Home Depot joins chip-and-PIN protest
A tlanta-based Home Depot Inc. filed a lawsuit against Visa Inc. and MasterCard Worldwide Jun. 15, 2016, to challenge chip-and-signature verification, a practice that has largely defined the rollout of smart card technology in the United States. Home Depot is suing the payment card brands for the right to require PIN with every chip card, affirming the practice as a more secure payment method commonly used in 80 other countries that have implemented EMV (Europay, MasterCard and Visa) technology, including the United Kingdom, France and Australia.
The lawsuit claims that Visa and MasterCard have engaged in interchange “price-fixing” and have made PIN entry optional in order to route PIN-less debit card transactions to higher-priced credit card networks. The home improvement retailer is fighting for the right to mandate PIN entry with all chip cards, including debit and credit, to enhance security and have more control and choice over payment card transaction routing.
Smart cards, smarter fraudsters
Payments industry analysts have stated that using signature with chip cards is an expeditious way to help consumers and merchants migrate from magnetic stripe cards to more secure EMV technology; detractors have argued that using chip cards without PIN authentication is both an inefficient use of the technology and an insufficient deterrent to online fraud.
“[EMV] cards offer an extra layer of security beyond the chip itself, by requiring the user to enter a four-digit PIN, thereby ensuring that the individual using the card is the card’s owner,” the Home Depot lawsuit stated. “Signatures can be copied or forged, and cashiers are not handwriting experts trained to identify forged signatures.”
“Most other countries have implemented chip and PIN, which is generally a more secure payment method than magnetic stripe cards,” said Mark Gazit, Chief Executive Officer of ThetaRay, a global data analytics platform and cybersecurity company. “Retailers need to understand that using chip and PIN technology will deter but not completely eliminate fraud.”
More lawsuits expected
Home Depot’s lawsuit was filed a month after a May 10, 2016, civil complaint by Wal-Mart Stores Inc. against Visa, also seeking to mandate PIN with EMV. The court action, covered by The Green Sheet May 13, 2016, reflects growing dissatisfaction with U.S. EMV implementation among retailers.
Both Home Depot and Wal-Mart oppose the use of chip without PIN. The Home Depot deposition declaims the use of chip cards without PIN as “defective and subject to fraud.” The practice has imperiled U.S. consumers by creating a largely insecure payments infrastructure with “the highest rates of payment card fraud in the world” and subjected U.S. business owners “to the highest payment card related fees in the world,” according to the court document.
Wal-Mart cited a 2013 Federal Reserve study that found PIN debit transactions had “the lowest estimated fraud rates by both number and value in 2012.”
Wal-Mart further noted that debit card networks have traditionally been more cost effective because when merchants can choose where to route transactions, payment card networks must compete for their business. Visa’s efforts to make the Interlink network the exclusive PIN debit network for Visa-branded debit cards, and its exclusive signature debit network, have given the card brand an unfair advantage and effective monopoly, Wal-Mart stated.
Merchant advocates expects other retailers that opted out of the 2012 Visa and MasterCard settlement to come forward. Mark Horwedel, CEO of The Merchant Advisory Group, said merchants remain concerned about smart card implementation and the liability shift that became effective Oct. 1, 2015. The trade association represents many leading U.S. retailers, including Home Depot. Horwedel believes the liability shift has caused catastrophic price increases by shifting the cost of fraud from card issuers to merchants. “I think there will be many more lawsuits to come,” he stated.
Barcode technology gets digital makeover
Tuesday, June 21, 2016
F orty-two years after the first barcode was scanned at the POS, GS1 updated its barcode technology standard in an effort to make barcodes more ubiquitous and secure. More than 1 million companies are members of GS1, a global body focused on product traceability throughout the supply chain. Its evolving global standard helps organizations reduce business risk, improve efficiencies and comply with varying regulatory environments, GS1 stated.
The new standard for barcode scanning is based on laser and infrared beaming technology that facilitates barcode scanning at the POS. The technology translates black-and-white areas within a barcode into a series of pulses and pauses, transmitting the information to the scanner at a rate of 1,000 times per second, using a process similar to Morse Code.
“The technology interprets the line length of each bar and blinks the LED at the same rate as the scanner would see if it read the barcode,” said George Garrick, President and Chief Executive Officer at Mobeam Inc. “The scanner doesn’t know if it’s reading a barcode or LED.” Currently, Mobeam is the only provider of the GS1-certified, patented technology.
No additional hardware, software needed
The GS1 standard maintains existing barcode best practices, which include masking numerical identifiers to make it more difficult for barcodes to be duplicated. Barcode beaming technology is invisible to the human eye; fraudsters would need a technology capable of decrypting an infrared beam in order to duplicate a barcode, Garrick stated.
The newly updated GS1 barcode beaming standard includes the following enhancements:
- Common digital identifier: Digital barcodes share the prefix 8112, which notifies the scanner not to expect a paper coupon.
- Protection from fraud, duplication: Connected devices used to beam barcodes will not display the barcode image on their screens.
- No required upgrades: All barcode beaming technology must work with existing hardware and software, eliminating the need for any upgrades to existing POS infrastructures. “All that is needed is to simply add the 8112 category to an existing barcode library,” Garrick said.
- Retailer-agnostic coupons: The newly modified standard enables consumer product goods companies to issue and redeem mobile coupons not associated with a specific retailer's loyalty card. Previously, consumers were only able to use paper retailer coupons at issuing retailers. The new mobile format can be securely redeemed via connected smart phones at a variety of venues.
Bright future ahead for LED barcodes
Garrick noted that barcode beaming technology is compatible with all digital wallets; he anticipates digital barcode adoption to grow in parallel with other emerging payment schemes. Mobeam is compatible with Samsung Pay, making the secure processing of digital coupons at the POS accessible to more than 400 million Samsung smartphone users.
Mobeam revealed that more than 45 million beaming transactions have taken place since the company launched Beep’nGo, a general purpose mobile app that can be used at any barcode-compatible venue. The free app enables its users to securely store digital versions of barcodes within connected devices, the company added.
“Gift cards, coupons and loyalty and membership programs are all based on barcodes,” Garrick said. “It may take years for digital coupons to achieve majority market share, but people generally follow the path of least resistance, and we have seen a steady increase in use.”
Mobeam has seen growing interest in digital barcode technology among retailers, consumer product brands and payment companies that deploy and support mobile manufacturer coupons.
"The successful modification of this GS1 standard is of landmark significance for brands, retailers, mobile device manufacturers, payment app developers and, of course, shoppers everywhere," Garrick said. "Brands and retailers can now greatly expand their marketing capabilities, while more effectively reaching mobile-centric millennials and staying ahead of today's evolving shopper expectations.”
Study warns consumer debt may reach $1 trillion
Tuesday, June 21, 2016
C ould omnichannel shopping be turning consumers into omnivorous spenders? A new study by CardHub published Jun. 8, 2016, highlights rising debt levels in the United States and questions the sustainability of current spending habits.
U.S. consumers repaid $26.8 billion in debt in the first quarter of 2016, the "smallest first-quarter pay-down since 2008 and nearly 25 percent below the post-recession average," the report stated, adding that the pay-down eliminated only 38 percent of the $71 billion in debt accumulated in 2015. The study compared 2016 and 2007 behavior patterns, finding similarities in pay-down percentages and charge-offs during both periods.
"U.S. consumers began a process of deleveraging after 2008; this data shows that trend may be reversing," said Kate Hao, founder and Chief Executive Officer of Happy Mango Inc, a credit scoring and finance management service. "Despite the very low delinquency rates at the moment, lenders or businesses that are exposed to consumer credit risk should start thinking about preparing for the downturn of the credit cycle."
Banks and credit unions need to take a proactive approach to determine if they have the right risk surveillance tools to detect potential spikes in delinquency and make any necessary adjustments to their credit risk appetites, Hao added.
Consumer best practices
CardHub provides free guidance, reviews and information about a variety of credit card products and consumer best practices. CardHub founder and CEO Odysseas Papadimitriou, a former consumer lending and marketing executive, wanted to use his payments industry expertise to help consumers be more informed about financial services and have better control of their credit. The service includes a credit card search tool, help center, credit score estimator, credit card debt center and reviews of top-rated credit cards.
The company's consumer debt report urged consumers to monitor spending and follow these simple guidelines:
- Make a budget (and stick to it): The authors recommended rank ordering expenses such as debt payments, emergency fund contributions, and other savings ‒ and trimming fat wherever possible.
- Build an emergency fund: The goal should be to gradually save about a year's worth of after-tax income through monthly contributions to an emergency account.
- Improve credit score: Improving credit standing will generally reduce the cost of debt and, thus, how quickly you can pay it off. Better credit also makes it easier to find a job or a place to live, the authors wrote.
- Try the island approach: The island approach is a credit card strategy that involves using different cards for different types of transactions, as if they are a chain of distinct yet interrelated islands. "This will enable you to get the best possible collection of terms [and] better perspective on your spending and payment habits," CardHub stated.
- Use the snowball method: The authors recommended strategically paying down balances with the highest interest rates and making the minimum payment required on the rest.
- Evaluate your job situation: In some cases, it may be necessary to evaluate whether higher-paying opportunities exist, the authors noted.
The full report can be found at www.cardhub.com/edu/credit-card-debt-study .
A growing array of technology startups are offering free guidance and personal financial management tools to consumers. Happy Mango helps consumers track expenses, forecast cash flows and set and meet financial goals. Consumers can opt in to the free service to obtain an alternative credit score based on their spending and saving patterns and an assessment of their overall financial health. They also have access to third-party financial products and services designed to improve their long-term financial health.
Hedgeable, a New York-based automated investing platform, enables individual investors to obtain tailored investment portfolios that reflect their personal goals. Additional benefits include a loyalty program and the option to invest in digital currencies. Designed to offer all clients a highly personal wealth management experience, Hedgeable requires no minimum investment and includes a risk management system designed to minimize losses.
"We didn't start Hedgeable because the world needed robots; we started Hedgeable because the carnage of the financial crisis showed that the gap between the haves and the have nots in regards to financial product access was immense," wrote Hedgeable blogger Michael Kane. "Startups have raised billions of dollars in venture capital in all areas of financial services, and the public has been rewarded with fantastic innovation in areas such as digital currency, micro-payments, non-bank lending, and crowdfunding."
The proliferation of emerging payment technologies has facilitated shopping via phones, tablets, desktops and even virtual storefronts, making it easier than ever for consumers to overspend. CardHub, Happy Mango and other consumer advocates have suggested that spending habits and social behaviors will be an integral part of credit scoring in the future, making it even more important for consumers to adopt a disciplined, vigilant approach to saving and spending.
This is important for the payments industry, as well, because all players in the acquiring chain are dependent upon consumers' long-term financial health.
MCX pulls plug on CurrentC
Tuesday, June 14, 2016
F our years after it was founded by a consortium of mega retailers, Merchant Customer Exchange (MCX), revealed that on June 28, 2016, it would end the beta test for its CurrentC quick-response code-based mobile app. CurrentC was conceived as an independent mobile payment system that would be independent of the traditional card rails.
MCX stated that it will refocus its efforts, which many view as a logical shift in direction. "The key here is that they were plagued from the start by bringing competitors together that didn't share or play into each other's self interests," said Richard Crone of Crone Consulting LLC. However, Crone noted that from every angle that he observed as a mystery shopper, the CurrentC pilot was successful – the lone exception being user interface weaknesses early on.
Crone said that while a standalone, branded wallet did not play into the self interests of individual MCX members, developing an open cloud-based common acceptance platform does. "They've used that to cut a deal with Chase Pay, which when it launches, will be a seminal moment in payments because they will have accomplished the goals that every retailer has for payments," Crone said.
He noted that for merchants, the benefit of reduced costs through fixed pricing and an earned quantity discount schedule, the ability to collect data, and improve the customer experience are all very attractive value propositions.
"They go to the merchant; there is no network fee because they're not going through Visa and MasterCard for these transactions, because in 2013, a deal was cut with Visa to use ChaseNet to process those on-us transactions," Crone said. "There will be zero merchant processing fees, and because Chase Pay is more secure – it's cloud-based with multifactor authentication – there will be zero merchant fraud liability as well."
For MCX, the arrangement with JPMorgan Chase could mark the beginning of a long awaited avalanche of participation. Other financial institution and payments entities will likely follow suit. "If you have the single greatest value proposition with the single largest issuer with half of the market, doing anything else but this is a fatal distraction," Crone said about MCX's current focus.
Shift in fundamentals
Crone believes the MCX-Chase Pay model is less about losing interchange and more about gaining new revenue streams from the data, ads, offers and new service possibilities the new platform affords. Instead of depending on overdraft, interchange and other fees for generating an average $150 per account in gross annual revenue, banks could potentially earn up to $300 per year per active mobile wallet using a value-based model that more resembles the revenue models for Facebook and Google Inc.
"It's not about payment," Crone said. "This is about data and having access to the consumer in context to deliver the service because they're not getting a loan; they're buying a car. They're not making a payment; they're shopping. If you can reach them at that point of present, in context of the need, then you can develop a whole new set of services that we haven't dreamed of today that will be possible through mobile devices."
Not only does Chase have clout as a financial institution with an estimated 94 million accountholders, its Chase Paymentech merchant acquiring arm completes the financial services picture in almost monopolistic fashion, something competitors should note, he said.
Another major player to watch is Wal-Mart Stores Inc., which, as a founding member of the MCX, also launched its own mobile app. "Walmart Pay, though it isn't using the MCX API, works and acts exactly like the CurrentC app did," Crone said. "They copied it. That's the biggest form of flattery. This cloud-based approach gives them the most flexibility."
He described a scenario in which a customer with Chase Pay could conceivably walk into a Wal-Mart store with a shopping list, prescriptions, and everything else the customer needs visible and navigable through the Walmart app. But the mega retailer is not content to stop there. Wal-Mart Canada Corp. stated on June 11 that starting on July 18, it would no longer accept Visa card payments in Canadian stores, another bold move to counter hefty card fees.
CFPB to processors: Don't turn blind eye to fraudsters
Friday, June 10, 2016
T he Consumer Financial Protection Bureau recently sent a message to payment processors: keep bad actors from clearing fraudulent transactions through the banking system. On Mon., June 6, 2016, the bureau filed a lawsuit against Intercept Corp., based in Fargo, N.D., accusing the company of enabling clients to withdraw millions of dollars from consumer bank accounts for fraudulent transactions.
The lawsuit, which also names two top executives of the firm, alleges Intercept ignored blatant warning signs of potential fraud or lawbreaking by its clients. The complaint seeks monetary and injunctive relief, as well as monetary penalties.
The CFPB's authority to initiate legal proceedings against payment processors comes from the 2010 Dodd-Frank financial reform legislation, which empowered the CFPB to pursue investigations against companies and individuals engaging in unfair, deceptive or abusive acts and practices, or activities that otherwise violate federal consumer protection laws. The allegations against Intercept and it principal officers were contained in a lawsuit filed in U.S. District Court for the District of North Dakota.
"Intercept and its executives Bryan Smith and Craig Dresser ignored clear signs of brazen fraud, including illegal withdrawals from consumer accounts, and need to clean up their act," said CFPB Director Richard Cordray. "Companies cannot turn a blind eye to wrongdoing when they process payments from consumer banking accounts on behalf of clients who are breaking the law," Cordray added.
According to the complaint, Intercept "performed only perfunctory due diligence regarding the legitimacy and legality of their clients' underlying transactions and have ignored indicia of fraud or illegality revealed through even their minimal due diligence."
Fraudulent ACH payments
Intercept was accessing the automated clearing house (ACH) system through several banking relationships to clear payments for assorted clients, including payday lenders, auto-title lenders, debt collectors and consumer finance companies. Over the years, some of these banks had expressed concerns to Intercept – as well as Smith, founder and President of the company, and Dresser, who is Intercept's Chief Executive Officer.
Many of these complaints were clear indicators of fraud, the CFPB said. They included discrepancies between dates and amounts debited from consumer accounts vis-à-vis what consumers said they authorized, changes in lender names, and missing scripts for transactions authorized by telephone. For example, one bank complained to Intercept that an auto lender it was processing for was debiting varying amounts from consumer accounts without authorization from those consumers, the complaint alleges.
Intercept clients were also running up high return rates – many as high as 20 to 40 percent, or about 20 times the industry average, according to the CFPB complaint. If a bank complained too much, or terminated its relationship with Intercept, the company allegedly would find another bank to process the transactions.
"As a result, Intercept had relationships with eight different [ACH originating banks] between 2008 and 2014, sometimes processing through three different [banks] at a time," the CFPB complaint states.
The CFPB also alleges that Intercept ignored consumer complaints about unauthorized transactions. One bank used by Intercept to originate ACH items claimed that between June and August 2012, it received over 600 calls from consumers complaining about withdrawals Intercept initiated from their personal accounts. Another bank said it logged consumer disputes involving 1,800 ACH transactions initiated by Intercept for its clients between 2011 and 2014.
CFPB stands firm
The company even failed to take action in response to state and federal law enforcement actions against its clients, the CFPB asserted. In 2012, for example, the Federal Trade Commission filed a lawsuit against one of Intercept's clients for illegal collection practices related to payday loans – practices that generated more than 7,500 complaints to law enforcement authorities over the previous five years, according to the CFPB complaint.
This isn't the first action the CFPB has taken against payment processing companies. In 2015, the bureau filed suit against several payment processors working with a telemarketing firm (Global Connect), alleging that they knew or should have known Global was running a robo-call phantom debt collection operation. Phantom debt is debt that consumers do not actually owe, or debt that is not legally payable to those collecting the monies. Global allegedly harassed a significant number of consumers and got them to pay bogus debts with threats of legal action.
"The CFPB contends that by enabling the debt collectors to accept payment by credit and debit card, the payment processors helped to legitimize the collectors' business and facilitated millions of dollars in ill-gotten profits," the bureau stated at the time.
View prior breaking news