Financial Services

A new comarketing agreement for MainStreet Technologies’ (MST) Loan Loss Analyzer product with Experian Decision Analytics’ Baker Hill Advisor® product will provide the banking industry with a comprehensive, automated loan-management offering. The combined products provide banks greater confidence for loan management and loan-pricing calculations. Experian Decision Analytics Baker Hill Advisor product supports banks’ commercial and small-business loan operations comprehensively, from procuring new loans through collections. MST’s Loan Loss Analyzer streamlines the estimation and documentation of the Allowance for Loan and Lease Losses (ALLL), the bank’s most critical quarterly calculation. The MST product automates the most acute processes required of community bankers in managing their commercial and small-business loan portfolios. Both systems are data-driven, configurable and designed to accommodate existing bank processes. The products already effectively work together for community banks of varying asset sizes, adding efficiencies and accuracy while addressing today’s increasingly complex regulatory requirements. “Experian’s Baker Hill Advisor product-development priorities have always been driven by our user community. Changes in regulatory and accounting requirements have our clients looking for a sophisticated ALLL system. Working with MainStreet, we can refer our clients to an industry-leading ALLL platform,” said John Watts, Experian Decision Analytics director of product management. “The sharing of data between our organizations creates an environment where strategic ALLL calculations are more robust and tactical lending decisions can be made with more confidence. It provides clients a complete service at every point within the organization.” “Bankers, including many using our Loan Loss Analyzer, have used Experian’s Baker Hill® software to manage their commercial loan programs for more than three decades,” said Dalton T. Sirmans, CEO and MST president. “Bankers who choose to implement Experian’s Baker Hill Advisor and the MST Loan Loss Analyzer will be automating their loan management, tracking, reporting and documentation in the most comprehensive, user-friendly and feature-rich manner available.” For more information on MainStreet Technologies, please visit http://www.mainstreet-tech.com/banking For more information on Baker Hill, visit http://ex.pn/BakerHill

By: John Robertson I began this blog series asking the question “How can banks offer such low rates?” Exploring the relationship of pricing in an environment where we have a normalized. I outlined a simplistic view of loan pricing as: + Interest Income + Non-Interest Income Cost of Funds Non-Interest Expense Risk Expense = Income before Tax Along those lines, I outlined how perplexing it is to think at some of these current levels, banks could possibly make any money. I suggested these offerings must be lost leaders with the anticipation of more business in the future or possibly, additional deposits to maintain a hold on the relationship over time. Or, I shudder to think, banks could be short funding the loans with the excess cash on their balance sheets. I did stumble across another possibility while proving out an old theory which was very revealing. The old theory stated by a professor many years ago was “Margins will continue to narrow…. Forever”. We’ve certainly seen that in the consumer world. In pursuit of proof to this theory I went to the trusty UBPR and looked at the net interest margin results from 2011 until today for two peer groups (insured commercial banks from $300 million to $1 billion and insured commercial banks greater the $3 billion). What I found was, in fact, margins have narrowed anywhere from 10 to 20 basis points for those two groups during that span even though non-interest expense stayed relatively flat. Not wanting to stop there, I started looking at one of the biggest players individually and found an interesting difference in their C&I portfolio. Their non-interest expense number was comparable to the others as well as their cost of funds but the swing component was non-interest income.  One line item on the UPBR’s income statement is Overhead (i.e. non-interest expense) minus non-interest income (NII). This bank had a strategic advantage when pricing there loans due to their fee income generation capabilities. They are not just looking at spread but contribution as well to ensure they meet their stated goals. So why do banks hesitate to ask for a fee if a customer wants a certain rate? Someone seems to have figured it out. Your thoughts?

By: Mike Horrocks A recent industry survey was published that called out the number one reason that lenders were dissatisfied or willing to go to another financial institution (and take their book of business with them) was not compensation.  While, compensation is often thought of as the number one driver for this kind of change in your bench of lenders, it had much more to do with being able to serve customers efficiently. One of the key reasons that lenders were unhappy was that they were in a workflow and decisioning process where the lender could not close loans on time, putting stress on the loan officer's relationships and destroying borrower confidence.  Thinking of my own experiences as a commercial lender, my interactions with the private bankers, branch managers, and lenders that served every kind of customer, I would absolutely have to agree with this study.  Nothing is more disheartening then working on bringing in a client, and then having the process not give me a response in the time that my clients are expecting or that the completion is achieving. Automation in the process is the key.  While lenders still will need to be engaged in the process and paying attention to the relationship, it can be significantly refocused to other parts of the business.  This leads to benefits such as: Protecting the back office and the consistence of booking and servicing loans. Ensuring that the risk appetite is consistent for the institution for every deal. Growing a portfolio of loans that can and will adhere to sound portfolio management techniques. So how is your process supporting lenders?  Are you automating to help in areas that give you a competitive advantage with robust credit scores, decision strategies or risk management solutions that are helping close deals quickly or are you requiring a process that is keeping them from bringing more customers (and profits) in the door? Henry Ford is credited to say, “Coming together is a beginning. Keeping together is progress. Working together is success.”   Take a closer look at your lending process.  Do you have the tools that help bring your lenders, your customers, and your organization together?  If you don’t you may be losing some of your best talent for loan production at a time when you can least afford it.

Cherian Abraham, our mobile commerce and payments consultant, recently wrote about the future of mobile banking in regards to the Apple Pay news out this week. The below article originally appeared in American Banker and is an edited version of his blog post. Editor's note: A version of this post originally appeared on Drop Labs. Depending on who you ask, the launch of Apple Pay was either exciting or uninspiring. The truth is far more complicated — particularly in terms of how it will impact the dynamics of Apple's relationship with banks. I would venture that most of the financial institutions on stage at the launch of Apple Pay earlier this week have mixed feelings about their partnership. They have had to sacrifice a lot of the room for negotiation that banks have retained with other wallet players such as Google Wallet and Softcard (the company formerly known as Isis). If you are an Apple Pay launch partner, having your credential or token on Apple Pay does not mean that you get to extend that credential into your own mobile banking app or wallet. For example, Bank A, with its credentials stored on Apple Pay, cannot leverage those credentials so that its own mobile banking app can use them to enable direct payments. Banks will have to accept that their credentials will be indefinitely locked to Apple Pay till deletion.  No bank wants its brand to be overshadowed by Apple, nor do banks want smartphone users to close their app and open up a different wallet to make a payment. But this was not up for debate with Apple, which wants to tightly control the payment experience. This should be a cause of concern for Apple Pay partner banks, for whom enabling payments outside of Apple Pay in iOS is now off the table. Banks' only hope of having an integrated payment experience is to focus on Android, which supports host card emulation technology. HCE uses software to emulate a contactless smart card and communicate with near-field communication readers. I would expect a lot of banks to revisit Android and HCE in upcoming months. That goes double for the institutions that were not chosen to partner with Apple, along with retailers who have not rejected contactless payments as a modality in stores. Given that Apple will reportedly collect fees from its partner banks when customers execute transactions on the mobile wallet, all banks should be thinking about ways that they can make their presence on other Apple offerings more lucrative. If I were them, I would begin segmenting customers who hold one of iTunes' 500 million active accounts to see which ones are affluent spenders and which cards have higher interest rates, then implement targeted customer incentive strategies to move Apple users to higher-rate cards. I would use the same tactic to convince customers to replace debit cards on file with iTunes with credit cards. But the big takeaway is that from here on out, banks can only gain incremental value from iOS. If they want to create a unified payment system that customers can use as part of their existing banking relationships, they'll have to focus on Android. Should that happen, I doubt that Apple could prevent such moves from diluting its merchant value proposition. But such moves on the part of issuers are hardly long-term strategies to incentivize frequent usage, merchant participation and overall customer value. Learn more about how Experian can help you with your mobile banking needs please visit: http://ex.pn/1t3zCSJ?INTCMP=DA_Blog_Post091214

by John P. Robertson, Senior Business Process Specialist As a Senior Business Process Specialist for the Experian Decision Analytics, John provides guidance to clients in the areas of profitability strategies for risk based pricing and relationship profitability. He assists banks in developing and implementing successful transitions for commercial lending that improve both the financial efficiency of the lending process and the productivity of the lending officers. John has 26 years of experience in the banking industry, with prior background in cash, treasury, and asset /liability management. For quite some time now, the banking industry has experienced a flat funding curve. Very small spreads have existed between the short and long term rates. Slowly, we have begun to see the onset of a normalized curve. At this writing, the five year FHLB Advance rate is about 2.00%. A simplistic view of loan pricing looks something like this: + Interest Income + Non-Interest Income - Cost of Funds - Non-Interest Expense - Risk Expense = Income before Tax The example is pretty simple and straight forward, “back of the napkin” kind of stuff. We back into a spread needed to reach breakeven on a five year fixed rate loan by using the UBPR (Uniform Bank Performance Report) national peer average for Non-Interest Expense of approximately 3.00%. You would need a pre-tax rate requirement of 5.00% before you consider the risk and before you make any money. If you tack on 1.00% for risk and some kind of return expectation, the rate requirement would put you around a 6.00% offering level. From a lender’s perspective, a 6.00% rate on a minimal risk five year fixed rate loan doesn’t exist. They might as well go home. CFO’s have been asking themselves, “What do we do with this excess cash? We get such a paltry spread. How can we put higher yielding loans on our books at today’s competitive rates? We’ve got plenty of capital even with the new regulation requirements so can we repo the securities and use the net spread for our cost of funds?” Leveraging the excess cash and securities in order to meet the pressing rate demands may be a way banks have been funding selective loans at such low rates on highly competitive, quality loan originations of size. But you have to wonder, what about that old adage, “You don’t short fund long term loans.” Won’t you eventually have to deal with compression and “margin squeeze”? Oh and by the way, aren’t you creating a mismatch in the balance sheet which requires explanation. Are they buying a swap to extend the maturity? If so, are they really making their targeted return? If this is what they are doing, why not just accept a lower return but one that is better than the securities? Share your thoughts with me.  

Online crooks are getting more sophisticated by the second. Nowadays, fraudsters have the ability to conduct “clean fraud,” obtaining legitimate identities of users from the black market or data breaches to compromise a victim’s card account. Malware, too, is becoming more sophisticated both in the mobile and non-mobile space. But how can organizations fight such high-level tactics in such a broad, complex space? John Sarreal, Senior Director of Product Management at 41st Parameter, an online fraud prevention player, sat down with PYMNTS after the recent release of the white paper “Surveillance, Staging, and the Fraud Lifecycle” to reveal the inner workings of a cyber criminal’s mind, what should be done before and after data is snatched, and which aspects of account takeover are the most overlooked and dangerous. Interview excerpts Take us through the mind of a cyber-criminal. What are the most sophisticated tactics used today to capture account information from corporate systems? JS: The amount of clean fraud that we see with our customers is unprecedented. By focusing on obtaining legitimate credentials and identities, fraudsters are more easily able to bypass traditional controls. This means that fraud tools need to adapt and gather additional attributes to augment their fraud screening. Although the techniques they’re using now to obtain these credentials are increasingly sophisticated, the MOs are still rooted in basic phishing and social engineering attacks. Fraudsters will use identity information obtained from the black market or data breaches to conduct very convincing phishing attacks to reveal everything that is needed to compromise a victim’s card account. There’s also increasing sophistication in the use of malware to steal sensitive credentials in both the mobile and non-mobile arena. In Android, for example, Google recently passed a vulnerability that allows sophisticated malware to impersonate digital certificate signing authorities. This vulnerability allowed the malware to install itself on a mobile device without any user notification or intervention – obviously, a very dangerous attack. Link to the podcast and transcript here.

Every prospecting list needs to be filtered by your organizations specific credit risk threshold.  Whether you’re developing a campaign targeting super-prime, sub-prime, or consumers who fall somewhere in between, an effective credit risk model needs to do two things: 1) accurately represent a consumer’s risk level and 2) expand the scoreable population. The newly redeveloped VantageScore® credit score does both. With the VantageScore® credit score, you get a scoring model that’s calibrated to post-recession consumer behavior, as well the ability to score nearly 35 million additional consumers - consumers who are typically excluded from most marketing lists because they are invisible to older legacy models. Nearly a third of those newly-scoreable consumers are near-prime and prime. However, if your market is emerging to sub-prime consumers - you’ve found the mother-load! Delinquency isn’t the only risk to contend with. Bankruptcies can mean high losses for your organization at any risk level.  Traditional credit risk models are not calibrated to specifically look for behavior that predicts future bankruptcies. Experian's Bankruptcy PLUS filters out high bankruptcy risk from your list.  Using Bankruptcy PLUS you’re able to bring down your overall risk while removing as few people as possible. My next post looks into ways to identify profitable consumers in your list.   For more see: Four steps to creating the ideal prospecting list.

At Experian, we frequently get asked by clients how they can get bigger mailing list that open new markets and reach more people. But bigger isn’t necessarily better, and it doesn’t always translate to a higher return on your marketing investment. Instead of just increasing volume, let’s consider a different, more focused approach - using the latest in analytic tools and scores.  This approach relies on effective pre-screening to create the ideal prospecting lists based on your business objective. We’ve identified four key steps to building a prescreen list of your ideal prospects: Optimize risk selection Find the most profitable consumers Target customers who need or want your products Design the right offer In the next post, Optimal Risk Selection,  I’ll dig deeper into each step and present some tools and scores that can help meet the objective of each.      

By: Teri Tassara “Do more with less” is a pervasive and familiar mantra nowadays as lenders seek to make smarter and more precise lending decisions while expertly balancing growth objectives and tightened budgets.  And lest we forget, banks must also consider the latest regulations and increased regulatory scrutiny from the industry’s governing bodies - such as OCC and CFPB. Nowadays, with the extensive application of predictive analytics in everyday lending practices, it makes sense to look to analytics to fine tune decision-making and achieve a greater return on investment in three common growth objectives for bankcard acquisitions: Profitable growth - How do I find the most profitable acquisition targets?  How do I know the borrowing characteristic of each consumer?  Are they high spend or high income?  Do they carry a balance but always make timely payments? Universe expansion - How many more consumers are there that meet my lending criteria? How can I effectively reach them? Customer experience - How do I offer the right product to the right customer? How do I communicate to my customers that I understand their lending needs? To that end, growth objectives vary by lender; as such, so should their bankcard acquisitions analytical toolkit. The analytical toolkit arsenal should enable lenders to develop refined bankcard campaign strategies based on their specific objectives. Look for upcoming posts on the essential components of the bankcard acquisitions analytical toolkit.  

By: Mike Horrocks The Wall Street Journal just recently posted an article that mentioned the cost of the financial regulations for some of the largest banks.  Within the article it is staggering to see the cost of the financial crisis and also to see how so much of this could have been minimized by sound banking practices, adoption to technology, etc.  As a former commercial banker and as I talk with associates in the banking industry, I know that there are more causes to point at for the crisis then there are fingers…but that is not the purpose of my blog today. My point is the same thing I ask my teenage boys when they get in trouble, “Now, what are you going to do to fix it?” Here are a couple of ideas that I want to share with the banking industry.  Each bank and market you are going after is a bit unique; however think about these this week and what you could do. It is about the customer – the channel is just how you touch that customer.  Every day you hear the branch office is dead and that mobile is the next wave.  And yes, if I was a betting man, I would clearly say mobile is the way to go. But if you don’t do it right, you will drive customers away just as fast (check out the stats from a Google mobile banking study).    At the end of the day, make sure you are where your customers want to be (and yes for some that could even be a branch). Trust is king.  The Beatles may have said that “All You Need Is Love”, but in banking it is all about trust.  Will my transaction go thru? Will my account be safe? Will I be able to do all that I need to do on this mobile phone and still be safe since it also has Angry Birds on it?  If your customer cannot trust you to do what they feel are simple things, then they will walk.  You have to protect your customers, as they try to do business with you and others. Regulations are here to stay.  It pains me to say it, but this is going to be a truth for a long while.  Banks need to make sure they check the box, stay safe, and then get on to doing what they do best – identify and manage risk.  No bank will win the war for shareholder attention because they internally can answer the regulators better than the competition.  When you are dealing with complicated issues like  CCAR, Basel II or III, or any other item, working with professionals can help you stay on track. This last point represents a huge challenge for banks as the number of regulations imposed on financial institutions has grown significantly over the past five years. On top that the level of complexity behind each regulation is high, requiring in-depth knowledge to implement and comply. Lenders have to understand all the complexity of these regulations so they can find the balance to meet compliance obligations. At the same time they need to identify profitable business opportunities.     Make sure to read our Comply whitepaper to gain more insight on regulations affecting financial institutions and how you can prepare your business.  A little brainstorming and a single action toward each of these in the next 90 days will make a difference.  So now, what are you going to do to fix it?

Are you sure you are making the best consumer credit decisions? Given the constantly evolving market conditions, it is a challenge to keep informed. In order to confidently grow and manage the bottom line, organizations need to avoid these four basic risks of making credit decisions with limited trend visibility. Competitive Risk - With limited visibility to industry trends, organizations cannot understand their position relative to peers. Product Risk - Organizations without access to the latest consumer behaviors cannot identify and capitalize on emerging trends. Market Risk - Decisions suffer when made without considering market trends in the context of the economy. Resource Risk - Extracting useful insights from vast market data requires abundant resources and comprehensive expertise. Get more information on the business risks of navigating credit decisions with limited trend visibility.

By: Mike Horrocks Living just outside of Indianapolis, I can tell you that the month of May is all about "The Greatest Spectacle in Racing", the Indy 500.  The four horsemen of the apocalypse could be in town, but if those horses are not sponsored by Andretti Racing or Pennzoil – forget about it.  This year the race was a close one, with three-time Indy 500 winner, Helio Castroneves, losing by .06 of a second.  It doesn’t get much closer. So looking back, there are some great lessons from Helio that I want to share with auto lenders: You have to come out strong and with a well-oiled machine.  Castroneves lead the race with no contest for 38 laps.  You cannot do that without a great car and team.   So ask yourself - are you handling your auto lending with the solution that has the ability to lead the market or are you having to go to the pits often, just to keep pace? You need to stay ahead of the pack until the end.  Castroneves will be the first to admit that his car was not giving him all the power he wanted in the 196th lap.  Now remember there are only 200 laps in the race, so with only four laps to go, that is not a good time to have a hiccup.  If your lending strategy hasn't changed "since the first lap", you could have the same problem getting across the the finish line?  Take time to make sure your automated scoring approach is valid, question your existing processes, and consider getting an outside look from leaders in the industry to make sure your are still firing on all cylinders. Time kills.  Castroneves lost by .06 seconds.   That .06 of a second means he was denied access into a very select club of four time winners.  That .06 of a second means he does not get to drink that coveted glass of milk.  If your solution is not providing your customers with the fastest and best credit offers, how many deals are you losing?  What exclusive club of top auto lenders are you being denied access to? Second place is no fun. If you're Castroneves, there's no substitute for finishing first at the Indianapolis Motor Speedway.  Likewise, in today’s market, there is more need than ever to be the Winner’s Circle.  Take a pit stop and check out your lending process and see how you're performing against your competitors and in the spirit of the race – “Ladies and gentlemen, start your engines!”  

Both Visa and MasterCard announced their support for Host Card Emulation (HCE) and their intent to release HCE specifications soon. I have been talking about HCE from late 2012 (partly due to my involvement with SimplyTapp) and you could read as to why HCE matter and what Android KitKat-HCE announcement meant for payments. But in light of the network certification announcements yesterday, this post is an attempt to provide some perspective on what the Visa/MasterCard moves mean, how do their approaches differ in certifying payments using cloud hosted credentials, what should issuers expect from a device and terminal support perspective, why retailers should take note of the debate around HCE and ultimately – the role I expect Google to continue to play around HCE. All good stuff. First, what do the Visa/MasterCard announcements mean? It means that it’s time for banks and other issuers to stop looking for directions. The network announcements around HCE specifications provide the clarity required by issuers to meaningfully invest in mobile contactless provisioning and payment. Further, it removes some of the unfavorable economics inherited from a secure element-centric model, who were forced to default to credit cards with higher interchange in the wallet. Renting space on the secure element cost a pretty penny and that is without taking operational costs in to consideration, and as an issuer if you are starting in the red out of the gate, you were not about to put a Durbin controlled debit card in the wallet. But those compulsions go with the wind now, as you are no longer weighed down by these costs and complexities on day one. And further, the door is open for retailers with private label programs or gift cards to also look at this route with a lot more interest. And they are. MasterCard mentioned bank pilots around HCE in its press release, but MCX is hardly the only retailer payment initiative in town. Let me leave it at that. How do the Visa/MasterCard specs differ? From the press releases, some of those differences are evident – but I believe they will coalesce at some point in the future. MasterCard’s approach speaks to mobile contact-less as the only payment modality, whereas Visa refers to augmenting the PayWave standard with QR and in-app payments in the future. Both approaches refer to payment tokens (single or multi-use) and one can expect them to work together with cloud provisioned card profiles, to secure the payment transaction and verify transactional integrity. To MasterCard’s benefit – it has given much thought to ensuring that these steps – provisioning the card profile, issuing payment tokens et al – are invisible to the consumer and therefore refrains from adding undue friction. I am a purist at heart – and I go back to the first iteration of Google Wallet – where all I had to do to pay was turn on the screen and place the device on the till. That is the simplicity to beat for any issuer or retailer payment experiences when using contactless. Otherwise, they are better off ripping out the point-of-sale altogether. MasterCard’s details also makes a reference to a PIN. The PIN will not be verified offline as it would have been if a Secure Element would have been present in the device, rather – it would be verified online which tells me that an incorrect PIN if input would be used to create an “incorrect cryptogram” which would be rejected upstream. Now I am conflicted using a PIN at the point of sale for anything – to me it is but a Band-Aid, it reflects the inability to reduce fraud without introducing friction. Visa so far seems to be intentionally light on details around mandating a PIN, and I believe not forcing one would be the correct approach – as you wouldn’t want to constrain issuers to entering a PIN as means to do authentication, and instead should have laid down the requirements but left it to the market to decide what would suffice – PIN, biometrics et al. Again – I hope these specs will continue to evolve and move towards a more amenable view towards customer authentication. Where do we stand with device and terminal support? All of this is mute if there are not enough devices that support NFC and specifically – Android KitKat. But if you consider Samsung devices by themselves (which is all one should consider for Android) they control over 30% of the NA market – 44.1 million devices sold in 2013 alone. Lion share of those devices support NFC out of the box – including Galaxy Note II and 3, Galaxy S3 and S4 – and their variants mini, Active, Xoom et al. And still, the disparity in their approach to secure elements, continuing lack of availability in standards and Android support – Tap and Pay was largely a dream. What was also worrisome is that 3 months after the launch of Android KitKat – it still struggles under 2% in device distribution. That being said, things are expected to get markedly better for Samsung devices at least. Samsung has noted that 14 of its newer devices will receive KitKat. These devices include all the NFC phones I have listed above. Carriers must follow through quickly (tongue firmly in cheek) to deliver on this promise before customers with old S3 devices see their contracts expire and move to a competitor (iPhone 6?). Though there was always speculation as to whether an MNO will reject HCE as part of the Android distribution, I see that as highly unlikely. Even carriers know a dead horse when they see one, and Isis’s current model is anything but one. Maybe Isis will move to embrace HCE. And then there is the issue of merchant terminals. When a large block of merchants are invested in upending the role of networks in the payment value chain – that intent ripples far and wide in the payments ecosystem. Though it’s a given that merchants of all sizes can expect to re-terminalize in the next couple of years to chip & pin (with contactless under the hood) – it is still the prerogative of the merchant as to whether the contactless capability is left turned on or off. And if merchants toe Best Buy’s strategy in how it opted to turn it off store-wide, then that limits the utility of an NFC wallet. And why wouldn’t they? Merchants have always viewed “Accept all cards” to also mean “Accept all cards despite the form factor” and believes that contactless could come to occupy a higher interchange tier in the future – as questions around fraud risk are sufficiently answered by the device in real-time. This fear is though largely unsubstantiated, as networks have not indicated that they could come to view mobile contact-less as being a “Card Present Plus” category that charges more. But in the absence of any real assurances, fear, uncertainty and doubt runs rampant. But what could a retailer do with HCE? If re-terminalization is certain, then retailers could do much to explore how to leverage it to close the gap with their customer. Private label credit, closed loop are viable alternatives that can be now carried over contactless – and if previously retailers were cut out of the equation due to heavy costs and complexity for provisioning cards to phones, they have none of those limitations now. A merchant could now fold in a closed loop product (like a gift card) in to their mobile app – and accept those payments over contact-less without resorting to clunky QR or barcode schemes. There is a lot of potential in the closed loop space with HCE, that Retailers are ignoring due to a “scorched earth” approach towards contactless. But smarter merchants are asking ‘how’. Finally, what about Google? Google deserves much praise for finally including HCE in Android and paving the way for brands to recognize the opportunity and certify the approach. That being said, Google has no unequal advantage with HCE. In fact, Google has little to do with HCE going forward, despite GoogleWallet utilization of HCE in the future. I would say – HCE has as much to do with Google going forward, as Amazon’s Kindle Fire has to do with Android. Banks and Retailers have to now decide what this means for them – and view HCE as separate to Google – and embrace it if they believe it has potential to incent their brands to remain top of wallet, and top of mind for the consumer. It is a level playing field, finally. Where do you go next? Indeed – there is a lot to take in – starting with HCE’s role, where it fit in to your payment strategy, impact and differences in Visa/MasterCard approaches, weaving all of these in to your mobile assets while not compromising on customer experience. Clarity and context is key and we can help with both. Reach out to us for a conversation. HCE is a means to an end – freeing you from the costs and complexities of leveraging contactless infrastructure to deliver an end-to-end mobile experience, but there is still the question of how your business should evolve to cater to the needs of your customers in the mobile channel. Payment is after all, just one piece of the puzzle.

By: Matt Sifferlen On January 17th, we celebrated the 308th birthday of one of America's most famous founding fathers, Ben Franklin. I've been a lifelong fan of his after reading his biography while in middle school, and each year when his birthday rolls around I'm inspired to research him a bit more since there is always something new to learn about his many meaningful contributions to this great nation. I find Ben a true inspiration for his capacity for knowledge, investigation, innovation, and of course for his many witty and memorable quotes.  I think Ben would have been an exceptional blogger back in his day, raising the bar even higher for Seth Godin (one of my personal favorites) and other uber bloggers of today.  And as a product manager, I highly respect Ben's lifelong devotion to improving society by finding practical solutions to complex problems.  Upon a closer examination of many of Ben's quotes, I now feel that Ben was also a pioneer in providing useful lessons in commercial fraud prevention. Below is just a small sampling of what I mean. “An ounce of prevention is worth a pound of cure” - Preventing commercial fraud before it happens is the key to saving your organization's profits and reputation from harmful damage. If you're focused on detecting fraud after the fact, you've already lost. “By failing to prepare, you are preparing to fail.” - Despite the high costs associated with commercial fraud losses, many organizations don't have a process in place to prevent it.  This is primarily due to the fact that commercial fraud happens at a much lower frequency than consumer fraud.  Are you one of those businesses that thinks "it'll never happen to me?" “When the well’s dry, we know the worth of water.” - So you didn't follow the advice of the first two quotes, and now you're feeling the pain and embarrassment that accompanies commercial fraud.  Have you learned your lesson yet? “After crosses and losses, men grow humbler and wiser.” Ah, no lender likes losses. Nothing like a little scar tissue from "bad deals" related to fraud to remind you of decisions and processes that need to be improved in order to avoid history repeating itself. “Honesty is the best policy.” - Lots of businesses stumble on this part, failing to communicate when they've been compromised by fraud or failing to describe the true scope of the damage.  Be honest (quickly!) and set expectations about what you're doing to limit the damage and prevent similar instances in the future. “Life’s tragedy is that we get old too soon and wise too late.” - Being too late is a big concern when it comes to fraud prevention. It's impossible to prevent 100% of all fraud, but that shouldn't stop you from making sure that you have adequate preventive processes in place at your organization. “Never leave that till tomorrow which you can do today.” - Get a plan together now to deal with fraud scenarios that your business might be exposed to.  Data breaches, online fraud and identity theft rates are higher than they've ever been.  Shame on those businesses that aren't getting prepared now. “Beer is living proof that God loves us and wants us to be happy.” - I highly doubt Ben actually said this, but some Internet sites attribute it to him.  If you already follow all of his advice above, then maybe you can reward yourself with a nice pale ale of your choice! So Ben can not only be considered the "First American," but he can also be considered one of the first fraud prevention visionaries.  Guess we'll need to add one more thing to his long list of accomplishments!    

In the days following the Target breach, both clarity and objectivity are in short supply. Everything that didn’t already exist became suddenly the cure-all – EMV being one. Retailers bristle, albeit in private – due to the asymmetry in blame they have come to share compared to banks – despite having equal ownership of the mess they have come to call payments. Issuers and Schemes scramble to find an empty deck chair on the Titanic, just to get a better view of the first of the lifeboats capsizing. Analogies aside, we may never fully eliminate breaches. Given an infinite amount of computing power and equal parts human gullibility – whether its via brute forcing encryption systems or through social engineering – a breach is only a matter of time. But we can shorten the half-life of what is stolen. And ensure that we are alerted when breaches occur – as fraudsters take care to leave little trace behind. Yet today our antiquated payments system offer up far too many attack vectors to a fraudster, that the sophistication in attempts of the likes of what we saw at Target, is the exception and not the norm. But are the retailers absolved of any responsibility? Hardly. Questions from a breach: According to Target, malware was found on Target’s PoS – presumably pushed by unauthorized outsiders or via compromised insiders. If so, how is it that unauthorized code managed to find its way to all or most of its PoS terminals? Could this have been uncovered by performing a binary or checksum comparison first, to ensure that files or packages are not tampered with, before they are deployed to the Point-of-Sale? Such a step could have certainly limited the attack vectors to a small group of people with administrative access – who would have the need to handle keys and checksums. Further, depending on the level of privilege accorded to every binary that gets deployed to the point of sale – Target could have prevented an unauthorized or remotely installed program from performing sensitive functions such as reading consumer data – either in transit or in RAM. That said – I am not sure if PoS manufacturers provide for such layered approach towards granting access and execution privileges to code that is deployed to their systems. If not, it should. Where DOES EMV come in? EMV helps to verify the card – indisputably. Beyond that, it offers no protection to either the consumer or the merchant. The risk of EMV, and it’s infallibility in the eyes of its true believers, is that it can lull the general public in to a sense of false security – much like what we have now under Reg E and Reg Z. With EMV, PAN and PIN continues to be passed in the clear, unencrypted. Retailers could deploy EMV terminals and still be riddled like cheese by fraudsters who can siphon off PANs in transit. Fraudsters who may find it nearly impossible to create counterfeit cards, instead will migrate online where inadequate fraud mitigation tools prevail – and those inadequacies will force both banks and retailers to be heavy handed when it comes to determining online fraud. Friction or Fraud should not be the only two choices. Solving Card Not Present Fraud: There are no silver bullets to solve Card Not Present fraud. Even with EMV Chip/Pin, there is an opportunity to put a different 16 digit PAN on the front of the card versus the one that is on the magstripe/chip. (I am told that Amex does this for its Chip/pin cards.) The advantage is that a fraudster using a fraudulently obtained PAN from the chip for an e-commerce purchase will standout to an card issuer compared to the legit customer using a different PAN on the front of the card for all her e-commerce purchases. This maybe one low tech way to address CNP fraud alongside of an EMV rollout. But if asking a consumer to enter his Zipcode or show his ID was enough for retail purchases, there exists equivalent friction-bound processes online. Authentication services like 3-D Secure are fraught with friction, and unfairly penalize the customer and indirectly – the retailer and issuer, for its blind attribution of trust in a user provided password or a token or a smart card reader. Where it may (in some cases) undeniably verifies consumer presence, it also overwhelms – and a customer who is frustrated with a multi-step verification will simply shop somewhere else or use Paypal instead. Ever had to input your Credit Card Verification code (CVV2 or CVC2) on an Amazon purchase? Me neither. Fraud in connected commerce: As connected devices outnumber us, there needs to be an approach that expands the notion of identity to look beyond the consumer and start including the device. At the core, that is what solutions like 41st Parameter – an Experian company, focuses on – which enables device attributes to collectively construct a more sophisticated indicator of fraud in an e-commerce transaction – using 100 or so anonymous device attributes. Further it allows for more nuanced policies for retailers and issuers, to mitigate fraud by not only looking at the consumer or device information in isolation – but in combination with transactional attributes. As a result, retailers and issuers can employ a frictionless, smarter, and more adaptive fraud mitigation strategy that relies less on what could be easily spoofed by a fraudster and more on what can be derived or implied. If you want to know more why this is a more sensible approach to fighting fraud, you should go here to read more about 41st Parameter. Remnants from a breach: Even though the material impact to Target is still being quantified, little doubt remains as to the harm done to its reputation. Target RED card remains largely unaffected, yet it is but a fleeting comfort. Though some, thus had been quick to call decoupled debit a more secure product, those claims choose to ignore the lack of any real consumer protection that is offered alongside of these products. Though Reg E and Reg Z have been largely instrumental in building consumer trust in credit and debit cards, they have also encouraged general public to care less about fraud and credit card security. And this affects more than any other – MCX, whose charter calls for reduction of payment acceptance costs first, and to whom – decoupled debit offered a tantalizing low cost alternative to credit. But when it launches this year, and plans to ask each customer to waive protections offered by Reg E and Reg Z and opt for ACH instead – those consumers will find that choice harder to stomach. Without offering consumers something equivalent, MCX Retailers will find it exceedingly difficult to convince customers to switch. Consumer loyalty to retailer brands was once given as the reason for creating a retailer friendly payment backbone, but with Target’s reputation in tatters – that is hardly something one can bank on these days – pun intended. Where does this leave us? To be completed…   This blog post was originally featured at: http://www.droplabs.co/?p=964