OCC favors bank status for fintechs
T he U.S. Office of the Comptroller may soon be granting bank charters to fintech firms. Comptroller of the Currency Thomas J. Curry shared plans for a far-reaching initiative Dec. 2, 2016, when the OCC released a paper titled Exploring Special Purpose National Bank Charters for FinTech Companies. In the paper's preface, Curry reflected on the banking industry's resilience and adaptability, noting that banks themselves were once considered revolutionary.
"More than 150 years later, we have a diversified and evolving financial services industry," he wrote. "New technology makes financial products and services more accessible, easier to use, and much more tailored to individual consumer needs."
Curry additionally shared how much consumer behavior and demographics have changed in recent years. For example, 85 million millennials use technology-driven nonbank companies that offer products and services formerly limited to traditional banks, he stated. Some of these fintech companies are now exploring whether to become banks.
"Should a nonbank company that offers banking-related products have a path to become a bank?" Curry wrote. For Maria T. Vullo, Superintendent of the New York Department of Financial Services, the answer is no. Vullo issued a statement opposing the charter and warning of its potential harm to consumers. "New York will not allow consumer protections to fall into the void," she said.
Fintech firms that support the initiative are confident federal and state regulatory agencies would collaborate with transitioning fintech firms to ensure compliance with fair lending practices. And any fintech aspiring to become a financial institution would be subject to intensive review and a steep set of requirements, payments analysts noted.
Fintech firms applying for a bank charter would need to meet exacting standards, according to the OCC's paper. In addition to having an appropriate corporate structure, the applicants would be required to prove they engage solely in bank-permissible activities, such as payment or lending activities, and adhere to regulatory requirements set forth by the Consumer Financial Protection Bureau, Bank Secrecy Act and anti-money laundering statutes.
Comptroller Curry added that the OCC would closely supervise the newly chartered firms to ensure they have implemented the following:
- A sound, financially inclusive business plan
- A governance structure to manage banking activities
- Risk management procedures
- Compliance procedures
- Capital, liquidity requirements, tailored to each firm, to mitigate potential insolvency
- Disaster recovery procedures
Fair, innovation-friendly environment
As the OCC strives to create a regulatory framework that supports and encourages innovation, Comptroller Curry recommended a flexible regulatory framework designed to accommodate innovative and diverse business models. The paper also encourages interaction and ongoing collaboration between fintechs and regulators as they navigate unforeseen challenges to regulatory expectations.
Curry challenged the OCC staff to work within proposed innovation-friendly guidelines on a set of prerequisites for nonbank companies applying for national bank status. Their diverse viewpoints are summarized in the OCC paper, which Curry said, "makes clear that if we decide to grant a national charter to a particular fintech company, that institution will be held to the same high standards of safety and soundness, fair access, and fair treatment of customers that all federally chartered institutions must meet."
Open for comment, debate
Comptroller Curry invited payments industry stakeholders to participate with the OCC in drafting the charter. He seeks clarification on the Community Reinvestment Act (CRA), which applies to institutions insured by the Federal Deposit Insurance Corp. Fintech firms that do not take deposits are not expected to be subject to CRA requirements but may need to comply with similar governing principles, such as "fair access," "fair treatment" and "meeting the credit needs of its community," Curry stated.
The OCC paper additionally seeks recommendations on the types of activities to include in a special purpose national bank charter. Fintechs that apply and receive bank charters would ideally "demonstrate their commitment to financial inclusion that supports fair access to financial services and fair treatment of customers," the OCC stated.
"Public comment will help inform our consideration of these issues," Curry wrote. "We welcome your feedback on all of the issues raised in this paper and on the specific questions included at the end." The OCC will be open to public commentary until Jan. 15, 2017.
Gas station EMV deadline reset to 2020
Thursday, December 1, 2016
M erchants with automated fuel dispensers will have another three years to prepare for the EMV (Europay, Mastercard and Visa) liability shift. Visa Inc. and Mastercard confirmed Dec. 1, 2016, that fuel pump operators will have until Oct. 1, 2020, to upgrade pay-at-the-pump systems to chip card readers. The original deadline had been set for Oct. 1, 2017. The decision to move the deadline was based on the enormity of tasks related to the upgrade effort, Visa and Mastercard stated.
“The fuel segment has its own unique challenges, which we recognized when we first set the chip activation date for automated fuel dispensers/pumps (AFDs) two years after regular in-store locations,” Visa stated on its website. “We knew that the AFD segment would need more time to upgrade to chip because of the complicated infrastructure and specialized technology required for fuel pumps.”
Sharing a similar perspective, Mastercard stated, “EMV compliance for fuel merchants with Automatic Fuel Dispensers brings significant regulatory and implementation challenges. Over the past months, we have had extensive discussions with fuel merchants, issuers, acquirers and other stakeholders regarding these unique challenges. Today, Mastercard is modifying the automatic fuel dispenser liability shift date from October 2017 to October 2020. This decision applies only to automated fuel pumps.”
Infrastructure, supply chain issues
It can be significantly more expensive to upgrade a gas pump POS than an in-store retail POS, payments analysts have stated. Fuel pump POS terminals require state-level certification to confirm the pumps are accurately dispensing fuel and correctly charging customers, in compliance with government guidelines. A modification, such as adding a chip card reader to a gas pump, may necessitate having the entire gas pump recertified.
Visa additionally noted the high costs of updating legacy infrastructure. Many gas station owners will need to drill through concrete and hire third-party experts to rip out old equipment, Visa pointed out. Furthermore, EMV-compliant hardware has been difficult to come by, due to supply chain issues and delays in device manufacturer certifications.
The Electronic Transactions Association issued a statement Dec. 1, 2016, praising the card brands for recognizing AFD merchants’ unique challenges and extending EMV liability shift deadlines.
“Fuel pumps often feature integrated payments terminals, requiring in many cases the replacement of an entire pump, which can involve significant costs, environmental permitting and heavy construction,” the ETA wrote in support of the reprieve. “Taking into account the migration challenges and relatively low fraud at AFDs, the card network liability shift deferment is a positive and balanced action supporting merchants and industry EMV migration efforts.”
The ETA is confident the extended deadline will also enable AFD merchants to implement emerging mobile payment schemes. The association vowed to continue its industrywide efforts to move to advanced EMV technology while collaboratively fighting fraud on behalf of its members and the extended payments community.
Further cooperation planned
Visa and Mastercard reaffirmed their commitment to working closely with fuel merchants and petroleum supply chain partners on the EMV chip migration. The card brands are promoting initiatives designed to mitigate fraud while upgrade efforts are underway.
Mastercard introduced its Decision Intelligence suite of products, a comprehensive set of digital tools and artificial intelligence. Its real-time approvals and rejection of false declines are expected to improve transaction transparency for card issuers while enhancing the overall consumer shopping experience.
Visa is promoting Visa Transaction Advisor (VTA), an analytics and risk-scoring tool that uses existing pump hardware and software to rate transactions and detect anomalies. The service directs questionable patrons inside the store to complete transactions. Research has shown that most criminals will drive away rather than go into a store, the company said.
“More than 53,000 gas stations that use VTA have experienced more than a 50 percent decrease in both counterfeit and lost and stolen fraud,” Visa stated. “Based on the realities of the current issues fuel merchants face and the critical long-term need for the industry to adopt chip as a solution for counterfeit fraud, we believe these changes are a balanced and manageable way to ensure a successful migration to chip.”
It is unclear at this writing if the card brands will consider extending the EMV liability shift deadline for the ATM industry. The ATM supply chain has been adversely affected by an international shipping crisis, which caused significant delays in product shipments and certifications. ATM stakeholders have appealed to the card brands for an extension. Mastercard’s EMV liability shift deadline for ATM providers became effective in October 2016; Visa's is set for October 2017.
Contactless, cardless cash gains U.K. adoption
Tuesday, November 29, 2016
B arclays Bank PLC revealed it is testing a cardless cash program in the United Kingdom. The initiative uses smartphones and near field communication (NFC) technology in lieu of plastic cards and is in pilot at 160 Barclays ATMs. The number of participating ATMs is expected to grow to 500 in January 2017, Barclays representatives stated.
A new feature on Barclays' mobile app will enable customers to withdraw up to £100 cash per visit, by using a one-time PIN and tapping an NFC-enabled Android phone at an ATM. Customers without smartphones can also redeem cash at participating ATMs, by selecting "Cardless Services," entering a money voucher ID and PIN, and confirming the transaction. The ATM will dispense the voucher amount.
Barclays is also promoting its CashSend money transfer service, which allows customers to send and receive cash at any Barclays ATM nationwide 24/7. According to the bank, the service is easy and convenient and is not restricted to Barclays customers. "With over 160 Barclays ATMs nationwide, you now have flexibility and convenience of sending or receiving cash," the company stated. "CashSend can be initiated via the ATM or through Hello Money."
Ashok Vaswani, Chief Executive Officer of London-based Barclays Bank, said customers have become accustomed to using smartphone apps for mobile commerce and banking. "We want taking out cash to be just as easy," he said. "With Contactless Cash, customers can quickly and securely take out money with just a tap of their smartphone – a first for the UK."
U.S. cardless initiatives
Vaswani noted that the United States has also been testing cardless cash. The Green Sheet reported on this phenomenon in an article published Aug. 8, 2016, and titled "Cardless ATMs address EMV, security concerns." The article referenced several developing U.S. initiatives, including the following:
- Early 2015: The FIS mobile banking app added a Cardless Cash feature. Customers who used the app to pre-stage a cash withdrawal receive a tokenized, single-use quick response code to use at a nearby ATM.
- September 2015: PAI and Fiserv Inc. co-produced CardFree Cash, a revised version of Fiserv's Popmoney mobile cash platform. CardFree Cash users receive an encrypted token and ATM locator, which shows nearby locations where they can retrieve funds. The partners also plan to introduce Beacon technology, designed to notify users in proximity of CardFree Cash ATMs.
- October 2015: HalCash North America joined forces with PAI to launch Pin4, a cardless cash network that does not require an ATM card or bank account. Business owners can use the Pin4 API to create real-time, mobile, cardless cash solutions.
- July 2016: PAI and FIS NYCE Payments Network launched FIS Cardless Cash, a mobile phone-to-ATM scheme that replaces plastic cards at ATMs.
ATM fraud deterrent
In addition to convenience, cardless cash solutions can be a viable deterrent against ATM fraud, particularly criminal activities that involve card skimmers and cameras, some analysts have stated. In an earlier interview with The Green Sheet, Douglas Brown, Senior Vice President and General Manager of FIS Mobile, noted increasingly sophisticated ATM fraudsters. "They're starting to use techniques called inserts, which goes beyond that superficial skimmer that sits outside the machine," he said. "The insert is a physical device that is inserted inside the tracks of the machine. These inserts prey on both EMV and non-EMV cards."
Brown said Cardless Cash phone-based authentication is a crime deterrent because no data is stored or displayed on a smartphone. "We don't send your card information from the phone to the machine," he said. "The phone speaks to the ATM over a secure cloud path network."
Another related benefit of cardless cash solutions is speed, which can add convenience and safety to the transaction, Brown noted. "Because you can get in and out of an ATM in 11 seconds, there is a lot less physical threat to you," he said.
ATM deployers and payments industry analysts expect the added security and convenience of cardless cash solutions to continue to fuel global adoption.
A growing cardless movement
Todd Lawrence is CEO of Just Cash, a new company with a mobile cash solution designed to bring "the last critical mile of the banking experience into the mobile world." Built on existing ATM infrastructure, Just Cash can be integrated into digital wallets and mobile banking apps, enabling users to tap their phones to withdraw cash at participating ATMs. The company has been working closely with leading ATM manufacturers and plans a U.S. launch in 2017.
"Mobile cash has reached an inflection point, by providing accessibility, convenience and technology that has helped it scale," Lawrence said. "Just Cash requires minimal integration and limited behavioral changes, which places the company in an exciting position to capitalize on the mobile cash transition."
Lawrence further stated the mobile cash market could exceed 10 billion transactions a year. "Mobile cash represents a more simple, secure, and convenient way to access cash and never exposes customers to lost, stolen or compromised cards," he said.
It's always Cyber Monday for security pros
Wednesday, November 23, 2016
A s retailers brace for the holiday shopping crunch, the 2016 Pre-Holiday Retail Cyber Risk Report, dated Nov. 28, 2016 and published by Bay Dynamics, found that most security specialists take a business-as-usual approach to peak retail season. Findings are based on an independent survey conducted by Osterman Research of 134 security professionals at U.S. retailers with 2,000 or more employees.
Merchants tend to hire seasonal workers during high-peak traffic times, which can pose risks to their businesses, survey analysts noted. The survey questioned how information technology (IT) professionals share information among permanent, temporary and contracted workers, as well as response mechanisms to perceived cyber intrusions and threats.
Ryan Stolte, co-founder and Chief Technology Officer at Bay Dynamics Inc., said key differences between the 2015 and 2016 reports highlight changing attitudes among leading U.S. retailers. The study shows that may organizations have formalized their approaches to risk management and cybersecurity.
"They view cyber security as a year-round commitment and therefore are limiting access to sensitive information for those workers who do not have their own accounts," Stolte said. "They have more visibility into their employees' actions, especially permanent employees who access highly valued data assets. Cyber security is no longer being put on the back burner, and that's a positive shift."
Security a top concern
In a recent survey of small business owners by cybersecurity firm ControlScan Inc. and the Electronic Transactions Association, 89 percent of respondents said security was a top concern. When asked for three top factors that would confirm they had invested in the right payment technology, the leading response was "improved transaction security," followed by "improved customer experience" and "ease of implementation."
"Historically, small and mid-sized businesses have been singularly focused on cost factors when considering new point-of-sale technologies; things like the customer experience and enhanced security functionality were simply not part of the conversation," said Chris Bucolo, Director of Market Strategy at ControlScan. "But all that's begun to change as consumers become more vocal about what they consider a positive shopping experience."
The most effective way to reduce cyber risks is to focus on the most valued assets and the people who interact with them, Bay Dynamics analysts stated. "Organizations should identify where their most valued assets exist, who accesses them, how they access them and who governs those assets," they wrote. "No matter the types of employee, whether they are permanent, temporary or contractors, only those who must access valued assets to do their jobs should be given access."
Michael Osterman, Principal Analyst with Osterman Research Inc., found improved threat detection and response times among IT and security professionals, compared with previously published findings in the 2015 Pre-Holiday Retail Cyber Risk Report. "Most are patching their systems quickly, monitoring employee behavior more closely and limiting access to sensitive information, but there is definitely still room for improvement," he said.
Following are additional takeaways from the Bay Dynamics report:
- Always-on vigilance: 56 percent of respondents treat security as a year-round event; their degree of vigilance remains constant, with no significant changes during the holiday season.
- Increased employee oversight: 30 percent of IT professionals reported their permanent employees had access to privileged data, up from 7 percent in the 2015 report.
- Limiting access by temporary workers: 64 percent of respondents said they try to restrict temporary workers' access to data. The 36 percent who give them access to their own accounts are doing a better job of monitoring temporary workers.
- Restricting access across the board: 6 percent of IT and security professionals give temporary workers access to personally identifiable information (PII); only 13 percent said contractors can access PII. Findings show retailers are limiting access to their most sensitive data.
Downloadable copies of the 2016 Pre-Holiday Retail Cyber Risk Report
and the 2015 Pre-Holiday Retail Risk Report
are available at: http://baydynamics.com/resources/2016-pre-holiday-cyber-risk-report/ and https://baydynamics.com/resources/pre-holiday-retail-risk-report/, respectively.
The Green Sheet Inc. offices will close at noon Pacific Time on Wed. Nov. 23, 2016, and reopen at 9 a.m. Mon., Nov. 28. Happy Thanksgiving! May your holiday be enjoyable and restorative.
NAC case against Visa, Mastercard going forward
Tuesday, November 22, 2016
T he National ATM Council Inc. and 13 independent ATM operators will get their day in court with Visa Inc., Mastercard and assorted card-issuing banks. The U.S. Supreme Court's Nov. 17, 2016, reversal of the defendants' appeal will enable the class action lawsuit to be tried in Washington D.C.'s Federal District Court.
NAC and ATM operators seek injunctive relief and illumination of rules related to debit card network pricing. Plaintiffs are challenging current pricing mechanisms that Visa, Mastercard and affiliated issuing banks use for setting ATM access fees, claiming the schemes are both anticompetitive and a form of price fixing.
"The crux of the Plaintiff's complaints is that when someone uses a non-bank ATM, the cardholder pays a greater fee and the ATM operator earns a lower return on each transaction because of Visa and Mastercard rules," wrote Circuit Court Judge Wilkins in an August 2015 ruling that was later appealed. "These rules prohibit differential pricing based on the cost of the network that links the ATM to the cardholder's bank."
Bruce Renard, Executive Director at NAC, is confident the case will stand on its own merits, following five years of delays. "NAC is genuinely pleased with the order of summary dismissal issued yesterday by the United States Supreme Court," he said. "The anti-competitive rules at issue have protected Visa and Mastercard from competition for network services at retail ATMs, with the result that consumers have been paying inflated prices for using ATMs, and fewer ATMs were deployed than otherwise would have been the case."
A long fight
NAC and thirteen additionally named plaintiffs filed the original complaint in 2011 against what they deemed to be high-priced ATM fees; two similar but isolated consumer class actions were also filed during the same period against major U.S. banks. The card brands and banks questioned the cases' legal merits, leading the D.C. Federal District Court to dismiss all three proceedings.
NAC successfully appealed the District Court's dismissal in 2013, winning reinstatement of the case at the U.S. Circuit Court in 2015. The Circuit Court ruled unanimously in NAC's favor, setting a trial date with D.C. District Court Judge Richard Leon. Visa, Mastercard and affiliated banks fought to dismiss the case, escalating the issue to the U.S. Supreme Court.
The Supreme Court reviewed the defendants' formal brief on Nov. 16, 2017, and dismissed it the following day. The precedent-setting decision from the nation's highest court has set the stage for all parties to legally debate the merits and legality of debit network rules and pricing.
"It's a small victory for the little guy, specifically the ATM operators, and most importantly the consumers, against a very big Goliath," stated George Sarantopoulos, founder and CEO of Brooklyn, N.Y.-based Access One ATM and incoming NAC Board Chair. "Victories like this make you believe in the system again."
Fair trade, fair pricing
Outgoing NAC Board Chair Bonnie Dalrymple noted the vital role independent ATM providers play in making cash available, particularly in urban and rural areas that exist outside national bank footprints. She and NAC board members remain cautiously optimistic about the upcoming trial. "Yesterday's Supreme Court's ruling is a real step forward for the interests of U.S. retail ATM entrepreneurs and the continued widespread access to cash for consumers throughout our nation," she said.
NAC and its supporters are hopeful the lawsuit will resolve irregularities in ATM pricing for transactions processed on lower-cost debit card networks. Charging the same fees for transactions that ride traditional card brand rails as those processed outside of Visa and Mastercard networks amounts to price fixing, some ATM deployers have claimed.
Opponents of uniform pricing across all ATM networks allege the practice unfairly restricts trade and violates the Sherman Anti-Trust Act of 1890, legislation intended to outlaw monopolistic business practices. The card brand networks are preventing independent ATM operators from earning more for debit card transactions routed on lower-cost networks that are not connected to Visa and Mastercard networks, the plaintiffs stated.
"That mandate is the essence of the litigation and the basis for our argument," Renard said. "NAC opposes charging disproportional access fees to end users." NAC, a not-for-profit national trade association, represents the business interests of ATM owners, operators and suppliers.
View prior breaking news