Battling Debit Fraud and SkimmingCalif. Bank Says Chip Technology Is Only Viable Solution
Using the STAR Network's CertiFlash chip was a smart security option for the Bay-area bank, says Chris Olson, the bank's chief operating and enterprise risk officer. The acceleration of identity theft and compromised personal data made a move inevitable.
"The STAR CertiFlash chip was a great security option for Fremont Bank as it will allow customers to transact without compromising their name, their account number or security code," Olson says in an interview with BankInfoSecurity.com's Tracy Kitten [transcript below].
CertiFlash is a STAR chip card program that creates a one-time transaction key every time a debit card is used. If any card is compromised, criminals won't be able to conduct fraud, Olson says.
And the numbers don't lie when it comes to fraud. Olson points out that in comparing the first six months of 2010 to the first six months of 2011, there has been in a 70 percent increase in the number of fraud claims.
Aside from approving security, the chip technology will also speed up transaction time using the Tap and Go method. For transactions dealing with higher dollar amounts, the user may be asked to enter a PIN.
The price for the chip cards is pricier, one and a half to two times the cost of existing cards. But by reducing the losses associated with fraud, the new technology will more than pay for the additional cost, Olson says.
"This is the future in debit transactions," he says. "We in the financial services industry cannot continue to accept the amount of losses and fraud issues that have occurred with the mag-stripe technology."
During this interview, Olson discusses:
- How Fremont Bank plans to roll out its new debit portfolio;
- Why the reduction in fraud losses associated with debit transactions is expected to offset the relatively higher cost of issuing chip-based cards;
- How even smaller institutions, like Fremont, can afford to consider a move to chip and PIN.
Olson is the chief operating and enterprise risk officer at California-based Fremont Bank, which has approximately $2.5 billion in assets. Olson has more than 30 years of progressive experience in financial institution operations, management, lending, compliance, marketing, finance and internal control. In his current role, Olson oversees 24 retail banking branches.
Moving to Chip TechnologyTRACY KITTEN: Fremont Bank, which is a $2.5 billion community bank that serves the bay area, recently launched a new debit portfolio that relies on chip rather than mag-stripe technology. What can you tell us about the route and options the bank pursued in making its decision to switch to more advanced card technology?
CHRIS OLSON: We approached the decision as a result of two identified risks. One was the increasing fraud from skimming, stealing and compromised mag-stripe data. The second was an acceleration of ID theft issues and compromised personal data. The STAR CertiFlash chip was a great security option for Fremont Bank as it will allow customers to transact without compromising their name, their account number or security code, which is that three digit code on the back of your debit card and included in a mag-stripe swipe. The CertiFlash chip generates a one-time key that if compromised would not allow for fraud opportunity. We believe that for Fremont Bank and our largely baby-boomer customer base, confidence and trust in using their debit cards was a prime importance.
KITTEN: And how prevalent or growing has debit fraud been for the bank and its customers?
OLSON: Unfortunately, we've seen a significant acceleration in this type of fraud. If I look at the first six months of 2010 as compared to the first six months of 2011, we've seen a 70 percent increase in the number of claims which represents a 55 percent increase in dollar claims for us. So it's significant.
KITTEN: One thing I wanted to ask about was Fremont noted that the movement to chip technology was primarily based on the need to enhance security, which we've discussed, but also to improve convenience for customers. How do you see a move to chip improving convenience?
OLSON: This is going to be minuet. Certainly in our society of 2011 seconds are counted. The speed of the transaction is measured in seconds. In most transactions, you'll only have to tap your card on the reader in order to transact. The big piece of it is going to be it eliminates all signature-based transactions, which are longer. So for a CertiFlash Chip transaction, the fastest will be tapping it and go. We call it the Tap and Go method. The longer transaction will be to tap it and, depending on the dollar amount, you may have to enter a PIN at that point. But it will be faster and it does eliminate signature-based. That's where we feel there is a convenience piece.
KITTEN: Much discussion has surrounded chip technology which is often expected to comply with the EMV Chip and PIN standard that is now common throughout Europe and Asia. And the reason that we've talked a lot about it is because of skimming. And of course EMV, or Chip and PIN, technology eliminates skimming. The chip though doesn't prevent card-not-present fraud. That is one of the arguments that a lot of U.S. institutions have made. Is there any expectation that the chip could help user authentication when it comes to online debit transactions, which we all know are increasing in numbers as well as frequency?
OLSON: With the EMV chip, which is in Europe, we feel that the CertiFlash Chip is a near field communication chip with a reader, and therefore the card is not dipped as the EMV chip is dipped in Europe. We feel that we also prevent the ability for the mag-stripe or even the EMV chip technology to be copied by not having a dip. The CertiFlash is only domestic at this time. It will not be usable in Europe, so that's why we went with CertiFlash as opposed to looking at EMV technology. Second, which is relative to card-not-present or online purchases, we're actually pursuing a different method for security on those transactions, and we will not use CertiFlash in that case at this time.
STAR's CertiFlashKITTEN: And Fremont's new debit portfolio, which we've talked about, relies on a STAR Network CertiFlash offer, which is a chip application that STAR has developed that uses this one time card number technology that you talked about at the introduction. Can you tell us a little bit more about this technology? What I'm getting at is the recent breach that we saw at Michaels, the POS breach; could this technology have prevented that?
OLSON: Absolutely, yes. The Michaels POS breach, both mag-stripe data and PIN data were breached. In the CertiFlash Chip, using the one-time card number technology would have prevented that breach. The specific of it is that it creates a specific algorithmic identification at the time of the transaction. It's good for only that transaction, and provides the approval and ability to get that transaction processed. Each time it creates a new, specific algorithm identification for the transaction. Because of that, we feel it's the most secure method of using a debit card for transacting business.
KITTEN: What about the cost and the time involved with making this type of debit portfolio migration? Is Fremont reissuing cards for all of its customers, or have you just chosen a select few? And how much of an investment is it, and how long do you expect the rollout to take?
OLSON: First, we're not reissuing at this time for everyone. We're moving into a beta test over the next 90 days. As a result of our successful partnership with STAR, they actually have been kind enough to supply us with our beta supply of cards. The mass rollout is not expected to occur until the first quarter of 2012. Relative to the cost, these cards will probably be one and a half to two times the cost of an existing card. But we also believe that the reduction in losses and the staff that support Regulation E claims - which is what we call the claim from a customer for either lost, stolen or misused cards - will be reduced and therefore more than pay for the additional cost of the cards.
Durbin and Dodd-FrankKITTEN: Have you thought at all about the one cent incentive that's now expected to be offered by the Fed as it relates to the Durbin amendment when it comes to fraud prevention? Do you think that this type of program would qualify for that?
OLSON: Yes, absolutely. As a result of the Durbin amendment, and of course as a result of the Dodd-Frank legislation, the ability to have a higher secure card with the one-time chip technology is going to be beneficial to the merchant because the merchant will be protected from having data stolen and having to be charged back to them. The bank is going to be protected because we will feel comfortable that the card has not been stolen or that the data has been skimmed and used. And I believe that what we'll see in interchange, from the last articles I've read, is there could be as much as one to five cents that interchange fees can be charged for having increased security on these cards. I think it's going to be real positive and I think the Durbin amendment is actually going to provide for a more secure environment.
Customer Education and AcceptanceKITTEN: You talked a little bit about the baby boomer generation earlier and I wanted to ask about customer education when it comes to using this new card technology. Do you expect user acceptance to be a problem?
OLSON: I don't expect it to be a problem. I think that the acceptance is going to be easy. The customers that I've talked to already and many of the employees that we're going to issue some of the cards to initially, they're excited about having the card. I think that the key is going to be being able to train or educate our customer base as to how to find one of these terminals where they can use the CertiFlash chip technology. To me, the hardest part is going to be the network of available machines out there with merchants, and we hope that those will increase over time, and letting our customers know where and how to look for that, the signs for the CertiFlash chip technology acceptance. That's the biggest piece. I think acceptance is going to be very easy.
KITTEN: You mentioned having merchants adopt this technology and looking for the CertiFlash logo. I'm curious to know what other chip options Fremont considered before going with CertiFlash?
OLSON: I'd like to say that we had multiple options of chips, but we didn't. The CertiFlash was presented to us because we also participate with First Data in processing our cards and transactions. CertiFlash was offered as an opportunity that we took advantage of immediately. It was the one option we had, but it was an excellent option and they've been a great partner. I think it does provide all of the security that we were looking for. My biggest issue will be finding acceptance at the merchant machines. That is going to be the key for true adoption in the future.
KITTEN: Finally, before we close, what additional thoughts would you like to share with our audience about making the move from the stripe to the chip?
OLSON: This is the future in debit transactions. We in the financial services industry cannot continue to accept the amount of losses and fraud issues that have occurred with the mag-stripe technology. The U.S. has been a little bit slow in adopting chip-based technology, but the security to financial institutions, merchant and the account holder is just so tremendous and advantageous that we're going to see a big transformation over the next couple of years to chip-based technology. We're happy to have CertiFlash; it's a giant step for us, security and convenience.