GS Logo
The Green Sheet, Inc

Please Login

Banner Ad
Skyscraper Ad

Friday, July 22, 2016

Cardless ATMs address EMV, security concerns

W ith deadlines for the next wave of the EMV (Europay, Mastercard and Visa) chip card liability shift set to take effect for ATM network operators on Oct. 1, 2016, for Mastercard branded card ATM transactions, and Oct. 1, 2017, for Visa-branded cards; the race to adapt ATM equipment is on. However, a number of innovative financial industry players are finding ways to navigate beyond EMV's limitations.

In a mid-July 2016 agreement with Payment Alliance International, FIS NYCE Payments Network became the first national payment network to support mobile phone-to-ATM transactions, according to FIS. The partnership connects the FIS Cardless Cash mobile program, which eliminates the need for plastic cards, with PAI's network of 70,000 ATMs located at retailers, gas stations and convenience stores nationwide.

Prior to the collaboration, in early 2015, FIS began rolling out its Cardless Cash program through bank client ATMs by leveraging its preexisting FIS Mobile Banking app. With FIS Cardless Cash, customers can preorder an ATM cash-withdrawal from their mobile banking app for pickup at a nearby ATM. A tokenized, single-use quick response code makes it possible to execute secure ATM transactions, the company said.

"FIS has 36 million mobile banking end-users who are already connected to the brand," said Douglas Brown, Senior Vice President and General Manager of FIS Mobile, noting that the expansion of FIS Cardless Cash through the PAI network was a natural extension for FIS since it gives end users access to cash whenever and wherever they want.

For PAI, this marks the third such partnership in the past year. The company also partnered with Fiserv Inc. to develop CardFree Cash, a revised version of Fiserv's Popmoney mobile cash platform. According to PAI, users receive an encrypted token along with an ATM locator, which allows them to retrieve funds at nearly 5,000 ATMs across the United States.

In October 2015, HalCash North America teamed with PAI to launch Pin4, the first independent U.S. cardless cash network not to require an ATM card or bank account, PAI noted. Initially launched in Chicago, Los Angeles, Miami and New York, Pin4's full nationwide rollout is expected to be complete by the end of 2016. According to HalCash, the Pin4 API enables promotion and remittance companies, financial institutions and other businesses to deliver real-time, mobile, cardless cash to customers.

With Pin4, customers can key in four-digit tokenized codes at ATM locations. "What is even more interesting is they are working with insurance companies and other reward/redemption companies that today issue checks for redemption," said Donna Embry, Chief Payments Advisor at PAI. "Instead of issuing large numbers of checks, these companies can text a single-use token, which customers can use to access funds at a PAI ATM."

Beating ATM fraud

The number of ATMs in the United States compromised by criminals in 2015 was up 546 percent over the previous year, the highest ever recorded by FICO Card Alert Services, which monitors hundreds of thousands of ATMs nationally. According to FICO, nonbank ATMs were most impacted in 2015, and the average duration for ATM compromises dropped from 36 days in 2014 to 14 days in 2015.

While card skimmers and cameras have been popular tools for ATM fraudsters, compromise techniques are advancing. "The skimmers are getting smarter," Brown said. "They're starting to use techniques called inserts, which goes beyond that superficial skimmer that sits outside the machine. The insert is a physical device that is inserted inside the tracks of the machine. These inserts prey on both EMV and non-EMV cards."

And EMV cards that contain mag stripes fuel the problem. "With the phone-based authentication in Cardless Cash, you don’t have that, because we don't even put the card data onto the phone. We don't send your card information from the phone to the machine. The phone speaks to the ATM over a secure cloud path network."

Brown pointed out that another benefit with cardless cash is speed. "Because you can get in and out of an ATM in 11 seconds, there is a lot less physical threat to you," he said. For FIS customers, speedy access to funds is attracting customers. About 10 percent of FIS' early mobile banking adopters with access to Cardless Cash now use it, and that number continues to grow, Brown noted.

According to Embry, cardless ATM technology is highly cost effective. "Nobody has to do anything differently," she said. "It doesn't add to the cost of the machine, there is no hardware or capital cost to change a reader or certify anything, so it won't be onerous for them to have to have this on their machine. It's all upside. We have software available at the manufacturer. At some point, all new ATMs that PAI sells will be enabled with these products automatically."

Both Embry and Brown see endless possibilities for cardless cash moving forward, including person-to-person transactions, preset travel ATM funding so consumers aren't required to carry plastic cards, cross-border transfers and more.


ETA expands focus to underserved sectors
Thursday, July 21, 2016

G rowing adoption of mobile and web-based technologies to deliver services has highlighted the need for worldwide access to digital technologies. This is particularly true in developing countries lacking adequate connectivity and infrastructure. How Fintech is Addressing the Needs of the Underserved, published July 21, 2016 by The Electronic Transactions Association shares solutions designed by member companies to address the needs of underserved populations.

The global trade association’s white paper details how technical advancements can potentially benefit underserved consumers and their communities through a range of “safe, convenient, and rewarding payment solutions and lending alternatives.” The solutions are built around core values of access, affordability, convenience, security and financial literacy.

“ETA and its members support an inclusive financial system that provides high quality, secure, and affordable financial services for the broadest possible set of consumers,” the report authors wrote. “A goal of ETA member companies is to continually enhance the electronic payments and financial ecosystem so that it is accessible for all consumers, while ensuring their transactions can be completed securely, efficiently and ubiquitously.”

Expanded services, solutions menu

The expanding fintech sector, which the ETA white paper defined as “new technologies that expand financial offerings for consumers, lower costs, improve financial management, and increase transaction security,” has used innovative technologies to solve common problems faced by underbanked consumers. Following are cases cited in the report:

Support needed from Capitol Hill

The Washington, D.C.-based ETA is also continuing its important work with legislators to ensure that U.S. government policies will enhance these far-reaching initiatives, improving access to financial services for all Americans. “A key driver to achieving such a system is the development of new technologies that allow the underserved to access FI and fintech company financial products and services,” the report stated. “ETA encourages policymakers to support these goals through policies that support innovation and the use of technology in financial products and services.”

Additional insights from the ETA’s How Fintech is Addressing the Needs of the Underserved will be cited in an upcoming lead article that explores how emerging payment technologies are reshaping traditional methods of selling and implementing merchant services.

Additional insights from the ETA’s How Fintech is Addressing the Needs of the Underserved will be cited in an upcoming lead article that explores how emerging payment technologies are reshaping traditional methods of selling and implementing merchant services.


UK joins global backlash against interchange
Tuesday, July 19, 2016

B ritish consumers filed a class action lawsuit against MasterCard Worldwide July 6, 2016, seeking relief from what they describe as "illegal card charges" that violate terms and conditions of the Consumer Rights Act that became effective in October 2015.

Visa Inc. was excluded from the case, due to legal counsel's contention that Visa has set its rates at a "reasonable level." Grievances highlight growing dissatisfaction with credit card pricing models that led to actions by the European Union and U.S. retailers against payment card brands.

Legal analysts noted that MasterCard may have to pay as much as £19 billion ($24.5 billion) in collective damages if the court rules in favor of the plaintiffs, who represent all British consumers except those who specifically opt out of the class action.

The case, reported to be the largest class action in British history, follows a 2007 ruling by the European Commission that found MasterCard's interchange fees violated competition law between 1992 and 2007. MasterCard subsequently reduced fees in 2008 but challenged the legality of the EC ruling. While the case was finally closed in 2014, the new British claim shows the fight is far from over.

"The prices of everything we all bought from 1992 to 2008 were higher than they should have been as a result of the unlawful conduct of MasterCard," stated Walter Merricks, legal representative of the UK consumer class. "My aim is to get the redress to which UK consumers are entitled and to ensure that MasterCard cannot hold on to the illegal profits it made. This case should send a signal to companies that break competition laws at the expense of UK consumers that they do so at their financial peril."

Merricks, Commander of the Most Excellent Order of the British Empire and a former UK Chief Financial Services Ombudsman who has managed an array of grievances against financial institutions, is working with London-based law firm Quinn Emanuel and Chicago-based Gerchen Keller Capital LLC, to establish a process flow for orderly distribution of funds to millions of UK consumers involved in the settlement.

Consumer Rights Act

Great Britain's far-reaching Consumer Rights Act, enacted in October 2015, replaced the former Sale of Goods, Unfair Terms in Consumer Contracts Regulations and Supply of Goods and Services acts. Designed to protect all facets of consumer rights, the law protects product quality, merchandise returns, digital content rights and delivery rights. In addition, goods should be:

The Act further stipulates that consumers have up to 30 days after purchase to request a full refund. "After 30 days you will not be legally entitled to a full refund if your item develops a fault, although some sellers may offer you an extended refund period," the Act stated.

Aggregated claims

Proceedings against MasterCard, based on the allegations that the card brand's egregious pricing violated the terms of the Consumer Rights Act and harmed UK consumers, are expected to begin in the fourth quarter of 2016. Legal analysts who support the measures have called the landmark case a justified attack against unlawful, anticompetitive conduct that has resulted in untold losses to millions of consumers.

"That harm, likely to be in the hundreds of pounds, is not large enough for any individual consumer to bring their own claim," stated Boris Bronfentrinker, Lead Partner at Quinn Emanuel. "But by aggregating the claims and bringing them on a collective basis, all UK consumers who lost out will get the compensation they are owed."

MasterCard's share price, investor confidence and loyal consumer following will be adversely affected when the full scale of the harm it caused to UK consumers is revealed, Bronfentrinker added. These comments reveal the transparently opportunistic nature of the class action, according to anonymous sources familiar with the lawsuit.

New regime, new precedent-setting case

Great Britain marked a new milestone July 13, 2016, when former Home Secretary Theresa May was sworn in as prime minister. She replaced David Cameron, who resigned after the country voted to leave the European Union. In her initial remarks, Prime Minister May pledged to support "all of our citizens, everyone, whoever we are and wherever we're from." Consumer groups are cautiously optimistic that the new government will honor existing buyer protections, as the country prepares to withdraw from the EU.

Preparations are underway at the Competition Appeal Tribunal, where the case against MasterCard will be presented. Legal proceedings will include a certification hearing, followed by a general hearing that is expected to begin in 2018, barring any settlement offers by MasterCard.


New tools for small, midsize merchants from PCI SSC
Wednesday, July 13, 2016

T he PCI Security Standards Council (PCI SSC) launched a new set of resources July 7, 2016, specifically designed for small business owners. The global forum, based in Wakefield, Mass., best known for establishing the PCI Data Security Standard (PCI DSS), is also responsible for the developing, managing and broadening awareness of PCI DSS and payment data security best practices. To stem the growing tide of cyberattacks against small and midsize merchants, the council formed a Small Merchant Taskforce to identify vulnerabilities in small business payment systems and create targeted solutions to help business owners protect and secure cardholder data.

Some of the PCI DSS guidelines contain complex, technical terms and legalese that can be difficult for small merchants to comprehend. PCI Security Standards Council General Manager Stephen Orfei saw a need for clear guidelines written in accessible language with graphical displays to illustrate key points.

"The market has been in desperate need of easy-to-understand payment security resources for small businesses," he said. "Working with a global, cross-industry taskforce representing merchants, banks, merchant associations, technology and service providers, and other small merchant partners, we're pleased to provide practical guidance to small businesses on how they can start protecting themselves against cybercriminals."

"Most small businesses have never heard of the PCI Data Security Standard, let alone read it," added Troy Leach, PCI SSC Chief Technology Officer. "If they did read it they probably would need a background in both information security and payment processing to best understand the requirements."

Printed, online resources

The newly published Guide to Safe Payments can be found on the PCI SSC website; printed versions are also available. Banks and processors can download, brand and distribute the reference guide to their small business customers. The council has published additional insights, including Focusing on the Fundamentals: Payment Protection Resources for Small Businesses in their PCI Perspectives blog site.

Following are highlights of the small merchant series documentation:

Taskforce co-chair David Matthews, General Counsel of the National Restaurant Association has seen considerable risk of data breaches among small restaurateurs. The new guidelines provide best practices and tools that can help small and midsize restaurants protect against cyberattacks, he said. "We specifically ask those working directly with the small business community to use these resources to educate companies on ways they can improve their security while simplifying their responsibility, so they can focus on other aspects of their business," he added.

A work in progress

The Small Merchant Taskforce plans to continually update and promote the small merchant payment protection resources, especially in the growing ecommerce sector, where additional tools and guidelines are needed, Leach stated. He pointed out that many small merchants rely on financial institutions, processors and third-party vendors for guidance on credit card processing; he urged these partners to include security in the dialog.

Leach also noted that education is a critical first step in protecting small businesses from data breaches. For example, many small merchants don't understand the importance of changing vendor default passwords, or how to change them. "As an industry, if we can help these companies understand their risk, security basics to protect against data theft, and where to go for help, we'll have made a substantial shift in cardholder data security for the entire payments ecosystem," he said.


Denmark's Nets, BOKIS piloting digital wallet
Thursday, July 7, 2016

N ets, a payment service company established in 1968, is innovating in the emerging technology space. The company disclosed Jun. 30, 2016, that its new digital wallet, built on Nets' host card emulation (HCE) and tokenization platform, will be widely deployed by BOKIS, a Danish banking collective. BOKIS, comprising 62 member banks, chose the mobile wallet for security and ease of use, representatives stated.

BOKIS members include small to midsize local banks and five regional banks: Jyske Bank, Sydbank, Spar Nord Bank, Arbejdernes Landsbank and Nykredit Bank. All members plan to roll out the mobile wallet solution to their customers in the near term, according to the association.

"We are excited to be the first in Denmark to announce our plans to deliver bank-issued mobile wallets from our members, providing a mobile payment solution that delivers real payment convenience to our customers," stated Søren Nicolaisen, Managing Director, Danish Regional Bankers Association. "End users will be able to pay just by 'tapping' their phone at the contactless point of sale."

Old World knowledge, New World tech

Nets, headquartered in Ballerup, Denmark, noted that it has been delivering end-to-end payment and banking solutions to a range of vertical industries for four decades, playing an integral role in forming the Nordic region's modern payment infrastructure. It additionally introduced an array of payment products to the region, including Dankort, Betalingsservice, NemID, BankID, Avtalegiro and BankAxept.

"Historically, Nets has developed and operated the financial infrastructure supporting and driving the Nordic banks' payment solutions," said Hans Henrik Hoffmeyer, Senior Vice President of Mobile Services at Nets. "We have made significant investments on behalf of our customers in becoming a token service provider (TSP), which enables Nets to provide the security services that our banking customers need to power their future mobile solutions and new mobile services."

Nets' three business divisions focus on subscription services, financial network processing systems and merchant acceptance solutions. Over the years, solution sets have evolved to serve a diversified clientele of banks, corporations and merchants. Today the Nets' international network facilitates digital payments across the Nordic region, providing an array of card services, account services, and payment solutions.

Modern wallet tech

BOKIS representatives said the open format and easy-to-integrate security capabilities make Nets' mobile wallets appealing. The platform, designed to accommodate enterprise-scale deployments, leverages best-in-class security practices, enabling member banks to incorporate HCE and tokenization into their mobile payment solutions while reducing time-to-market, they added. When Danish consumers use the digital wallet, payment credentials stored in the mobile device will be replaced at the point of transmission with a unique randomly generated identifier to further protect sensitive cardholder data exchanged between phone and terminal.

This payment method is similar to current tap-and-go payment schemes used by mobile wallets and contactless cards. Tokenization is gaining in popularity worldwide, largely due to the implementation of embedded wallets in smartphones. Samsung Pay and Android Pay also use HCE to securely store cardholder data. BOKIS will deploy HCE combined with tokenization with the Nets' mobile wallet, which is currently in pilot tests and set to launch in Denmark during the fourth quarter of 2016.

Cashless journey continues

Nets participated in the Copenhagen Fintech Innovation and Research Get F'IT event in June 2016, joining presenters from CashlessWay and Consult Hyperion, who advocated replacing notes and coin with electronic forms of payments. In his keynote presentation, CashlessWay founder Geronimo Emili noted that Scandinavian countries, unlike his native Italy, have been leading the global movement away from cash.

"Even if you copy the Danish system directly to an Italian context, you will still have the Italian people, and the cultural differences, and you would probably still have a lot of work to do," Emili said. "When it becomes clear to the end-user that paying by card or mobile is easier, safer and perhaps even a better deal than by cash, then you'll be able to convince even the most conservative target groups."


View prior breaking news

Spotlight Innovators:

North American Bancard | Harbortouch | Sage | UMS | USAePay