Welcome back!
To access the BAI Banking Strategies subscriber edition, please log in with your BAI Account ID and password.


Not sure if you are a BAI Member?

Forgot your password?
Please enter the Account ID you used to subscribe and we will send you an email with instructions on how to change your password.

Subscribing gives you free access to hundreds of articles and other benefits including BAI Banking Strategies daily email alerts. Already a BAI Member? Click here to log in and subscribe. Not sure if you are a BAI Member? Click here to find out. Otherwise, become a BAI Member below to subscribe.




A Look Ahead to U.S. Retail Banking in 2016

Top retail banking executives, at institutions both large and small, are expressing a mix of optimism and uncertainty as they look ahead to 2016.

Self-Service Revolution

Customers are migrating to electronic channels, making payroll reduction a necessity, but they still desire the same, or an improved, level of service.

EMV for Fraud Control in United States
The U.S. card industry’s move to EMV technology to combat fraud will likely accelerate because of recent data breaches, say BAI Payments Connect 2014 panelists. by ROBERT STOWE ENGLAND
Mar 7, 2014  |  1 Comments

“We saw a decrease in fraud of about 75%,” says Vivienne Nicol, senior manager, fraud operations, at ATB Financial in Calgary, Canada. She attributes this achievement to the bank’s embrace of EMV, the chip-based encryption technology that has dramatically reduced fraud in Europe.

With EMV cards adopted in Europe, and now Canada, organized fraud rings have moved to the U.S., where most cards still use the older and more vulnerable magnetic stripe technology. The need for U.S. card issuers to migrate to EMV will be discussed at BAI Payments Connect 2014 in a March 12 presentation entitled “EMV and Fraud: Lessons Learned and Looking Forward.” Along with Nicol, the panelists will include Dan Heimann, vice chairman of the EMV Steering Committee of the U.S. EMV Migration Forum and solutions consultant at ACI Worldwide and Tim Webb, senior vice president, fraud management, RBS Citizens Financial Group.

Heimann says the tide has turned strongly in favor of EMV in the U.S. “Everybody acknowledges we have to do something. The talk has moved away from people wondering if were going to do this to one where people are saying it’s inevitable – we’ve got to do it.”

An added urgency was created by the recent massive breach of 40 million credit card accounts and 70 million customer contact records at Target, followed by breaches at other major retailers. “While EMV wouldn’t have prevented the breach itself, with EMV it would have been impossible for the fraudsters to generate counterfeit cards from the data that was stolen. That’s a key message,” Heimann says.

Making the Deadline

ATB Financial converted to EMV technology in 2012 with personal information numbers (PINs), as required for all banks in Canada by that nation’s Interac Association, a bank-sponsored organization that operates Canada’s electronic payment card system. ATB Financial has 622,000 customers, 171 branches and 272 automated banking machines (ABMs), the Canadian equivalent of U.S. ATMs. The switch to EMV cost about $2 million for 645,000 cards, according to Nicol.

The concerted migration to EMV was made possible in Canada because all debit cards run on a single system and because there were fines for those banks that did not meet the deadlines, according to Nicol. Furthermore, you could be removed entirely from the Interac system for failure to comply. “You’d be out of business if you did not meet deadlines. That’s how hard these dates were,” she says.

In Canada, debit card issuers had to work with acquirers, the intermediaries that connect terminals to central data centers, to make sure that, after ABMs were enabled, “there was no fall back,” says Nicol, meaning that users of debit cards could not use the vulnerable magnetic stripe at ABMs. ATB’s cards still come with a magnetic stripe, which allows the card to be used at Canadian retailers, who have until 2015 to adopt the chip technology.

EMV compliance by Canadian banks is very high. Approximately 94% of all POS terminals and nearly 100% of all ATMs are chip-enabled in Canada, according to Nicol. Fraudsters are skimming information in Canada from point-of-sale locations and the few remaining ABM machines without EMV. “Then they’re doing all the spending down in the United States,” she says.

Banks, retailers and other credit and debit card-issuers, who may have hesitated to improve card security technology because of the cost, are now seeing that any further delay could have significant consequences in the ongoing efforts to mitigate fraud. For example, Target CEO Gregg Steinhafel, who resisted adopting EMV-chip technology in the past has reversed his earlier doubts and embraced the more secure technology. Visa, MasterCard, Discover and American Express have all set timelines for most merchants to accept EMV cards by October 2015 (with gas stations having until 2017).

All four card processors also expect to eventually implement a counterfeit card liability shift policy for merchants, which will put more pressure on merchants to comply with their EMV deadlines. “If your point-of-sale terminals are not EMV-capable and someone comes into your store with an EMV card and swipes the card at the terminal, liability shifts from the card issuer, who has been eating all that fraud, to the merchant,” Heimann says.

Beyond EMV, card issuers and merchants are likely to also incorporate tokenization technology for online purchases. Even with EMV chip technology, fraud can be committed online using stolen information and tokenization prevents that from happening, according to Heimann. “Rather than passing the actual card information, what the point-of-sale machine does is assign a token value to the card number,” he says. “Then the token value, which is encrypted, is what gets passed around and stored in the different systems so that the actual card number is no longer exposed.” This protects cards when information is both “in flight” and “in storage,” points where it could be vulnerable to hacking, according to Heimann.

Indeed, EMVCo, the organization that maintains and modernizes the EMV specifications, has announced that it is looking into building tokenization into the EMV specification. “It’s another measure to further lock a lot of these things down,” says Heimann. Tokenization, for example, could have prevented the kind of card-not-present breach that occurred at Target, he says.

Mr. England is a contributing writer to BAI Banking Strategies and the author of Black Box Casino: How Wall Street’s Risky Shadow Banking Crashed Global Finance.

Stay connected to Expert Perspectives, Research and Intelligence — subscribe to BAI Banking Strategies now!



Would you like to make a comment? Log In

betty cowell
3/17/2014 12:06 PM

I applaud the industries move to emv and see that as needed. Many corporate banking clients have used tokenization to protect their payment communications with banks from fraudsters. But moving that technology online is something I question. Why not use a customers pin online as an extra layer of authentication. Certainly customers are used to that and they are required to implement it at POS. Seems like an easy fix in the short term for everyone involved. Even credit cards have pins. Pinned transactions have a significantly lower experience with fraud whether at POS or Online