Archive for Security

We’re Embedding Our Best Technology in Apple Pay… and Into All Digital Transactions

Originally posted on Cashless Pioneers blog

Guest post written by James Anderson, Group Head and SVP, Mobile and Emerging Payments, MasterCard

James Anderson_MC

MasterCard is the NAFCU Services Preferred Partner for Credit, Debit, and Prepaid Branded Products.

In bringing Apple Pay to consumers, Apple wanted to deliver the highest quality transactions possible. So who did they turn to? Those who’ve built the scalable payment infrastructure that is the envy of others – MasterCard.

We believe that payments should always be a simple proposition to the consumer – but once you get under the hood, there’s a very sophisticated network in place that enables any of us to walk into a store and make a purchase – trusting that our cards will work as we expect them to. We realize that consumers don’t care about that – but what they do want to know is that their information and their money are secure.  Through the work that MasterCard did with Apple and with the active engagement of the first four issuers – we’ve delivered the most secure combination of technologies that we’ve ever deployed:

Phones_MC

Top Things to Know About Apple Pay and the Security of Our Digital Payments Platform:

1. Apple Pay Transactions Will Work Just Like Any Other MasterCard Transaction

Transactions that originate from Apple Pay will work the same as any other MasterCard transaction. The consumer will see the card they wish to use in their iPhone from the issuer that they are used to doing business with, the merchant sees a MasterCard transaction – either the familiar contactless form in store or Digital Secure Remote Payment for in-app. Apple is never in the transaction path.

2. Built with the Most Secure Technology

In building a secure payment experience, we’ve taken advantage of industry-standard EMV cryptology, in our digital enablement service and in Apple Pay, to ensure transactions are fully in line with the U.S. EMV migration and can take full advantage of the most secure payments technology in the world. We’ve taken this crown jewel of payment technology and put it at the heart of the program.

3. And We’ve Added an Extra Layer of Protection

In order to further protect consumers, we’ve added an additional layer of security to the digital payment process through tokenization. This means that the number stored in the Secure Element in a consumer’s iPhone 6 is not the same number as on their card. In the (unlikely) event that someone is able to pick up the data off of a transaction – what they’re going to get is a 16-digit token number and a cryptogram (a long number unique to each transaction). If they try to use the token without a cryptogram, we’ll reject the transaction. And they can’t generate a crypotgram without the EMV keys that are stored safely in the Secure Element on the iPhone. A lot of technical talk – but added together it simply means that we’ve put the right protections in place to keep consumers safe.

4. Authenticating with Biometrics

Until now authentication on a mobile device was always a PIN. Apple viewed Touch ID as a critical asset for payments as a cardholder authentication. Within Apple Pay, consumers simply confirm a transaction with one touch. Those who prefer not to use Touch ID can revert to using a passcode.

Apple came to MasterCard with a strong vision for building a user-friendly, secure payments service that aligned with where we were focused as a company and allowed us to leverage the foundational technologies that we’d developed over the last ten years – EMV, contactless, tokenization, and DSRP. Apple knows how to deliver great user experiences, but they also respected MasterCard’s knowledge and expertise. We were able to bring insights on how consumers view payments and what elements were going to be important to ensure they view this as a secure experience representing the brands that they trust.

 

EMV: It’s Time to Talk to Consumers

Originally posted on Vantiv’s Blog.

Guest post written by Patty Walters, Senior Vice President of Merchant Products and Security for Vantiv.

Vantiv is presenting at NAFCU’s Technology and Security Conference, Feb. 11–13 in Las Vegas. Learn more »

In a recent Vantiv/Mercator study, only 15 percent of U.S. consumers said that they have an EMV equipped debit or credit card. That’s not surprising, since the industry is still in the early stages of rolling out EMV. What is surprising is that two-thirds of that group said that they have used their cards in chip mode in the U.S. That’s just about impossible, given the relatively small number of EMV terminals out there. It’s more likely that the chip-card owners used their cards in the traditional way by swiping the mag-stripe.

Still, that finding indicates that consumers are a little confused about EMV. (The study also found that one in five weren’t sure whether they actually had an EMV card.) But why shouldn’t they be confused? To them, this is a new and largely unexplained technology. Read more

Fraud Insights

Originally posted on forwardbanker.com.

Guest post written by Scott P. Wallace, Vice President of Marketing, Deluxe Corporation.

Deluxe Financial Services is the NAFCU Services Preferred Partner for Check Printing, Online Check Ordering, Check Fraud Prevention, and Member Loyalty Solutions.

Banking margins are being squeezed and fraud continues to rise. This is not a good combination. To combat this, financial institutions want to stay aware of the trends and opportunities to mitigate losses to help improve bottom line profits.

A survey of both financial institutions and non-financial institutions compiled by the Federal Reserve Bank of Minneapolis provided some great insights into payments fraud.

What they found was fraud is a problem across all those surveyed no matter what their asset size, type of institution, or payment products offered. For financial institutions, the payment method most vulnerable to fraud was signature debit cards with over 83 percent experiencing an attempt. However, that’s only one of nine possible methods documented in the survey that fraudsters have tried to use. Read more

Gamification: Three Steps to Foolproof Engagement

Originally posted in The Federal Credit Union magazine.

Guest post written by Wayne Conte, Executive Vice President, Affinion Group

Affinion Group is the NAFCU Services Preferred Partner for AD&D Insurance, Enhanced Flex Checking, and Identity Theft Protection.

Although the concept has been around for decades, the term “gamification” was coined in 2002 and exponentially gained popularity around 2010. Gamification is the use of game mechanics to engage users and influence behavior. It’s widely used for diverse applications in marketing, education, loyalty building, productivity boosting, security authentication, incentive programs, and more. Chances are you already participate in several gamification programs.

One example of gamification dates back to the 1980s, when the airlines launched their frequent flyer programs. The result is millions of participants earning points or miles in exchange for their loyalty. The airlines quickly determined that air travelers were more interested in achieving elite status than earning rewards. Leveraging the consumer’s need for status —or achievement— is demonstrated in other gamified applications such as receiving endorsements on LinkedIn and “likes” on Facebook, earning badges on TripAdvisor or Yelp, becoming a mayor on Foursquare, or tracking fitness activities with the wearable Jawbone.

According to a Gartner report, more than 70 percent of the Forbes Global 2000 companies will have at least one gamified application by 2014. These companies will invest billions of dollars over the next few years to implement gamification and, ultimately, differentiate themselves through gamification strategies. As consumers become more accustomed to gamification in their everyday lives, it makes good business sense for you to engage both your members — and your employees — in the same manner.

Here’s how to get started: Read more

Helping Your Small Business Members

Originally posted on forwardbanker.com.

Guest post written by Nick Buri, Fraud & Payment Solutions Manager, Deluxe Corporation.

The 2014 Deluxe Exchange Conference offers crucial advice on the most pressing topics in financial services. Use code NASC14 to register »

”Life is 10 percent what happens to you and 90 percent how you respond to it.”

This famous quote from Lou Holtz, a college football coaching legend, applies to your role in helping your small business customers with the problem of fraud.

Fraudsters are increasingly targeting small businesses. Consider these statistics: (1) 95 percent of all VISA credit card data breaches involve small businesses, (2) 73 percent of small businesses were hit by a cyber attack in 2011.

Why are small businesses an attractive target? Read more