The Fraud Blog with Tracy Kitten

New Guidance or Not, Bankers Move Forward

Institutions Can't Wait for Guidance to Take Bites Out of Fraud
New Guidance or Not, Bankers Move Forward

Earlier this month, representatives from the five agencies that make up the FFIEC -- the Federal Reserve Board, Federal Deposit Insurance Corp., Office of the Comptroller of the Currency, National Credit Union Administration, and Office of Thrift Supervision -- met to discuss updates to existing online authentication guidance, passed down in 2005.

But some banks and credit unions say they can't wait for guidance; they're already moving forward with investments in new technologies, including end-to-end encryption and EMV, the EuroPay, MasterCard, Visa standard.

Take Jacksonville, Fla.-based JM Associates Federal Credit Union as an example. The $86 million credit union recently signed with First Data Corp.'s STAR Network to start rolling out contactless chip-based debit cards during the second quarter to its 7,100 members. The program JM Associates signed for: CertiFlash, which was announced by STAR in September.

Jim Ryan, JM Associates' president, says his institution can't wait for new guidance. "I think our members are already somewhat accustomed to this technology," Ryan says. "And I think we want to get them prepared to use this technology from an FI perspective, before it comes from competition from non-financial services sources."

Why the rush? Escalating incidents of card fraud, Ryan says. "We've got to move off of the mag-stripe as much and as soon as possible."

Complying with any new authentication requirements is not the focus. "It's not about the requirements," he says. "There are requirements for merchants, but those requirements do not always fully protect the consumers from fraud. FIs have to look at that and make sure there they are protecting consumers, even if it's the merchant's responsibility, because of the cost associated with that fraud. The authentication piece makes sense, obviously, but we have to look ahead of even that."

Contactless payments have been tried before in the U.S. and they weren't unsuccessful. MasterCard PayPass and Visa payWave both failed to gain significant market acceptance. This time, coming from a processing network like STAR, the merchant buy-in preceded the institution buy-in.

"Certiflash offered a backbone," Ryan says. "The merchants are already using this, so we know the cards will be accepted." And the card technology is much more secure. For each transaction, the card's chip encrypts and transmits a card number good for only a single transaction. The transaction also requires a PIN for transactions that exceed $25, so it's not the tap-and-go method first introduced by PayPass and payWave.

Not exposing the card number or allowing the merchant to store the number during or after the transaction will dramatically reduce fraud, Ryan says. "And that makes a huge difference for us as a financial institution."

About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by, ABC News, and MSN Money.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.