Identities at Risk –Online Bankers and Brands

May 7, 2015
/   Spotlight

*Disclosure: Banking.com is powered by Digital Insight Security has long been, and continues to be, a hot topic in the financial services industry. From new tech developments to hackers, security is top of mind...

Fast Facts: Student Loans

January 22, 2013
/   Insights

The Financial Services Roundtable recently released another iteration of its Fast Facts, reliable, bullet-point research about issues facing the financial services industry. Topics span TARP, Dodd-Frank, insurance, lending, retirement savings and more.  Below are some updated Fast...

Cause and Effect: If you build it, will they come?

July 23, 2014
/   Spotlight

Many financial institutions assume that digital banking is lucrative because the most valuable customers happen to bank online. While there is certainly a correlation between online bankers and higher profitability, quantitative evidence suggests that...

Intuit 2020 Report: The Future of Financial Services

April 11, 2011
/   Insights

Today, Intuit released the latest edition of the Intuit 2020 report, Intuit 2020 Report: The Future of Financial Services, which identifies and examines four key trend areas that will  transform the financial services industry...

The Top 10 Trends in the Digital Banking Industry

December 18, 2013
/   Spotlight

2014 is rapidly approaching and as the year wraps, the Digital Insight team has pulled together the top 10 trends in the digital banking industry based on data and trends from studying financial institutions....

Small Business: Perception vs. Reality

November 21, 2012
/   Insights

In the most recent election cycle, like most others before it, the one sector of the economy that got the most attention was small business.  This is the future, we were told by every...

Making Banking Fun: Gamification in Financial Services

August 5, 2013
/   Insights

Recently, the Banking.com team sat in on American Banker’s webinar, “Gamification in Financial Services: Five Proven Ways to Get an Edge,” which shared how leading brands in financial services have applied gamification to reach...

Technology M&As: The Beats Go On

May 29, 2014
/   Insights

The ongoing fascination with Apple’s $3 billion purchase of Beats Electronics is entirely understandable, because it’s a cool story. However, it also says a lot about what’s going on between finance and tech.

What We’re Reading

May 5, 2011
/   Spotlight

Below are interesting stories the Banking.com staff has been reading over the past week. What have you been reading? Let us know in the comments section below. Virtual Banking Worlds Provide Tangible Lessons American...

Financial Literacy Month: How are you celebrating?

March 22, 2013
/   Insights

With April approaching, it’s almost time to kick off Financial Literacy Month! Strongly supported by the United States Congress and the Financial Literacy and Education Commission, Financial Literacy Month aims to promote the importance...

Big changes are happening in the credit card processing industry that will impact every business accepting credit card payments. As a financial institution, your small business customers will likely look to you for answers around these changes. It’s crucial you are prepared to answer:

  •         What are EMV Chip/Smart Cards and why should I care?
  •         How will my business be impacted by EMV?
  •         When will my business need to be ready for EMV?

Not sure how to address these questions? Let’s take a deep dive into what you need to know to help educate your small business customers.

What is EMV?

EMV stands for Europay, MasterCard and Visa. It is a payment specification that defines how chip-based credit cards (smart cards) will interface with new credit card terminals and Point-of-Sale (POS) systems at Card-Present (brick and mortar) businesses. Ideally, once EMV is fully deployed, credit cards will no longer be “swiped”. EMV is intended to replace the magnetic stripe with a more secure chip-based technology. EMV credit cards will be inserted (often referred to as “dipped”) or waived over a terminal (contactless interface using Near Field Communication) at which time the chips built into the cards will interact with the terminal to authenticate a transaction and verify the cardholder. The cardholder will be required to enter a unique PIN number or provide signature. The specific procedure will vary by credit card issuer and the terminal will prompt for the required customer authentication. After the EMV authentication and verification, the credit card sale will be handled much like it is today. PIN authentication is the most effective approach to maximize fraud protection, however, the authentication method is up to the credit card issuing bank.

Business Impacts: Card-Present Businesses

The primary goal of EMV is to reduce fraudulent payments resulting from counterfeit and lost or stolen credit cards at Card-Present businesses. This in turn will reduce chargeback disputes that lead to lost revenue for businesses, processors and credit card issuers alike. However, fraud prevention comes at a price. According to Javelin Strategy & Research, the EMV rollout price tag will top $8 Billion in the U.S. alone. The cost to Card-Present businesses will be driven by investment in new credit card terminals and POS readers compatible with the new chip-based smart cards with EMV-compatible terminals and readers ranging from $150 to several hundreds of dollars per unit.

With the potential for significant investment needed to support EMV, many businesses are asking why they should outlay their capital for new EMV-ready equipment. EMV technology will help reduce fraudulent payments, ultimately saving businesses lost revenue and decreasing the time spent fighting chargeback disputes. There is also the consideration of the “liability shift” – as EMV is rolled out in October of this year, any Card-Present business not ready to accept EMV smart cards will assume 100 percent of the liability for counterfeit fraudulent payments, meaning your business will lose charge backs tagged as fraud due to counterfeit credit cards if the card counterfeited was an EMV card. The specifics of the liability shift can be confusing, however, it is clear a business’ liability will increase if they do not support EMV. EMV has been implemented in other countries, resulting in significant reduction in fraud for those businesses that adopted EMV capability. However, for card-present businesses that choose not to support EMV, the incident rate for fraud increased. Finally, the customer’s perception should be taken into account. As smart cards become more prevalent, customers will become more accustomed to dipping vs. swiping their credit card. Businesses without EMV supporting equipment may notice customers raising concerns regarding the risk of using their credit cards in non-compliant terminals and POS readers.

To be safe, Card-Present businesses should comply and support EMV. Generally, the risks associated with not supporting EMV outweigh the costs to purchase compliant equipment. Ultimately, businesses are not mandated to comply. The magnetic strips will continue to be available on issued cards for some time to come and each business will need to determine their course of action based on their specific needs.

Business Impacts: Card-NOT-Present and E-Commerce Businesses

Terminals, virtual terminals and gateways currently being used by Card-Not-Present (CNP) and eCommerce businesses will continue to work in the new EMV world and credit card payments will be taken in the same way they are today. However, with the new rollout, fraud is expected to increase significantly for CNP and eCommerce businesses. Both Europe and Canada realized a significant increase in fraud activity at CNP and eCommerce businesses as EMV was implemented. In fact, according to the Aite Group, Canada realized a 133 percent increase in CNP fraudulent payments as EMV was introduced in 2008.

Even with past reports of fraud, CNP and eCommerce businesses are not helpless – there are actions that can be taken now to prepare for this forecasted increase in fraudulent activity, like utilizing code validation and address verification. Beyond these measures, it will be even more critical to know your customers on a personal level. eCommerce businesses should require customer registration and assign user IDs and passwords to track users and monitor those who commit fraud or submit charge back disputes. In some cases, software providers may require upgrades to leverage more secure encryption and tokenization methods. For added fraud avoidance, 3D Secure or fraud scoring systems may be implemented. 3D Secure systems, namely Verified by Visa, MasterCard SecureCode and American Express SafeKey, have been around since 2001. These technologies require cardholders to register their credit card and the supporting eCommerce website will authenticate the transaction with 3D Secure at checkout to ensure the purchaser is in fact the cardholder. One downfall of this solution is that cardholders must proactively register their credit cards. In contrast, fraud scoring systems determine the risk level by rating each sale using technologies that track IP origin and proxy detection, as well as mine social media and customer history. These robust tools can aid companies in identifying and avoiding high-risk sales that may turn into chargebacks due to fraud.

Increased diligence will be needed by businesses accepting CNP and eCommerce payments.   Businesses should question all unusual sales. Examples of questionable sales may include:

  •         International orders that are rare for your business
  •         High dollar orders by a new customer
  •         Large number of a particular product in a single order
  •         Many separate orders made by the same credit card number
  •         Customers who request to use their own freight shipping companies

Timeline for EMV

The card associations set a date of October 2015 for EMV compliance by Card-Present businesses. Other POS systems, like automated fuel dispensers used at gas stations, have until 2017 to support EMV and many card issuers are currently in the process of distributing smart cards to their cardholders. While Card-Present businesses are expected to be ready to support smart cards in October, many cardholders will still carry magnetic strip only credit cards and will find many EMV equipment terminals to be equipped to accept both types of cards, prompting the user for the expected method of authentication. With that being said, many industry research groups project complete EMV readiness will not happen until after 2018. Until then, customers and store employees will need to understand the procedures for handling both card types for years to come.

The time to prepare for smart card acceptance is now. Working with a trusted advisor, businesses should begin to assess what is needed to upgrade terminals and POS card readers. Outlining a plan to manage the replacement of old equipment with new EMV compatible equipment can help ease the financial impact. However, businesses should be cautious of deceitful sales groups who are leveraging EMV as a means to scare businesses into making unnecessary changes and costly purchases of equipment.

Patrick O’Boyle is a founding Partner of MSP Consulting. Patrick has more than 20 years experience advising businesses in areas of technology-enablement, payment services and customer service and support.

(389)

Insights

Banking.com’s perspective on industry news and trends

(266)

Spotlight

Must-read news and insights from financial industry leaders

(114)

Voices

Compelling voices and contributed content from around the web

James W. Gabberty

Gabberty is a professor of information systems at Pace University in New York City. An alumnus of the Massachusetts Institute of Technology and New York University Polytechnic Institute, he has served as an expert witness in telecommunication and information security at the federal and state levels and holds numerous certifications from SANS & ISACA.

Brad Strothkamp

http://www.forrester.com/rb/analyst/brad_strothkamp

Marisa Mann

Marisa Mann brings over 15 years of experience in consulting and financial services industries to the Solstice team, working on large scale enterprise initiatives across many technologies, including specializing in the digital space – Internet and mobile. Mann is passionate about mobile and the endless possibilities for the enterprise, delivering business value through strong brand recognition and driving to excellence in the consumer experience. Prior to Solstice, Mann worked at JP Morgan Chase, Diamond Management and Technology Consultants, Washington Mutual, Inc, and Accenture.

Zachary Ehrlich

25-year-old writer, and as a native San Franciscan, I am unreasonably loyal to Bank of America, if only for their superhero-like origin story, involving the 1906 earthquake and Italian fruit vendors.