Contrary to expectations, the Federal Reserve Board's draft report on debit interchange did not resolve the debate on the cost of fraud in card payments.
Many in the industry predicted that the report would say how much of the cost of interchange banks could justify as necessary in the fight against fraud. Even though the Fed proposed an interchange rate, it made clear that fraud has not been fully addressed in its proposal.
In the report, released Dec. 16, the Fed set two categories that would give bankers room to adjust the interchange they charge for fraud. The first would be for deploying specific forms of security technology. The second, a more vague allowance, would let banks recover costs related to fraud prevention and debit cards. Here, the Fed referred to a "more general standard," such as taking steps "reasonably necessary to maintain an effective fraud-prevention program but not prescribe specific technologies that must be employed as part of the program."
Buried in the draft report is a fairly in-depth account of what the Fed says it thinks are the true costs of fraud. For example, it says that issuers "reported that total signature and PIN debit card fraud losses to all parties averaged 13.1 and 3.5 basis points, respectively." The report goes on to say that issuers and merchants bore 55% and 45% of signature debit fraud losses, respectively.
However, in a board of governors meeting held Dec. 16, the governors acknowledged that they would not have a final ruling on fraud costs until after the comment period, and most likely they would have to rule separately on fraud, after the final rule on debit interchange is issued in April.
The Fed set a safe harbor floor on interchange of 7 cents per transaction; the total amount of interchange could rise to as high as 12 cents when accounting for various costs related to running the payments network.
Tien-tsin Huang, JPMorgan Chase & Co.'s senior analyst covering the computer services and information technology consulting industry, suggested in a Dec. 17 research note that an allowance could be made for fraud. In an e-mail, Huang said that allowance could be 1.8 cents.
Banks were hesitant to weigh in just yet.
"We realize, and [the Fed] realize[s], how important debit cards are to our customers and to the nation as a whole," said Alanson Van Fleet, a spokesman for Wells Fargo & Co. of San Francisco. "We are reviewing the draft comment carefully and we will be responding to the Fed in the 60-day period they mentioned, but we feel it is premature for us to speculate beyond that point."
Industry observers said they thought the draft report indicated the cost for merchants would go up, because they would be the ones who have to install new point of sale terminals and card readers to add technology such as those specified in the Fed report: end-to-end encryption, tokenization, chip and PIN acceptance and dynamic data.
"The regulations would put a significant burden on merchants, either to make the terminal upgrades required under the first alternative, or in the form of additional interchange fees," said Aaron McPherson, a research manager for payments at the Framingham, Mass., research firm IDC Financial Insights.
He said the boon will most certainly go to security technology vendors.
What the Fed has done, McPherson said, is attempt to identify some of the most important fraud-prevention technologies. But while he said he thought that was important to try to do, the effort fell short.
"There are some holes in this that need filling like: What are the technologies?," and how much of the cost could be put into interchange?, McPherson said.
While it might be problematic for the Fed to specify a list of approved technologies, it could be a way to jump-start more secure fraud-prevention technologies, such as EMV Integrated Circuit Card Specifications, or chip and PIN, which are not widely deployed in the U.S.
But that "puts the Fed in the position of kingmaker, which it prefers to avoid," McPherson said.
Julie Conroy McNelley, senior risk and fraud analyst for Aite Group in Boston, disagreed about who would bear the cost of putting in new security systems.
"The only ones who win will be merchants, and this will shift the entire burden of operating the infrastructure to the banks," McNelley said. "Banks will pass this on to the consumers, and they will be the biggest losers."
The Fed is "bringing transparency to the issue, and that is really needed," said Avivah Litan, a vice president and distinguished analyst at the Stamford, Conn., research company Gartner Inc.
Interchange "has long been a monopoly but it was never recognized as such."
Litan said that the fraud cost for merchants has always been a mystery, though many believe that retailers bear most of the cost today.
The American Bankers Association said it is concerned that the impact of a cap on interchange could limit the ability of banks to combat fraud.
"It is very important the Fed get this right," said Ken Clayton, the ABA's senior vice president of card policy. "It is important to the banks and to consumers and for confidence in the overall system."
Clayton said that small community banks, though exempted by a $10 billion asset rule from the cap on interchange pricing, would be even more adversely affected because they already have less technology at their disposal than bigger banks do to fight fraud, and their reputational risk is greater.
Some analysts said they saw issues in the lack of standardization around technology used to fight debit card fraud, and they said that could ultimately impact earnings.
"There's a great difference between one issuer and another within the areas of 'fraud prevention,' " said James Van Dyke, the founder and principal researcher of Javelin Strategy and Research in Pleasanton, Calif.
He said that if interchange were reset today based on the vague yardstick for fraud proposed, "the profits of one issuer versus another would vary widely."