With VISA and MasterCard preparing to transfer charge-back liabilities on Internet transactions to the card issuer, CUNA Mutual Group is revamping its credit card insurance coverage as an added incentive for credit unions to participate in the efforts to make Internet transactions safer.
Effective April 1, card issuers that do not participate in VISA's Verified by VISA or MasterCard's SecureCode Internet purchase protection programs will be liable for fraudulent online credit card transactions. As a result, CUNA Mutual said it cannot afford to continue its credit card coverage for those credit unions that opt not to be part of Verified by VISA or SecureCode.
"(These programs) require both the card issuer and the cardholder to participate, so it's important for credit unions to encourage their members to participate, to register their cards with (these programs," said Al Stendahl of CUNA Mutual Group. "The question is, how do we get members to do this? Both VISA and MasterCard are offering two options that will help: mass enrollment or auto enrollment, and once we learned that credit unions would have those options, it became easier to get to that point."
And once it was clear that there were mechanisms in place to help credit unions get their portfolios in compliance with the security protocols, CUNA Mutual had to take another look at how it covers card-related liabilities.
"There is a significant potential cost to credit unions if they don't participate," Stendahl explained. "Up to now, we haven't sustained much loss on fraudulent Internet transaction because credit unions could do charge-backs to the merchant. The change that we've made to our coverage is that it makes participation a condition to coverage for online credit card fraud."
Even with mass and auto enrollment, some credit unions may be unable to have everything in place for Verified by VISA or SecureCode by the time their coverage is up for renewal. For example, a CU's processor may still working on making the software changes necessary for supporting these programs. "Most processors have been working diligently and can support this already, but there are some, quite frankly, that are still scrambling," he noted. "By April 1, most processors will be supporting these tools, and even if the processor doesn't support them, credit unions can go to the software provider or directly to VISA or MasterCard."
But all of that takes time, and some may not make the deadline. "We recognize that it's not possible for all credit unions to participate on or before their bond renewal comes up, so we're offering an interim insurance option," Stendahl said. "But it's imperative for credit unions to participate in these programs. If they don't, that's a big risk that they've chosen to take on, and we simply cannot insure that risk."
VISA and MasterCard are changing their charge-back policy as a result of the way Internet transactions have changed the way people use their credit cards. In the past, merchants were held responsible for charge-backs because they were face-to-face with the person making the transaction and could take steps to authorize those transactions. But Internet purchases remove the merchant's ability to eyeball a customer and take note of some of the clues that might lead a merchant not to authorize a transaction. Instead, the Internet puts the ball right back in the card issuers' court, because the control over the transaction is held by the issuer and its processor.
"It made sense to shift that liability to the group that authorizes the transaction," Stendahl commented.