In a detailed paper on mobile payments published in the FDIC's winter issueof “Supervisory Insights,” a group of agency executives explore indetail “the unique risks and supervisory issues raised by thistechnology.”

The FDIC's point: amid the loud enthusiasm for thesefast-emerging technologies, there has not been a comparable focuson the security issues the new generation mobile payments toolsraise. The paper – authored by four FDIC executives – aims to address these concerns.

What it finds may be surprising: although the mobile paymentsformats may seem new, in most cases they fall under alreadywell-established regulatory requirements.

For starters, the FDIC acknowledged that the mobile paymentsuniverse is immense and growing. “Consumers spent over $20 billionusing a mobile browser or application during the year [2012],” theagency noted. It also observed that some one-third of mobile phoneusers in 2012 reported using a mobile device to make apurchase.

These numbers are “likely to grow as smartphone ownershipincreases and mobile payments platforms become more widespread,”wrote the FDIC team.

One FDIC prediction: “It is unlikely that any one technologywill become dominant” and so the FDIC envisions continued battlesamongst Near Field Communications (NFC),cloud-based payments schemes, and image-based schemes (barcodereaders).

A key point, per the FDIC: the main mobile payments formatsleverage off requirements that users provide bank accountinformation or a prepaid card and thus “the risks associated withmobile payments should be familiar to financial institutions,”wrote the FDIC executives.

A particular challenge with regard to mobile payments, noted theFDIC, is that most schemes involve non-banks (technology companiesor wireless carriers, for instance) and, importantly, mosttransactions also involve multiple players. Noted the FDIC: “Unlikemost banking products that allow institutions to control much ofthe interaction, mobile payments require the coordinated and secureexchange of payment information among several unrelated entities.”A further complication, said the FDIC, is that many of the keyplayers are “entrepreneurial companies” with little familiaritywith security expectations for financial institutions.

Warned the FDIC: “Financial institutions should be particularlyconscious of the potential and perceived risk of fraud in mobilepayments.”

The FDIC observed that there are no federal laws or regulationsthat govern mobile payments. However, noted the FDIC, most paymentspiggyback on traditional formats (such as ACH or EFT) and “the lawsand regulations that apply to that method also apply to the mobilepayment.”