6 Biometrics for your Mobile Platform

By: Daon, the NAFCU Services preferred partner for Biometric Authentication

Daon. MobileBiometricPasswords simply don’t work. Every day brings fresh reports of stolen passwords and hacked accounts. Fortunately, the proliferation of mobile devices has provided an antidote to failing password security — mobile authentication.

Standard Authentication Limitations

Mobile authentication is moving to the mainstream. Consumers have become familiar with using their mobile devices to retrieve a text message consisting of a string of characters that must be retyped into a form on a website.

However, if you are trying to conduct a banking transaction on your phone, then a text message sent to that same phone is awkward to execute and provides limited protection. Furthermore, it doesn’t really prove your identity — it could just as easily be someone who found your phone at a restaurant trying to access your banking information.

Biometric Authentication

Enter biometrics, which authenticate you based on your unique physical characteristics — what makes you who you are — rather than simply assuming you own the device that you are carrying. Biometrics provide both high security and unparalleled convenience.

Instead of typing a string of characters, you simply read a displayed sentence out loud, look into the camera and blink, or swipe your finger across an embedded sensor.

There are six different types of biometrics that financial institutions can implement:

  1. Facial Recognition: involves looking into the device’s camera while the authentication software takes a photograph of you
  2. Voice Recognition: involves speaking into the device’s microphone
  3. Fingerprint Recognition: users either press their finger to the reader or swipe their finger across its surface
  4. Palm Line Recognition: involves taking a photo of the palm of your hand so that its major, easily visible lines can be captured and analyzed
  5. Iris Recognition: involves looking into the device’s camera, usually the front-facing one that allows you to see the image being captured
  6. Vein Recognition: involves taking a picture of a part of your body with a special camera that can capture the pattern of veins under the skin

For a complete comparison between these biometics’ strengths and weaknesses, download the full white paper.

How does it work?

iPhone_Face_2015_blackBiometric Authentication is done by having a person submit samples of their biometric characteristics when they enroll in a service that supports biometric authentication. Later, when they want to authenticate, they submit another sample for comparison. Such comparisons result in a calculated score representing the likelihood of the two samples belonging to the same person.

For Example: If you take a photo of yourself and this is compared with an earlier picture, you should get a very high score. In contrast, the stranger sitting next to you on the subway would get a low score if you tried to pass his picture off as your own.

Taking it a step further: Multi-Modal Biometrics

Multi-modal means collecting more than one biometric to authenticate someone. There are many advantages to a multi-modal system, most significantly an increase in both security and user convenience.

But which biometric is the best? Download the whitepaper, “Face, Fingerprint, Iris, Palm, Vein, Voice: Which biometric is the fairest of them all?” Take a look at each of these options to determine which is the best biometric for your mobile authentication.

daon-logo_a-zDaon is the NAFCU Services preferred partner for Biometric Authentication. Learn more at http://www.nafcu.org/daon/

Back-of-Card Branding Webinar Q&A

MC_backofcard_brandingAnd the questions kept on coming! One of our last webinars of 2015, “Preserving Credit Union Income:  The Impact of Back-of-Card Branding to Your Bottom Line,” sparked so many questions that Caroline Heller, industry expert and webinar speaker, decided to follow up to those we didn’t have time to address during the webinar.

To Catch You Up…

On average, approximately 20% of a credit union’s non-interest income is derived from payments.  In recent months, many institutions have seen some erosion of their payments-based income, but have not been able to specifically identify the source of the erosion.

This webinar helps your institution focus on one area of potential revenue erosion – back of card branding.  In addition to the brand mark found on the front of your debit card, there are usually one or more brand marks present on the reverse side of the card.  It is important to understand the implications of the back-of-card brand marks to your transaction routing and subsequent revenue stream.

Watch the full webinar here:

Click here to watch the presentation in a new window

Webinar Q&A

Caroline Heller, Vice President of Core Payments Solution Sales with MasterCard, responds to your questions:

1. What are a few of the key questions we ought to be asking our current back-of-card brand to ensure our revenue is not eroding?

  1. You may request these reports from your PIN Networks and/or your processor.  First, request reporting that separates PIN transactions from PINless. Ensure you have transaction count, amount, and interchange earned. These may come from various reports vs. one report. Second, request historical reports to look for trends of the above.  Look at a year ago (or two.) Is PINless increasing?
  2. Ask if your PIN Network supports dual message (aka “signature”) transactions or if they have plans to support in the future.
  3. Request current and historical Top Merchant Reports to look for trends.  Is their significant growth (above your overall growth)? This could be a shift from your other PIN network or from signature debit transactions now routing as PIN.  Compare the Top Merchants across all of your networks.

2. How do we know the optimal number of PIN POS Networks on the back of the card?

You may want to consider pairing down the number of PIN POS Networks on the back-of-card.  For instance, if you have 3, I would consider reviewing the economics and need for each network.  If it makes sense, I would limit to 2 networks.

3. Right now we have a rewards program that only gives points for signature debit transactions. Is that still okay, or what do you recommend?

I recommend doing a thorough profitability analysis on your portfolio including the cost of rewards and the estimated increase in usage before changing anything.  However, there are a few things to consider:

  1. When cardholders are encouraged to use their card for all purchases, regardless of signature/PIN, both transaction types tend to increase.
  2. The signature vs. PIN methodology will become more complex with EMV. For instance, a cardholder could enter their PIN, and the transaction is still routed dual message to MasterCard or Visa (what would have been a “signature” transaction prior to EMV).
  3. PINless transactions as they work today definitely are confusing to cardholders when they are motivated to sign for the purchase. The cardholder is not given a choice at the point-of-sale for these transactions when the PIN network is participating in PINless transactions.

4. Can you explain the term ‘exempt issuer’?

ExemptIssuer2I am referring to Section 1075 of the Dodd-Frank Act (aka “Durbin Amendment”).  One portion of the Durbin Amendment caps debit interchange with specific exemptions.  One exemption is for small issuers defined as an issuer with assets less than $10B.  These issuers are often referred to as “Exempt Issuers” when talking about debit interchange and profitability.

This ABA article details the competitive advantage of “exempt issuers” over “regulated issuers” relative to Durbin.

5. Are there any negatives to the issuers that opt out of PINless? Loss of small transaction volume, customer satisfaction, anything else?  

Generally speaking, we don’t believe there would be any negative repercussions were you to opt out of PINless, neither relative to volume or revenue, nor to customer satisfaction.

6. In the event that we were to manage opting out of PINless with our PIN networks, would those transactions which might route as PINless fallback on signature rails?

Yes.  These transactions would likely fall back on signature rails with no signature required.

7. I am an FI. To whom do I opt out of PINless with? MasterCard or my network?

You would opt out with PINless on your PIN Networks.

8. How is EMV going to affect routing? 

The Card Verification Method (CVM) on an EMV card authenticates the Cardholder, but does not dictate routing.  A cardholder could enter their EMV Card PIN, and the merchant can route the transaction to any of the applicable networks on the card including MasterCard or Visa.

A-Z_MC_Logo

MasterCard is the NAFCU Services Preferred Partner for Credit, Debit, and Prepaid Branded Products. For more information, please visit www.nafcu.org/mastercard

©2015 MasterCard Worldwide Proprietary and Confidential

The information provided herein is strictly confidential.  It is intended to be used internally within your organization and cannot be distributed nor shared with any other third-party, without MasterCard’s written prior approval.

Information in this response relating to the projected impact on your financial performance, as well as the results that you may expect are estimates only.  No assurances are given that any of these projections, estimates or expectations will be achieved, or that the analysis provided is error-free.  No reliance can be made on this response and MasterCard will not be responsible for any action you take as a result of this response, or any inaccuracies, inconsistencies, formatting errors, or omissions in this response.   This response constitutes willingness, in good faith, by MasterCard to explore the possibility of a business arrangement between the parties and does not contain all matters upon which agreement must be reached in order for the proposed transaction to be established.

Decumulation: There Is No Rule of Thumb

By Rich Rausser, CPC, QPA, QKA,   Senior Vice President, Pentegra Retirement Services

In most pursuits, people usually look for a “rule of thumb” when it comes to sound strategies or best practices. However, when it comes to developing a retirement plan strategy the rule of thumb is that there is no rule of thumb.

The reason for this may be obvious. As individuals, we all have our own needs, wants and concerns; many of us may be the same age, live in the same geographical area, and even make the same exact salary. Even if two people were hired on the same day by the same firm at the same salary, and made equal contributions to their 401(k) plans throughout their careers, there are still a number of variables to prevent them from taking a “one size fits all” approach to decumulation.

Are both persons married? Are their spouses/partners both working and, if so, what are their salaries and retirement savings? Do they have any children? Where are they in terms of college expenses and healthcare needs?

Unrealistic Rules

I note this because there has been some discussion of late over an industry-wide “rule of thumb” that suggests retirees should try to replace 80 percent of their income during the first year of retirement. While that may be an admirable goal, it may not be realistic for many retirees for the reasons listed above as well as others.

Another specious rule of thumb is that retirees will simply take their 401(k) savings as a lump sum distribution when they retire. While lump sum distributions are certainly a viable option, many plan participants may not even be aware that other options exist and may benefit from further education about alternative distribution options.

Alternative Distribution Options

Many 401(k) plans have numerous distribution options, thus offering a tremendous amount of flexibility in how retirees can take their money. These can include what we call an “ad hoc distribution” – whereby the retiree takes out some money whenever he or she wants; a regular, periodic distribution — $2,000 per month, for instance, or $6,000 per quarter; or structuring payouts over the retiree’s life expectancy.

There is another option that I have mentioned before: supplementing one’s retirement income by purchasing an out-of-plan annuity that can provide a guaranteed level of income to retirees for as long as they live. If a retiree puts 20 to 25 percent of their retirement savings into an annuity, with Social Security providing supplemental income and the rest of the retiree’s account balance consisting of various other pieces, the retiree is in effect “pensionizing” part of their retirement savings.

The annuity option should be available to every 401(k) plan participant, regardless of individual circumstances; it should be viewed as another tool in their retirement savings tool box.

Retirement plans should be constructed in a way that provides the best possible solutions to its plan participants in a cost-effective manner.

For additional information, watch the recent webinar, “Keys to Building Successful Retirement Outcomes.”  Or, download The Pentegra Distribution Path™  for an overview of all the options available to employees and essential tips for creating a decumulation strategy to build a lifetime income stream.

Pentegra_LogoPentegra is the NAFCU Services Preferred partner for Qualified Retirement Plans for Credit Union Employees. More educational resources and contact information are available at www.nafcu.org/pentegra

Adding LIFE To Your Credit Union

By Bryan Clagett, Chief Marketing Officer, Geezeo

Your members’ expectations evolve as they become more acclimated to technology, more financially stressed, and overburdened with life’s pace and demands. In case you have not noticed, the world is changing. Newly emerging competition is developing new bank-like products, and the definition of banking is evolving right before our eyes.

It’s time we step back and reevaluate how credit unions can provide more value.

Declaring you’re the financial partner for life is just not compelling, unless you have strong actions to back it up. Too often we forget that credit unions are enablers, and in fact have the ability to enable members to get the things they want and do the things they want to do.

With all the advances in technology, some things have not changed—like the basic needs of a household to address fundamental financial requirements, milestones, challenges and obligations. Life and money are inextricably linked whether we like it or not (or are willing to admit).

Importance of an Emotional Connection

The key for the credit union is to remain remarkably relevant throughout the “member” journey and to be there with logical products and services when members (or their households) could use them the most. Credit unions are missing very logical point-of-purchase opportunities, while not associating their products with the specific needs of a member at a specific, relevant time.

Don’t lose sight of the fact that people have an emotional connection to money and, perhaps more importantly, things and events. Emotion is a primary differentiator between transactions and a true relational connection, which (in my opinion) is the foundation of an engagement banking strategy.

How can you help a family prepare for a child’s education? How can you help a young couple get their first home? Can we help a couple plan a wedding? What’s the best way for me to get a car for my son? How do we help a family with a medical emergency? Can a bank resolve a small business’s cash crunch? In all of these examples, there are financial considerations and ramifications—and all present opportunities to credit unions.

Engagement Opportunities for Credit Unions

We need to put some LIFE into banking. LIFE is my acronym for “life infused financial experiences.” Milestones, like the examples above, represent obvious opportunities for credit unions to engage members and offer very relevant solutions while building deeper relationships and new levels of trust.

Life_weddingapp_geezeoWe have the data, the systems, the channels, and the people; we simply need to make sure we have the right solutions and services in place that will build systems and triggers that bring credit unions and their solutions to the forefront at the ideal time of need.

Now let’s try to put some ROI or business rationale around this. Bain and Company reports that members who are “emotionally connected” purchase 47% more than those who are simply “satisfied.” Members with a strong, committed relationship are 49% more likely to remain a member and twice as likely to recommend a retailer to friends and family. Bain also found companies that are loyalty leaders, grow revenue twice as fast as their competition and at a lower cost.

We should not fear disruption in the banking industry. However, we should recognize that life is disruptive, so we should find ways to reduce members’ financial pains. Credit unions have the chance to reduce friction while forming deeper emotional connections with members through recognizing and cultivating life infused financial experiences. This is a real opportunity for financial institutions and one that most industry disruptors don’t have the infrastructure or understanding to leverage.

Geezeo-A-Z-LogoGeezeo is the NAFCU Services Preferred Partner for Personal Financial Management (PFM). For more More educational resources and contact information are available at www.nafcu.org/geezeo

Holiday Season Fraud Prevention Checklist

Produced By Ann Davidson, VP of Risk Consulting at Allied Solutions

Holiday FraudIt’s not if fraud exposure will happen this holiday season, it’s when! That’s why your credit union should help your staff and members prepare for what fraudsters have in store this holiday season.

Our gift to you this holiday is a checklist that you should provide to your credit union staff to ensure that your credit union and credit union’s members have a safe and fraud free holiday season.

Holiday Season Fraud Prevention Checklist:

Educate cardholders about the heightened risk of attacks and scams during the holiday season, such as: Phishing attacks (where the member is asked to pay the scammer money) and recruitment scams (where the member is asked to pay a bit of money up front to earn more money later on.)

Recommend to staff and members that they more closely and more frequently monitor ACH items, outgoing wires, and online transaction activity on all of their cards and accounts to look out for any unauthorized activity. Inform them to pay special attention to ACH items and outgoing wires.

☑ Utilize promotional and communication tools to increase the proliferation of information to your credit union staff and members about the increased likelihood of scams and attacks during the holiday season.

☑ Flag or block any unusual out-of-state card purchases. Inform members to alert you if they are traveling over the holidays, so that they are not affected by these preventative measures.

☑  Monitor any type of card fraud to help identify a card breach. Look for a common point of compromise and report it to the fraud department at the card association (i.e. Visa or MasterCard) immediately.

☑  Ensure that your credit union is receiving Visa alerts (CAMs) or MasterCard alerts regarding compromised cards and/or regarding information about the type of card data at risk (i.e. Track 1, Track 2, etc.).

☑  Determine if you will block and reissue or monitor compromised card numbers. In cases where the full unaltered magnetic stripe has been compromised, it is strongly recommended to block and reissue the card data.

☑  Contact cardholders to let them know when they are part of the compromised breach.

☑  Share a message on your website or phone system with any updates about the breach.

PrivacyAuthentication☑  Utilize multiple layers of authentication when validating and sending out ACH and wire transactions both online and in-person to help prevent any unauthorized withdrawals of members’ funds.

☑  Monitor PIN change activity. The criminal may make multiple attempts to perform a PIN change in order to obtain card data.

☑  Utilize an anti-skimming device on your ATMs to help prevent skimming.

☑ Review daily dollar limits for signature, internet, and PIN transactions and offer members the option to lower their daily card limits over the holiday season.

☑  Watch for multiple payments on the same day or within days of each other on credit card accounts and do not provide availability of a payment to the credit card holder until other payments clear.

☑  Watch for increased cash disbursements (advances) being performed on non-credit union issued cards at the teller counter.

☑  Perform a review of your fraud risk tools and programs to assess their effectiveness.

☑  Continue to enhance your fraud protection strategies and your fraud management systems to help prevent card exposure.

For more information, watch the “Holiday Fraud Prevention 101” webinar recording.  Ann Davidson with Allied Solutions, LLC will explain what type of risks increase during the holidays and introduce steps that you, your staff, and your members can take to help ensure you all have a safe and fraud free holiday season.

Allied Solutions Logo

Allied Solutions is the NAFCU Services Preferred Partner for Insurance – Bond, Creditor Placed (CPI), Guaranteed Asset Protection (GAP), and Mechanical Breakdown (MBP); and rateGenius.  More educational resources and contact information are available at www.nafcu.org/allied