TAMPA, Fla. — From smartphone control of plastic to a growing need for tokenization, all the data breaches that have occurred in the last six months have created a buzz among analysts about how the compromises will affect cardholders and FIs.
Here are thoughts from leading experts inside and outside the credit union movement.
1. The Missing Leg of the Fraud-Fighting Stool
Robert Hackney, president of card services CUSO CSCU, based in Tampa, Fla., said he sees more credit unions getting serious about EMV, which is needed to limit fraud losses and deter criminals. But he reminded there is another leg of the "fraud-fighting stool" that must be addressed, as well.
"We need a tool to fight card-not-present fraud," said the CSCU president, adding that EMV only protects against card-present fraud. "That second leg of the stool could well be tokenization."
Tokenization, while an evolving concept, is a process for masking card data — possibly using a set of random numbers to replace card data for purchases. Those numbers would link back to individual cardholder's accounts for settlement, but leave no data behind in a retailer's system that a fraudster could use.
2. Tokenization Important Next Step
Dave Fortney, SVP of product development and management for The Clearing House Payments Company in New York, also believes tokenization is a vital next step, noting that the massive amount of card data in the hands of retailers is reason enough to move towards tokenization.
The Clearing House Payments Company has completed a tokenization pilot and is now expanding the study.
"The amount of consumer data compromised in the Target breach is staggering, but some of the biggest retailers' card data on file may be more than ten times that of Target," said Fortney, who reminded that tokenization would eliminate storing cardholder data at retailers.
3. A Dose of Mobility
Smartphones in hand, consumers are now more willing to take an active role in fighting fraud, contends Brian Scott, VP of sales at The Members Group.
"Members are using their mobile phones more often and for more purposes, and they are much more accustomed to doing different things on their mobile device," he said.
Scott predicts more members will take advantage of apps that allow them to turn their cards on and off via their smartphone, as well as set card spending limits. "They will accept more tools that put the ability to fight fraud in their own hands."
4. Reissuing Cards A Costly, Temporary Fix
Symitar President Ted Bilke is concerned about the rising number of data breaches and how they will impact CUs' costs, particularly those around reissuing cards.
"Reissuing cards is only a temporary fix, as we know," said Bilke. "If someone else hacks into another retailer, and the credit union has to replace plastic again and again, that gets very expensive."
Bilke reminded that some credit unions are suing Target Corp. to recover their costs related to that massive breach. But Bilke believes the only long-term solution to make it harder for crooks to monetize their theft and to discourage criminals from targeting the U.S. is EMV conversion. "I think we will see many more credit unions become aggressive with EMV."
5. Cardholder Behavior Largely Unchanged
Despite the way the Target Corp. breach has triggered real change among credit unions and other financial institution card issuers, it hasn't had much impact on cardholder behavior, according to Fiserv.
"We sampled some of our Risk Office clients and we found no real shift in how consumers are using their cards," said Patrick Davie, general manager of Fiserv risk.
He added that some financial institutions are seeing a slight shift from PIN debit to signature debit. "We have not, as well, heard of any shift away from cards to cash."
