Fremont Bank customers in northern California are about to find out how much faster and safer their debit cards can be.
The financial institution plans to issue a new contactless debit card using the Star electronic funds transfer network's CertiFlash technology to its customers over the next several months, the companies announced July 14.
First Data Corp.'s Star last August rolled out CertiFlash, a chip application imbedded in the debit card and merchant terminal that uses single-use card numbers to improve security at point of sale. Star introduced CertiFlash as an answer to EMV cards, which few U.S. merchants accept.
Kevin Barry, Star general manager, says CertiFlash will define the next generation in payments.
"We feel confident that the time is right for this technology to take hold," Barry says. "More and more banks and credit unions are looking for ways to combat fraud and to keep cardholder information secure, and we believe that the one-time card number and multilayered security offered by Star CertiFlash provides a powerful solution."
Fremont, with 19 branches in the San Jose and Alameda County area of California, was ready to make the move to CertiFlash because of the security advantages, according to Chris Olson, the issuer's chief operating and enterprise risk officer.
"It was a way to avoid using the magnetic stripe on the card because those stripes have the customer's full name, account number and [card validation code] number," Olson says. "There are too many opportunities for compromising security."
CertiFlash addresses those concerns by eliminating the consumer’s card data from the process. Instead, for each transaction the chip encrypts and transmits a card number usable only once for tap-and-pay transactions, which do not require PINs when the value is of $25 or less. The cards also have mag stripes for traditional card use.
"I think 'tap-and-go' might be a better way to describe it than contactless because you have to be able to tap the card on the reader so that it won't be triggered by someone just walking by," Olson says. "It sends only the last four digits of your card number, and then the merchant's reader is able to tell it is you" before creating the one-time transaction number.
Internal research suggests Baby Boomers hold 70% of the deposits at the bank, and they represent the age group most concerned about potential security lapses in mag-stripe cards, Olson says.
Because the technology produces a one-time-use card number, it is of no use to a potential hacker who may find a way into a merchant's payment system. Other merchants would decline use of a stolen one-time card number if a hacker somehow obtained it and tried to use it.
A select group of 400 bank employees, board members and some depositors will be the first to receive the cards. After a few months, the issuer will market the card through First Data and through word of mouth to attract more users, while those who have expiring cards also will receive the new CertiFlash versions, Olson says.
The logos of Fremont, CertiFlash and Visa will appear on the cards, while First Data or TransFirst of Denver, Colo., will install readers with CertiFlash chips embedded at the merchant sites.
About 200 merchants accept cards with a CertiFlash chip, but Fremont will approach another 500 or more that do business with the bank about adding CertiFlash to their terminals, Olson says.
The card will have a barely noticeable "small rise" to it where the chip is embedded, and the card reader at the merchant terminal will have a CertiFlash logo resembling a small antennae and the Visa logo.
"The challenge is to get more merchants accepting the cards," Olson says. "Once a merchant expresses interest, and based on what kind of equipment they are using, there is a potential that the bank will pay for the upgrade, and we view that as a way to help increase the number of merchants."
Olson likes the move to the contactless technology because the United States has been slow to embrace EMV chip-and-PIN cards and he views Near Field Communication technology as susceptible to security breaches.
Fremont is the second financial institution to use CertifFlash. JM Associates Federal Credit Union in Jacksonville, Fla., in December was the first to do so.
