As customers increasingly turn to technology to do their banking, banks are becoming ever-more reliant on their technology partners. SHAZAM, the Johnston, Iowa-based EFT network/processor, addressed innovation and security as it considered technology during its 2017 forum, “Power Your Potential,” at the Des Moines Marriott Downtown, April 11-13.
With an increasing focus on its own core systems—SHAZAM purchased Cardinal Software in June, 2010—the processing network knows all financial institutions are looking for more, managing director of sales Alan Buhler said.
He said SHAZAM, like other technology companies, is pouring money into development.
The motivation for providers is simple. Banks are spending more on the services. Financial institutions are expected to pay $3.3 billion for core products in 2017, up from $2.9 billion in 2013. That nearly 14 percent uptick is even more noteworthy when considering there are 1,100 fewer banks than there were at the end of 2013.
Along with the substantial expenditures, many banks are switching core providers. “Conversions are scary,” Buhler said. “That’s really the biggest thing. You feel when you’re ready to take on a conversion that you’re going to be jumping off a cliff. The thing is, in many cases after the fact, it was more like stepping off a curb.”
Buhler emphasized training’s role in reducing the height of that figurative jump. Risking too much training for too many staff members is far preferable to the alternative.
Originally a debit processing network, SHAZAM’s EFT services are combatting a familiar set of fraud perpetrators, although some were expected to be decreasing by now. As EMV cards (more commonly known as chip cards) become more prevalent, most card machines have been required to be swapped for newer versions which can read chips. Those that have not yet, will be soon, according to SHAZAM fraud consultant Liz Little. For example, VISA ATMs will be EMV-compatible by October.
Automated fuel dispensers remain the exception. Originally, the EMV shift was to come in 2017, but that has been extended to October of 2020. Thus, the tried-and-true methods of credit card skimming will continue to work at gas pumps. This may have increased skimming attempts.
“Skimming is something that has come up more and more,” Little said.
Even at converted machines, fraudsters have turned to “shimming.”
“In this case what they’re doing is putting a device between the chip and the card reader,” Little said. “They’re expecting a chip card to be inserted, and they’re reading the chip … and that data. They’re taking that value and putting it onto a magnetic stripe in place of a CCV or CVC number.
“The fraudster can’t counterfeit a chip card, at least we have not seen that yet.”
Without a functioning chip, some will use generic chip card stock with that programmed magnetic stripe. When its faulty chip does not read, the merchant may allow an attempt with the functioning stripe. In these instances, issuers will not always be as responsible, thus reducing at least some liability.
As always, Little encouraged the 350 attendees to check their terminals multiple times a day for any signs of tampering or skimming and shimming devices. Scrape marks or adhesive residue should be immediate red flags to contact the authorities.
Doing the same before filling up the tank makes for good personal practice, as well.
Once those gas pumps are up to EMV standards, Little may have a whole new set of fraud concerns to sort through. SHAZAM senior vice president of product development Manish Nathwani addressed the forum about the growing “internet of things.”
“What is the internet of things?” he asked. “It’s a network of connected objects able to collect and exchange data using embedded sensors.”
While a refrigerator keeping track of eating habits and a wristwatch monitoring exercise activity may lead to both better health and focused spending, “smart technology” also increasingly includes automatic purchasing power. With that comes opportunity for malfeasants to access not only personal information but also an e-wallet, of sorts.
“Security comes to mind,” Nathwani said. “How does that device know that voice is who it says it is? Behind the scenes there is enrollment involved. The strength of that transaction and the security of that transaction is absolutely dependent on the strength of the enrollment.”
With those concerns addressed, the internet of things should provide banks more applicable information to better serve customers.
“[The internet of things] presents opportunities for [banks] to provide a personalized experience, engage customer rewards, maybe even better cross-selling opportunities,” Nathwani said. “… There are devices that tell you the state of inventory before you make lending decisions. Insurance and how you drive, those things can be determined based on data and analytics.”