Earlier this summer, I posted about hackers going after more than just payment data with their intrusions. The recent news of StubHub’s run-in with cyber thieves is a perfect example of this desire for access to other types of accounts. The online ticket reseller announced customer accounts had been hacked, and the criminals were able to buy tickets to events through the site using the stolen account information.
According to the announcement, more than 1,000 accounts were accessed fraudulently. The company said the hackers did not break through Stubhub’s own security. Instead, they obtained Stubhub usernames and passwords from other sources. These include the websites of retailers involved in their own data breaches and malware installed on victims’ computers. Because consumers often use the same login credentials for several sites, the thieves were able to apply the stolen usernames and passwords at Stubhub.
Company spokesperson Glenn Lehrman said, “The company detected the unauthorized transactions last year, began working with authorities and gave the affected customers refunds and help changing their passwords.” Although StubHub is based in San Francisco, the case has apparent international reach. In fact, of the arrests made in the case, three were in London, and one was in Toronto.
This hack underscores the fact that attackers don’t have to breach your systems to gain access to your customers’ accounts. Vulnerabilities in your customers’ own systems and even poor personal security habits can open your online and mobile banking door just wide enough to let the criminals in.
Educate your consumers about this and encourage them to practice good password security. Remind them to never use the same username and password for multiple sites (at a minimum, their financial accounts should contain unique credentials). Advise online and mobile banking users to change their passwords every few months. And of course, you can’t remind consumers enough to monitor their banking, social and retailer accounts for any suspicious activity so they can report it immediately.
Tags: compromise, cyber_crime, cyber_fraud, data breach, Fraud, stolen
In my last blog, I excerpted the recently released white paper “The Mobile Payments Ignition Point.” The paper details the dramatic impact Host Card Emulation (HCE) technology is expected to have on the mobile payments marketplace.
In the excerpt below, I highlight near-field communication (NFC), one of the leading technologies in the emerging payments landscape, and offer insight into how and why it is the best pairing for HCE. Already powerful in its own right, NFC-powered payments received something of a shot in the arm when HCE came on the scene.
HCE technology was enabled for mainstream when Google opened up its operating system. Although there are currently other companies providing HCE technology, Google created it in response to wireless carriers that were blocking Google Wallet’s access to the secure NFC chips in their units.
…Recently endorsed by both MasterCard and Visa, HCE complements NFC hardware in two major ways: 1) the technologies work together to keep card issuers in play, and 2) they allow for a seamless user experience.
By blocking access to the secure NFC chips, wireless carriers kept NFC-powered mobile wallets off FI radars. With the introduction of HCE, however, FIs and other card issuers can insert their customers’ credit and debit accounts into payments apps created by third-party developers. Consumers, too, will be excited by the technology, as it allows them to make mobile payments with their existing card accounts. In a traditional NFC-based payments app, card credentials are stored on the phone itself. With HCE, the credentials are stored securely in the cloud, which allows users to access them virtually anywhere. This creates a really nice user experience where all consumers need to do is tap their device to access card accounts they already own. Additionally, with credentials stored in the cloud, it will be possible for consumers to access the data from multiple devices.
Evidence of the attractiveness of HCE can be seen in a movement by one of the world’s largest banks. In May, Russia’s Sberbank and California-based Sequent Software Inc. announced their plans to partner on the development of an HCE- powered mobile wallet. As well, Capital One talked about its partnership with MasterCard to explore an HCE solution at the 2014 NFC Solutions Summit.
As another great benefit of NFC and HCE working together, once credentials are in the cloud and able to be accessed by multiple platforms, it becomes much easier to offer consumers a complete mobile experience…
To download the complete white paper, visit themembersgroup.com/mobile_ignition.
Tags: host card emulation, mobile, near field communication
Recently, there have been a number of announcements regarding issuer upgrades to their prepaid product offerings.
It’s likely these changes are connected to an increase in regulation as agencies like the Consumer Financial Protection Bureau (CFPB) look at consumer protections. There’s no doubt the CFPB is taking a closer look at prepaid cards. Card issuers are realizing this, and are working to make their prepaid offerings even more fair, simple and consumer-friendly.
Visa is busy promoting several upgrades. The network recently distributed a press release announcing a new designation for its reloadable prepaid products. Visa collaborated with both The Pew Charitable Trusts and the Center for Financial Services Innovation (CFSI) to establish the new guidelines. To qualify for the new Visa prepaid designation, prepaid programs must meet a specific set of standards. Visa’s new requirements are designed to simplify fees, improve consumer protections and create opportunities for cardholders to improve their financial health. Prepaid cards that meet these requirements will receive a seal visible on card packaging and materials.
Amex is also offering new features that point toward providers being more aware of the specific needs and wants of prepaid users (namely that they can fall outside the financial mainstream and may need additional education or tools, like personal financial management (PFM), to help them budget). In a press release, Amex revealed the network’s Serve and Bluebird prepaid cards will feature PFM options. These will allow their prepaid cardholders to utilize online budgeting tools, draw-up a financial plan, track spending and designate spending limits and alerts. Amex is also increasing the breadth of its cash reload network for Serve cardholders. Amex added 4,100 Walmart stores to its cash-reload network in April and announced the addition of Family Dollar stores in June.
At TMG, we are committed to offering consumer-friendly products through our Visa- and MasterCard-branded ATIRA suite of prepaid cards. The distribution model for ATIRA has always been through community financial institutions (FIs) and credit unions, whose entire philosophy is consumer focused. Even so, we continuously evaluate our products, including our ATIRA cards, in an effort to make the consumer experience even better.
The CFPB estimates consumers loaded $57 billion onto prepaid cards in 2011, and the prepaid market grew by 42 percent from 2010 to 2014. Recognizing the strength and longevity of the prepaid market, and understanding that regulators are working to protect consumer interests, it’s great to see other issuers making changes to their prepaid products.
Tags: changes, guidelines, Prepaid, regulation
We recently wrapped our 2014 TMG Executive Summit in Lake Tahoe, California. With a theme of “People. Passion. Purpose,” the event offered an insightful view of the payments future, as well as inspiration to tap the power of our people, passion and collective purpose.
[Click the above image to view a photo slideshow of Monday's activities]
As our CEO Shazia Manus pointed out, “Consumer demand for a simpler banking experience is actually making all of our jobs more difficult and complex. Our financial institution clients are right now establishing their roadmaps for innovation, partnerships and other strategic moves to win the loyalty of consumers. Events like the Executive Summit allow us to offer guide posts for those roadmaps.”
This year’s presenters included a number of payments industry experts and others from outside the payments arena. Our headliners included Olympic Gold Medalist John Naber on the topic of innovation and former Disney University Head of Training Doug Lipp, who shared the values and strategies that have led to Disney’s decades-long success.
We were thrilled to read all the positive feedback from event attendees. In fact, I’m very pleased to report every attendee surveyed rated the overall event either “Very Good” or “Excellent.”
[Click the above image to view a photo slideshow of Tuesday's activities]
Attendees listed three presentations in particular as the most valuable sessions. These include a panel on the future of payments, a presentation on the evolution of compliance and a talk on leveraging human assets to push past mediocrity.
Spokane Teachers Credit Union Card Services Assistant Manager Tracy Fitch said of the human assets session: “I loved this and wish I had a tape recorder to get all of his great thoughts. When you walk away from a motivational speech with things you can try with your teams right away, it’s a big win. Spot-on presenter!”
Attendees of this year’s Executive Summit had the opportunity take part in a silent auction benefitting the Children’s Miracle Network. The auction, which offered 10 donated gifts ranging from business books to an iPad Mini, raised more than $1,700 for the charity. Over the years, our strategic partner CO-OP Financial Services has made tremendous contributions to the Children’s Miracle Network through its Miracle Match from CO-OP program. We were proud to join them in supporting such a worthy cause.
[Click the above image to view a photo slideshow of Wednesday's activities]
We’re gearing up for another informative, inspiring event next year. Our 2015 Executive Summit is set for July 27-29, 2015, at the Westin Bayshore in Vancouver, British Columbia, Canada. Registration will begin in spring 2015. We look forward to sharing another engaging and energizing experience with our clients next year!
With the October 2015 EMV liability shift quickly approaching, three of the nation’s biggest retailers, Walmart, Kroger and Target, are busily pushing ahead with their own EMV upgrades.
Walmart started updating its payment terminals in U.S. stores eight years ago. Currently, 4,200 of Walmart’s 4,800 terminals are activated and taking credit EMV transactions. The retailer can accept both chip-and-signature and chip-and-PIN cards at point-of-sale (POS) terminals, where consumers with a chip-equipped card will be prompted to use the chip reader instead of the mag stripe reader. By the end of 2014, the discount superstore plans to have new payment terminals running in all U.S. locations. In addition, before year-end, it will replace Walmart-branded cards with chip versions. Currently, the retailer is processing more than 50,000 EMV transactions per day.
Likewise, Target announced early this year it would switch its Redcard credit and debit cards to MasterCard’s chip-and-PIN technology and install a chip-enabled POS system.
With the nation’s largest retailers wholeheartedly on board with EMV, the question is: Will other merchants be prompted to follow suit? A recent Digital Transactions News survey says yes.
The survey asked retailers if Walmart’s chip-card implementation would encourage other merchants to speed up their own EMV acceptance plans. Sixty-five percent said it would, 23 percent said it wouldn’t and 13 percent were undecided.
“As the number one in the Fortune 500, with almost a half a trillion in sales, Walmart is a heavyweight among the heavyweights,” said Mary Monahan, EVP and mobile research director at Javelin Strategy & Research. She added, “Walmart will now begin to push other retailers to move to EMV cards by touting the higher level of security that they offer their customers.”
Undoubtedly, Walmart and Target’s moves toward EMV acceptance will spur some retailers to do the same. Additionally, the significant consumer reach each of these retailers has will certainly beef up consumer awareness and understanding of EMV, both of which are currently lacking.
Tags: chip cards, payment terminals, payments, retailers, strategy
In a recently released white paper, “The Mobile Payments Ignition Point,” I detailed the dramatic impact Host Card Emulation (HCE) technology is expected to have on the mobile payments marketplace. When paired with the right technology, HCE is poised to make it not only possible, but beneficial, for community financial institutions (FIs) to deploy consumer-centric mobile payments solutions.
FIs, telcos, device manufacturers, retailers and Internet giants will ultimately drive consumer adoption of next-generation payments. They just have to figure out how to play together first. A lack of agreement on one core technology to power mobile payments has also complicated issuer, merchant and consumer adoption. Simply put, a plethora of choices for both providers and consumers exists today.
In the excerpt below, the pros and cons of two leading technologies, barcode + cloud and Bluetooth low-energy (BLE), are explored.
Barcode + Cloud
Cloud technology for mobile payments is best demonstrated by Starbucks. A customer scans a barcode displayed on his or her device at the point-of-sale (POS); credentials are held in the cloud…the Merchant Customer Exchange (MCX), in partnership with Paydiant, has recently announced its plan to roll out a barcode + cloud mobile payments app similar to Starbucks. The MCX solution is reported to offer a different consumer experience than the Starbucks app because the consumer will scan a barcode produced on the POS device or on a receipt instead of displaying a barcode on his or her phone.
…Of course, serious attention to security and encryption are critical with any cloud-based technology…What’s more, barcode acceptance often requires merchants to perform terminal hardware and software upgrades. With the present need to reterminalize for EMV-capable machines, most retailers are not likely to pump even more investment into their terminals – especially if you consider the possibility of a set of standards someday requiring universal changes to payment barcodes. No standards exist for barcodes today so different providers are including different information in the bar codes.
Bluetooth low energy (BLE)
…PayPal is showing some interest in using BLE for payments. Its Beacon tool, for example, automatically detects shoppers who have enabled Bluetooth on their devices when they are in a participating store. It then allows those users to make payments at the POS hands-free with voice recognition.
Aside from payments, the marketing strategies that BLE enables are becoming very attractive to retailers…With BLE, merchants can pinpoint very precise locations of their customers and prospects. A department store, for example, can use BLE to identify users in a specific department and use that information to push out a highly targeted and relevant discount offer to those customers. Macy’s, Best Buy, Sports Authority and others have tested this idea via an app called Shopkick.
…There is a question of how much BLE-powered interaction consumers will tolerate, however. Similar to the way Tom Cruise’s character is inundated with unsolicited marketing messages in the film “Minority Report,” a world full of BLE could become irritating. This may cause consumers to opt-out, making mass-market solutions unviable.
Watch for my next blog in which we’ll talk through a third leading technology, near-field communication (NFC), and how NFC, when paired with HCE, is the best solution.
In the meantime, you can download the complete white paper at themembersgroup.com/mobile_ignition.
Tags: bluetooth, Cloud, mobile, mobile technologies, point of sale, white paper
There’s been a lot of talk about omnichannel banking lately. The term refers to the fusion of delivery and/or communication channels to create a unified customer experience. Essentially, it’s the convergence of physical and virtual channels, allowing for the experience initiated in one channel to be seamlessly transferred to another.
Modern consumers want omnichannel banking. In fact, a recent Cisco research report found that, although branches will not entirely disappear, consumers want access to financial services and advice across a variety of digital channels. These include mobile devices, online, video conference and social media networks.
The survey of 5,300 consumers in seven countries also concluded global consumers still value branches for personal attention and favor expanded services that include different kinds of financial advice.
Specifically, 78 percent of consumers in developed markets and 72 percent in emerging markets prefer to use financial institution (FI) web applications for paying bills, managing accounts, checking balances and managing other basic transactions. Additionally, 13 percent of consumers in developed markets and 18 percent in emerging markets prefer to use mobile banking applications for real-time expense tracking, personal finance management and payments.
Forty-two percent of consumers consider FIs to be the most trusted stewards of their digital information, ahead of the government (19 percent), telecom companies (6 percent) and social media sites (4 percent).
A word of caution: Consumers must see the value in omnichannel beyond its potential to increase profits. One recent consumer survey, “Omnichannel Customer Service Gap,” found 73 percent of consumers believe brands are using multiple channels to boost sales rather than to improve customer service.
According to the global survey, a company’s reputation for good customer service matters to 78 percent of consumers. In fact, 75 percent of consumers say good customer service will bring them, their money and their referrals back to the company. Interestingly, 69 percent of consumers say their expectations are increasing.
These statistics show that while the omnichannel banking experience is attractive to the majority of consumers, many remain skeptical about the way the channels are used. The data also reiterates a positive customer service experience can translate to loyalty, which has immeasurable value.
Tags: consumers, omni-channel, service
A recent Credit Union Times infographic highlights some of the ways credit unions can decipher and use Big Data. Specifically, a number of credit unions are looking to integrate uncomplicated predictive analytics and data management tools into their data mining programs.
Three of TMG’s credit union clients recently signed on to use our data analytics and portfolio consulting solution, Catalyst. Catalyst allows financial institutions (FIs) to better monitor, learn from and adjust to the changing behaviors of consumers. Built in conjunction with TMG’s strategic partner IQR Consulting, Catalyst leverages an FI’s own credit card portfolio data to help leaders understand cardholders on an individual level.
With Catalyst’s easy-to-decipher “snapshot” and “trending” reports, credit union executives don’t have to dig through the data to understand how portfolios are performing. Rather, the reports allow management teams to quickly assess the health of the portfolio and take corrective action where needed.
The Credit Union Times infographic breaks down some interesting statistics and facts from the CUNA Technology Council’s white paper, “The Data Craze: Perspectives on Big Data, Predictive Analytics and Business Intelligence.” It also takes a look at some of the main benefits of data analytics and the ways credit unions are utilizing Big Data.
Current statistics show just how “big” data mining has become. Consider these three examples:
The infographic points out five key advantages credit unions receive by collecting and analyzing data:
- Promotes clarity to cut down on time spent researching and processing information
- Permits the use of testing models to accurately measure performance statistics
- Separates populations into sectors, allowing for customized product and service offerings
- Streamlines processes by aiding and sometimes eliminating human decision-making through automated algorithms
- Encourages the creation of fresh business models, as well as products and services
Credit unions and other community FIs are applying data analytics to daily operations in a number of ways. These include improving customer service, creating accrued interest reports, developing certificate offerings, running daily teller reports, managing internal auditing and deciphering ATM settlements.
As the business of collecting data continues to grow, it’s important for FIs to understand the scope, uses, advantages and best practices of data mining. These insights can help leaders create and implement effective data analytics programs and better decipher the information they glean.
Tags: big data, catalyst, community banks, credit unions
Seventy percent of U.S. credit cards and 41 percent of debit cards will be EMV-enabled by the end of 2015. That’s according to a new report, which also predicts the majority of the EMV transition will occur by the end of 2014 and into the beginning of 2015.
The Aite Group report, “EMV: Lessons Learned and the U.S. Outlook,” is based on card issuer interviews. Eight of the 18 issuers interviewed said they plan to start issuing EMV debit and credit cards to the general public by the end of the first quarter 2015. Aite concludes three things in particular are motivating issuers to speed up issuance:
- Increasing fraud threat
- Interest in hastening terminal upgrades to accept near field communication (NFC) mobile payments
- Obstacles involved with using magnetic stripe cards overseas
The research indicates credit card providers will primarily issue contact chip-and-signature credit cards to cardholders rather than dual-interface (contact and contactless) cards. Issuers listed three main reasons for this:
- Card deployment simplicity
- Retailer infrastructure (many of those interviewed believe the technology to accept contactless payments may not be widespread by the deadline)
In contrast to the above research, TMG has seen its issuers overwhelmingly choose dual-interface cards. When asked about why many were making this choice, the common responses were “preparing for mobile payments” and “getting cardholders familiar with the process of tapping to pay.”
Conversely to credit cards, according to the Aite Group report, debit cards will use the chip-and-PIN technology that is popular both stateside and in countries outside the U.S. The report also points out American consumers are already familiar with using a PIN for their debit cards. However, the report claims card issuers believe cardholders should get accustomed to the chips on credit cards before learning to incorporate the PIN technology.
The report details the past EMV migration experiences of five countries: the U.K., Australia, Mexico, Brazil and Canada. It also provides insight for financial institutions (FIs) on how to best prepare for EMV implementation.
“Issuers, based on lessons learned from other countries, should consider issues like fraud migration paths and how to counter them, as well as how to educate the consumer and merchant alike on chip cards,” said Julie Conroy, Aite’s research director for retail banking.
Conroy also advises FIs to take into account third-party expertise gleaned through the EMV migration process of other countries to simplify the deployment process.
Tags: credit, debit, EMV, mobile payments, PIN
I recently had the privilege of attending the World Credit Union Conference (WCUC) in Gold Coast, Australia. I joined IQR Consulting President Rahul Nawab as a presenter during the “Consumer Expectations in Payment Trends” session.
In my presentation, “Consumer Mindsets Driving Payments Innovation,” I highlighted some of the ways consumers themselves are disrupting the payments industry. Specifically, consumers are looking for omni-channel interactions that meet their standards of service across all platforms, seamlessly and on demand.
The ability to bank and pay seamlessly on-the-go and easy access to sharable, interactive rewards, discounts and other types of loyalty perks is the future of consumer-driven payments solutions. As consumer demand continues to influence an anytime, anywhere payments technology movement, our industry must work to stay one step ahead of this desire.
That’s where data analytics emerges as the key to delivering consumer-focused payments solutions. With so many consumers connected through a variety of devices, not only are organizations able to collect personal data, they can obtain behavioral data, as well. Transaction data, third-party data, social media and demographics all come together to allow companies to understand consumer patterns and predict future behaviors.
Additionally, the multi-dimensional nature of today’s transactions (Search > Shop > Redeem > Pay > Share) calls for the use of analytics. Sure, we can collect information on shopping patterns and make predictions, but can we actually use that information to glean insight? The answer, fortunately, is yes.
Analytics capabilities enable financial institutions to accurately forecast consumer demand and respond by providing precisely what their target market wants, even before consumers within that market know they want it. In short, data analytics is allowing organizations to better meet the needs of their customers.
Next month, I’ll blog about another WCUC session, “Advancing Women in Leadership,” for which I was so honored to serve as moderator.
Tags: big data, consumer mindsets, consumers, financial institution, omni-channel, rewards, target market