-
The U.N.'s credit union is enjoying big success with EMV compliant cards. Meanwhile, a new international card crime wave puts more pressure on U.S. banks to offer chip-and-PIN cards, which most of the world considers more secure than magnetic stripe.
July 15
Chris Olson doesn't count himself among EMV's detractors or evangelists. "It's a lot like Beta or VHS, you don't really know how it's going to turn out," says Fremont Bank's COO on the question of whether EMV cards (debit or credit cards embedded with a computer chip that meets the standard named for creators Europay, MasterCard and Visa), magnetic stripe cards or some other kind of point-of-sale plastic will dominate the U.S. card market in the future.
Some financial institutions, such as U.N. Federal Credit Union and Silicon Valley Bank, have invested in chip card technology to meet the needs of customers who want their bank cards to work during international travels; EMV is the dominant card standard in Europe. But since Fremont Bank doesn't have a lot of frequent travelers to Europe or Asia on its client roster, the $2.5 billion East Bay-based bank is taking a different approach to point of sale card security.
Fremont is deploying CertiFlash contactless chips to upgrade security over magnetic stripe payments. But it's still bumping into a lot of the same hurdles that EMV faces in making inroads inside the United States; namely, getting merchants to investment in new terminals that accept the new technology.
"There are only 150 merchants participating [after about two weeks since the CertiFlash chip cards went public]," says Olson, noting the bank has a merchant network of about 700. "I'm prudent enough to know that merchants are struggling right now."
While the software uploads are free, the new terminals merchants have to purchase to process CertiFlash payments cost up to $300 per machine. To wage the adoption battle, the bank is telling merchants they will not incur charges for any glitches, fraud or other issues with payments. "If merchants upgrade their equipment, they avoid having any liability on that transaction," says Olson.
Getting merchants to use CertiFlash is worth it to Fremont. During the first six months of 2011, claims of losses on debit card transactions rose by 70 percent over 2010, with a 55 percent increase in dollar amounts. "The number of losses is increasing, and if we can get all merchants to accept CertiFlash, it would be a much safer environment," Olsen says.
There are also security and intangible financial benefits for merchants, whose vulnerability has been exposed by recent incidents such as the recent skimming attacks at Michaels Stores.
"If you have a one-time card number and not the real information, it's very helpful in combating skimming. Also the merchant doesn't have to store real data for customers, which would be hugely helpful with PCI compliance [not storing customer data would lighten merchants' compliance burden]," says Zilvinas Bareisis, a senior analyst at Celent.
CertiFlash uses a chip from First Data unit Star that's embedded in a debit card and a merchant terminal that uses one-off numbers to verify transactions.
The difference between CertiFlash and EMV is contact. RFID-enabled CertiFlash chips are contactless and can communicate with payment terminals from a distance of a few centimeters, where EMV cards have to actually make contact with terminals.
Also, CertiFlash's underlying technology is more robust, utilizing a greater amount of customer data on the card itself that can be potentially used for push marketing. "The future is you get off BART, and the [transit] reader says you are three doors down from a merchant where you can get a discount," Olson says.
Olson says Fremont has not adopted EMV right now because there hasn't been much merchant adoption in the U.S. and the bank's customers aren't interested. "Fremont Bank is a baby boomer bank. We don't get a lot of customers who travel a lot," Olson says. "The need for EMV is not there for us."
