by dan thompson, customer relationship manager, senior · by dan thompson, customer relationship...
TRANSCRIPT
Signature, PIN, or Otherwise – Who Really Gets to Decide?
By Dan Thompsons e e de ta i l s on pg 1
Product Update: Extra Awards® s e e de ta i l s on pg 3
To Stop a Thief s e e de ta i l s on pg 4
Domestic Fraud Watch s e e de ta i l s on pg 5
How to Report Fraud with DataNavigator s e e de ta i l s on pg 6
Update to DataNavigator s e e de ta i l s on pg 6
Quarterly Bulletin APRIL 2015
jhaPASSPORT™
CONTACTS
JHA Payment Processing Solutions® (PPS)Status Line: 866-428-7328
Adjustment DepartmentSupport Number: 800-299-4222
Fax: 281-894-3411
PPS Dispute Center (Visa/MC Issuers)Phone: 800-881-7488
Fax: 800-691-0419
Customer SupportBanksSupport Number: 800-299-4222
Level 1 Support Fax: 877-269-4220
Balancing Support Fax: 877-269-4210
For Cl ients Portal :
https:// forcl ients. jackhenry.com
Credit UnionsEpisys® Support Number: 888-796-4827
CruiseNet® Support Number: 800-299-4222
For Cl ients Portal :
www.symitar.com/forcl ients
jhaPassPort / / a p r i l 2015 1
Signature, PIN, or Otherwise – Who Really Gets to Decide?
by Dan Thompson, Customer Relationship Manager, Senior
Here’s a story you probably never expected to read – ready?
One of your cardholders picks up a variety of merchandise at a retailer and it totals $41.65. At the checkout counter, she reaches
for your financial institution’s debit card. This cardholder has been here many times, and knows to swipe the card, push “Cancel”
and select “Credit” on the terminal. Often she doesn’t even sign; just pockets the debit card and heads out the door with purchases
in hand.
Now it comes time to look at the home banking account. The cardholder gets home and checks the balance online, but notices
something strange. The purchase is deducted from the account, but it doesn’t look like similar purchases made in the past. It
appears to be a PIN-based transaction. She is confused, and worries that someone is using the account fraudulently. A frantic and
confused call is placed to you.
Do you know how to respond? Are you aware of what is really going on with this cardholder’s account? Has the PIN
been compromised?
Well, the scenario described above is unfortunately playing out at a handful of national retailers today. Debit issuers are fielding
calls from confused cardholders who state emphatically that they did not use their PIN, or they are convinced that someone has
gained access to their payment information and is using their account with a PIN to make illegitimate purchases.
In many cases, this is not fraud. It is in fact the result of the Durbin Amendment and the power it has given merchants to route
a transaction to the network of their choice. This is why you were required to place two unaffiliated debit networks on your
association brand, three-party debit card.
Last year, some networks announced availability (in beta) of PINless debit card transactions at the point of sale. In fact, one
network announced that all participants were required to offer PINless debit at eligible merchant categories for transactions
under $50, and signature for transactions over $50, including pre-authorization, purchase, and return transactions. The next phase
will expand support for PINless, no signature, as well as signature and no CVM (cardholder verification method), at all merchant
segments. It includes support for the traditional (Visa/MasterCard) dual message environment pre-authorization and settlement.
This will extend to card-present (POS) and card-not-present environments, as announced.
Is your mouth hanging open yet?
The impact of this development is going to be huge, in my opinion. Think about it – no longer will cardholders control how their
transactions are processed – whether they run through the traditional signature network (by pressing “Cancel” then “Credit”),
or through the PIN EFT network by punching in the PIN. The way the cardholder chooses to verify use of the card, called the
Cardholder Verification Method (CVM), no longer resides in their hands, but rather in the merchant’s. They may or may not be
1
jhaPassPort / / a p r i l 2015 2
>> Continued
asked for a PIN; they may or may not be asked to sign; and the transaction may or may not process through the EFT network or the
Visa/MasterCard network. No one knows for sure except the merchant, and as of today they are not disclosing to the cardholder
which path they are using to direct the transaction.
One implication to consider is rewards. If you positioned your debit card with a rewards program that only “pays” upon completion
of a traditional signature transaction, then the cardholder may or may not earn the full reward at the discretion of how the
merchant chooses to route the transaction. This is the power the Durbin Amendment has given to merchants.
Another consideration or implication involves interchange income. Generally speaking, traditional signature-routed traffic earns
a higher rate of interchange revenue for the issuer. PIN-directed traffic typically earns a smaller percentage. Now, the merchant
along with the EFT network may decide that no CVM is required and thus the issuer may be exposed to a higher risk transaction
without the offsetting premium in interchange revenue. You get the transaction, but you may also experience higher risk and
lower interchange.
One last consideration … what will happen to the common knowledge of Zero Liability when using Visa or MasterCard debit? You
have spent years hammering this into your cardholders’ heads. How will you now educate them that their transactions may or may
not qualify for Zero Liability, and that unfortunately the cardholder has zero control over it?
On a related note, compare and contrast the range of dispute rules available to you as an issuer under Visa or MasterCard’s
operating regulations versus your primary EFT network rules for dispute management.
There is a lot more to contemplate as this evolves, but I wanted to bring it to your attention. As if you didn’t have enough to worry
about, right?
2
Quarterly Network ReportingMasterCard®, Maestro®, Cirrus® – Reporting forms and instructions, based on your network membership(s), were emailed from
[email protected] to your institution on Friday, March 20, 2015 with reminders again on
Tuesday, March 31, 2015. The deadline to submit your quarterly report(s) for 1st quarter 2015 is Midnight CT on Friday, April 10, 2015.
PLUS®, Interlink® – Reporting forms and instructions were emailed from [email protected] to your
institution on Wednesday, March 25, 2015. The deadlines to submit your quarterly report(s) for 1st quarter 2015:
PLUS – Monday, April 6, 2015
Interlink – Wednesday, April 8, 2015
jhaPassPort / / a p r i l 2015 3
How to Make jhaPassPort™ Extra Awards® Go to Work for You
Some financial institutions offer a rewards program because cardholders ask for it and leave it at that. Other institutions take a creative, proactive approach and make loyalty awards pay off in a big way.
Always Something New
A common strategy for awards success is to keep the promotions changing. If you do something different every few months, you
are more likely to engage with cardholders. Below are suggestions to use rewards for maximum value.
It’s a good idea to have a new promotion each quarter. For example, take one quarter of each year and focus on a balance transfer
promotion. You can offer double or triple awards for transfers. Another quarter can be geared toward certain types of transactions,
such as using the card at a gas pump, or purchasing entertainment, travel, or whatever you want to emphasize. Again, make
offers of double or triple points for these transactions. It’s common to spotlight back-to-school purchases in the third quarter and
holiday gift spending in the fourth.
A great idea is to create a theme for promotions, such as sports, travel, pets, or fashion. These themes offer an opportunity to
use eye-catching images, and they can easily be translated to social media and presented as fun games or challenges. Other
successful campaigns:
• Entice inactive cardholders with points for changing to a rewards card.
• Provide extra points if cardholders reach a specified spending amount, such as $1,000 or $5,000.
• Offer an awards incentive for getting a new car loan, or any other activity you want to promote.
Rewards Get Measurable Results
When institutions start and promote a rewards program, the difference is apparent. The number of new cards and the amount
of interchange income changes dramatically. There is a large, documented difference in activation between awards and
non-rewards cards.
The critical part of success is knowing that you can’t just offer a rewards program and wait for it to work. Keep it fresh, keep it lively,
and rotate among promotions that target different types of spenders. Every cardholder you engage becomes more inclined to
keep and use your card.
If you have questions about Extra Awards or loyalty promotions, email us at [email protected].
3
jhaPassPort / / a p r i l 2015 4
To Stop a Thief
This issue includes a grab bag of three topics for your consideration.
Bits and Pieces
After a data breach, you sometimes hear people say, “Well, only email addresses were stolen, and that’s not so bad,” or “They got
names but not passwords.” The fact is that a name, an email address, a phone number, a postal address; these are all pieces of a
puzzle that identifies you or your cardholders.
These bits of information are particularly helpful in creating phishing attacks. If someone has both an email and mailing address,
victims might be more inclined to think that their financial institution is trying to reach them. As always, train your cardholders to
put verification before trust in questionable communications.
Some Things Never Go Out of Fashion
Skimming is a good example of a trend that just won’t quit. Throughout 2014 and into 2015, this old favorite form of theft is as
popular as ever. Criminals are still putting card-reading attachments on top of the real readers on ATMs and gas pumps. People
are still looking over shoulders to spy on PIN numbers. People are still picking up credit cards and quickly passing them through a
pocket card reader when no one is looking.
Teaching your cardholders to always be on their guard is never out of style.
Most Common Ways Credit Card Data Are Stolen
Few people know more about credit card fraud than Brian Krebs of KrebsOnSecurity.com. In a January posting on his website,
he listed the most common ways a person will find his or her credit card compromised. Read the full article, which describes the
characteristics of each type of fraud and the chances of the cardholder learning exactly what happened. The top nine:
• Hacked main street merchant or restaurant
• Processor breach
• Hacked point-of-sale service company/vendor
• Hacked e-commerce merchant
• ATM or gas pump skimmer
• Dishonest employee
• Lost/stolen card
• Malware on consumer PC
• Physical record theft
Note the frequent appearance of breaches and hacks in this list, which are out of the control of your cardholder. They look to you
for protection. Stay alert and make smart use of Auto-Block rules to minimize damage.
Questions? Email us at [email protected].
4
jhaPassPort / / a p r i l 2015 5
Domestic Fraud Watch
Each new day brings with it a new opportunity to fight fraud. Let’s fight it together.
The following information represents a brief recap of suspected or known fraudulent activity by state reported within the past
several months. Its intent is to inform and educate.
Nationwide/multi-state
Parking Garages: PA, IL, IA, WA; Bebe stores: Nov. 8th – Nov. 28th; One Stop Parking (airports)
eCommerce
Bigtreesolutions.com Jan 1st – Jan 13th; Idparts.com; bolderimage.com; shop.dutchbros.com Nov. 7th – Dec. 6th; C3Controls.com;
Book2Park.com
Join our monthly interactive WebEx sessions to learn and share information about the latest problems and solutions in the fight
against financial fraud. To register go to www.jha.webex.com, click on “Event Center” and look for “Fraud Today.” If you have any
questions contact John Larsen at 206-352-3419 or email at [email protected].
5
• Vermont• Missouri• Virginia• Florida• Texas• California• Louisiana• Indiana• Arizona
Indicates a state with known or suspected fraud
jhaPassPort / / a p r i l 2015 6
Reporting MasterCard® and Visa® Fraud in DataNavigator
jhaPassPort™ has recently experienced an increasing number of incorrectly completed MasterCard and Visa fraud reporting cases in
DataNavigator. There is a two-part process for entering MasterCard and Visa fraud and both must be completed for the process to
work. The system is showing that some users are completing the first part of the process but not continuing on to the second.
Part 1 of the process includes a step called Create Unworked Fraud Advice Case.
Part 2 of the process includes two steps; completing the Fraud Reporting section, and selecting the Fraud Reason.
After completing both parts of the fraud reporting process, the user should have two batch numbers. When the user checks to
make sure the fraud process was completed, it will display Add Fraud Forwarded under the Current Case Stage column on the
Case Search Results screen. It is recommended that a user check this to make sure the fraud has been reported.
Detailed instructions for reporting fraud to MasterCard or Visa in DataNavigator can be obtained by selecting the appropriate link below.
MasterCard Visa
If you have any questions or would like additional information, please place a support call to jhaPassPort™ at 800-299-4222 or
open a case through the For Clients portal.
6
Updates to DataNavigator Cases for the Regional PIN Network Dispute Process
jhaPassPort™ would like to remind financial institutions that once a PIN dispute is successfully entered into DataNavigator for a
regional network (i.e. Pulse, NYCE, Shazam, STAR, MAC, etc.), do not go back into the case and try to make changes. If any updates
to the case are required, you must open a jSource case by contacting Customer Support. Changes made in DataNavigator to
regional PIN dispute cases after the initial "Create Case" submission are not tracked or reviewed by the dispute representative.
The jSource case ensures that the representative working the dispute is notified promptly of any changes so they can be entered
to the appropriate network in a timely manner. Financial institutions can contact Customer Support at 800-299-4222 or open a
case on the For Clients portal to update disputes (Regional PIN Networks) already submitted through DataNavigator.