WASHINGTON The payment system is unexpectedly the center of attention in the financial services policy world after spending years being overshadowed by the financial crisis and other pressing issues.
Massive data breaches, the rise of digital currency and a push to improve efficiency have helped focus the interests of lawmakers and regulators, who have raised fears that the system is antiquated and vulnerable to attack.
"Payment systems have long been an esoteric topic and now it's something with great public interest," said L. Cary Whaley, vice president of payments and technology policy for the Independent Community Bankers of America. "People in coffee shops will ask me questions about payment systems."
The data breach at Target over the holiday season helped amplify the debate, spurring Congress to hold multiple hearings last week dedicated to why it happened and how other such intrusions can be prevented.
But cybersecurity is just one facet of the concern over how regulations should track the rapid advance of payments technology. There is also growing attention paid to virtual currencies and mobile payments, issues surrounding nonbanks' access to payments channels and a push by the Federal Reserve to improve the speed of electronic payments.
"There really is a confluence of different events pointing to the payment system," said Douglas Kantor, an attorney who serves as counsel for the Merchants Payments Coalition. "The data security issue is just one strand of this. It has become prominent because of the high-profile nature of a couple of these breaches. But timing of the discussion about virtual currency, for example, has been driven by its own set of dynamics."
Protecting payment information was discussed at four congressional hearings last week, with testimony focusing in part on transitioning cards to chip-and-PIN security and the tussle between banks and retailers over which industry is more to blame for the breaches. But observers note that the recent interest in the payments system among multiple branches of government, due largely to advances in technology, predated the breaches.
"Payments are the topic of the day," said Jason Oxman, chief executive officer of the Electronic Transactions Association, a Washington D.C.-based trade group that represents card acquirers.
Oxman said that while "the notion of paying electronically for goods and services" is nothing new, "what we're seeing is a great deal of innovation in the means by which consumers and merchants access the payments networks.
"That level of innovation and that change is really why policymakers are expressing a great deal of interest," he said. "The plastic card with the magnetic stripe on the back has been around for four decades. But as you add in new means of accessing the networks whether it's mobile or online payments or other means of initiating a payments transaction and as you add in more sophisticated criminal behavior whether it's retailer breaches or other cyber-security concerns, you raise not necessarily new issues but questions as to whether legacy policy regimes need to be updated in the face of new technology."
So-called "disruptors" in the industry include certain mobile and online services growing in popularity such as Dwolla and Square. Bitcoin and other virtual currencies raise other concerns, given one of their primary appeals is their ability to move money at nearly no cost almost instantaneously.
But the regulatory framework for mobile financial services is somewhat hazy, while mainstream acceptance of virtual currencies has been hindered by well-publicized arrests of Bitcoin users on charges including money laundering.
Meanwhile, a continued rise in online merchants seeking banking partnerships in order to access the nation's traditional payments networks has also sparked concerns from regulators. The Federal Deposit Insurance Corp. has warned institutions about facilitating transactions without doing due diligence about the third-party processor and merchant behind the payment, and the Department of Justice has probed banks with ties to online payday lenders in an investigation known as "Operation Choke Point."
"There is a need to look holistically at all the entrants into the payment system to gain a better understanding of the risks and determine the right regulatory structure for these various players in the system," said John Ryan, president and chief executive officer of the Washington-based Conference of State Bank Supervisors. "There is room for improvement and innovation [in the payments system] and it's needed. But it can't be at the expense of the stability of the system."
But the emergence of new technologies and risks in the payments world offers no easy solutions for policymakers trying to gauge the appropriate regulatory response.
Oxman said continued innovation may justify streamlining an array of disjointed regulatory systems into a more unified framework.
"There are a lot of different regimes. At some point, would it make sense to look at some kind of unification?" he said. "If we continue down the path that we're on, where the payments industry is much broader and there are more players and we're looking to ensure that laws and regulations don't deter innovation, that may be something that we have to look at."
Others said policymakers should not jump too quickly to reform regulations for a changing payments space.
"Federal policy is never going to be faster than market innovation," said Sarah Jane Hughes, who is University Scholar and Fellow in Commercial Law at Indiana University's Maurer School of Law. "I don't know why we should recreate the wheel, which I'm not persuaded is broken, just because there's a new kid on the block. Changes in the way that payment systems are regulated should proceed very cautiously because of the degree of expense that is involved with changing anything that that many people have to work with."
Some officials are separately focused on ensuring that the nation's traditional payments system run through regulated banks keeps pace with technology. The Federal Reserve banks sought to begin a dialogue about improving the payments system in a white paper released last fall. While not issuing new prescriptive rules for upgrading the system, the Fed banks, which are currently reviewing comments on the paper, said "desired outcomes" within 10 years include "ubiquitous" methods for sending electronic payments in near real time.
Whaley said although the recent data breaches "increase focus" on payment-related issues, "we would still be having the conversation if the breaches had not occurred.
"Even a couple of months before the breaches the Fed had issued their paper on payment system improvements," Whaley said. "While security was a recommendation in that paper, the real focus was efficiency and ubiquity. Security is part of the issue but it's not the entire issue."
Kantor said the paper is somewhat of a departure "from the way the Fed usually operates."
"They're really trying to think far ahead as to what payments should look like," he said. "That brings together a lot of these issues. The Fed is saying, 'We're potentially at a new place and shouldn't the United States be at the forefront of that.'"
Still, the spotlight now is shining brightest on improving data security, which is turning into a fight between banks and retailers over which industry is in need of greater improvements to protect consumers' credit card data. The battle is quickly resembling how the two industries squared off over provisions that ended up in the Dodd-Frank law capping interchange fees on debit cards. In the newer dispute, retailers have focused on lagging security features in U.S.-issued cards, compared with those in Europe, and called for quick adoption of "Chip and PIN" technology. Banks, meanwhile, have suggested other strategies for improving security while emphasizing steps retailers should take to safeguard customer information.
"There are side stories and subtiers to all of this," such as Bitcoin, "but the focus in the media and Congress is because of the data breaches," said B. Dan Berger, president and chief executive of the National Association of Federal Credit Unions. "It's affecting tens of millions of consumers' personal data. That is the reason it has everyone's attention at this point."
But some observers say the data security debate could help set in motion a more comprehensive look at federal payments policy.
Jonathan Cedarbaum, a partner at WilmerHale and former head of the Department of Justice's Office of Legal Counsel, said the data breaches may spur not only needed legislation to improve data security, "but also a broader conversation about the payment system, one that will and should look beyond data security to other issues."