Bonneville Bancorp is taking an unusually drastic-and seemingly counterintuitive-approach to fighting fraud. To make sure its customers use their PINs and to shore up security for debit purchases, it is prohibiting signature debit payments in some states.
Though PINs provide an additional layer of security, signature debit transactions generally earn issuers more money, and observers say it is unheard of for a bank to consider its fraud losses severe enough to switch off that revenue stream.
According to a notice on Bonneville's Website warning of "high amounts of fraudulent card activity in California, Florida and Georgia," customers in those states must use their PINs for any debit transactions. "No signature transactions will be allowed," the notice asserts.
"All I can think of is that the fraud was so high that the lost interchange revenue is worth it compared to the cost of issuing new accounts," says Avivah Litan, a vp and distinguished analyst at Gartner. "It's a statement admitting PIN is more secure, so it contradicts all the marketing messages" from most other banks.
Ryan Nielsen, a vp at Bonneville, says that the $34 million-asset bank, which has one branch in Provo, Utah, is going to keep signature transactions switched off in the three states for the foreseeable future, and that this approach was suggested by its processor, First Data Corp. "We had several fraud activities in those states in a short amount of time," Nielsen says, and although Bonneville is evaluating other methods of addressing that fraud, it does not know when it will change its approach. First Data execs would not comment.
Litan says that Bonneville's message is so striking because banks have gone out of their way to encourage signature debit use over PIN debit. These pitches usually play up the convenience or offer a reward, but JPMorgan Chase & Co. has gone even further in presenting signature as the safer approach because it does not require consumers to risk exposing their PIN by using it.
This message was featured prominently on marketing mailings JPMorgan Chase customers received in April. JPMorgan Chase defended this by stressing that it wanted to reassure customers about the security of debit cards, but Litan says there is no confusion about which is the more secure method.
"From a pure technical security standpoint, PIN is much more secure," Litan says. "There are no two ways about it."
Aaron McPherson, a research manager for payments at the Framingham, Mass., research firm IDC Financial Insights, says that Bonneville's response is so striking because it is so public - it is the most prominent notice on the company's Website, drawing attention to an issue that banks usually downplay even when being transparent.
"Banks do periodically get hit by fraud rings, but usually they try to keep it as quiet as possible because they don't want their customers to be worried about using their cards," McPherson says.
-Daniel Wolfe is a reporter for American Banker.