comprehension Hypothesis and its Rivals Stephen Krashen In: Selected Papers from the Eleventh International Symposium on English Teaching/Fourth Pan-Asian Conference (in press). Taipei: Crane Publishing Company The main rivals to the input or comprehension hypothesis are the skill-building and comprehensible output hypotheses. Studies claiming to show that the skill-building hypothesis is correct consist of studies of the impact of grammar instruction and error correction. These studies...»

«Guidance for Cross Compliance in England: Management of Habitats and Landscape Features 2011 edition Other existing publications on cross compliance Publication no. Title The Guide to Cross Compliance in England 2011 edition rpa157 Cross Compliance Guidance for Soil Management 2010 edition PB13315 Cross Compliance Soil Protection Review 2010 PB13311 To order more copies of these publications, contact: Rural Payments Agency PO Box 300 Sheffield S95 1AA Telephone: 0845 603 7777 E-mail:...»

<<  HOME   |    CONTACTS
2016 www.dis.xlibx.info - Thesis, dissertations, books

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.