Signature, PIN, or Otherwise – Who Really Gets to Decide?

By Dan Thompsons e e de ta i l s on pg 1

Product Update: Extra Awards® s e e de ta i l s on pg 3

To Stop a Thief s e e de ta i l s on pg 4

Domestic Fraud Watch s e e de ta i l s on pg 5

How to Report Fraud with DataNavigator s e e de ta i l s on pg 6

Update to DataNavigator s e e de ta i l s on pg 6

Quarterly Bulletin APRIL 2015

jhaPASSPORT™

CONTACTS

JHA Payment Processing Solutions® (PPS)Status Line: 866-428-7328

Adjustment DepartmentSupport Number: 800-299-4222

Fax: 281-894-3411

PPS Dispute Center (Visa/MC Issuers)Phone: 800-881-7488

Fax: 800-691-0419

Customer SupportBanksSupport Number: 800-299-4222

Level 1 Support Fax: 877-269-4220

Balancing Support Fax: 877-269-4210

For Cl ients Portal :

https:// forcl ients. jackhenry.com

Credit UnionsEpisys® Support Number: 888-796-4827

CruiseNet® Support Number: 800-299-4222

For Cl ients Portal :

www.symitar.com/forcl ients

jhaPassPort / / a p r i l 2015 1

Signature, PIN, or Otherwise – Who Really Gets to Decide?

by Dan Thompson, Customer Relationship Manager, Senior

Here’s a story you probably never expected to read – ready?

One of your cardholders picks up a variety of merchandise at a retailer and it totals $41.65. At the checkout counter, she reaches

for your financial institution’s debit card. This cardholder has been here many times, and knows to swipe the card, push “Cancel”

and select “Credit” on the terminal. Often she doesn’t even sign; just pockets the debit card and heads out the door with purchases

in hand.

Now it comes time to look at the home banking account. The cardholder gets home and checks the balance online, but notices

something strange. The purchase is deducted from the account, but it doesn’t look like similar purchases made in the past. It

appears to be a PIN-based transaction. She is confused, and worries that someone is using the account fraudulently. A frantic and

confused call is placed to you.

Do you know how to respond? Are you aware of what is really going on with this cardholder’s account? Has the PIN

been compromised?

Well, the scenario described above is unfortunately playing out at a handful of national retailers today. Debit issuers are fielding

calls from confused cardholders who state emphatically that they did not use their PIN, or they are convinced that someone has

gained access to their payment information and is using their account with a PIN to make illegitimate purchases.

In many cases, this is not fraud. It is in fact the result of the Durbin Amendment and the power it has given merchants to route

a transaction to the network of their choice. This is why you were required to place two unaffiliated debit networks on your

association brand, three-party debit card.

Last year, some networks announced availability (in beta) of PINless debit card transactions at the point of sale. In fact, one

network announced that all participants were required to offer PINless debit at eligible merchant categories for transactions

under $50, and signature for transactions over $50, including pre-authorization, purchase, and return transactions. The next phase

will expand support for PINless, no signature, as well as signature and no CVM (cardholder verification method), at all merchant

segments. It includes support for the traditional (Visa/MasterCard) dual message environment pre-authorization and settlement.

This will extend to card-present (POS) and card-not-present environments, as announced.

Is your mouth hanging open yet?

The impact of this development is going to be huge, in my opinion. Think about it – no longer will cardholders control how their

transactions are processed – whether they run through the traditional signature network (by pressing “Cancel” then “Credit”),

or through the PIN EFT network by punching in the PIN. The way the cardholder chooses to verify use of the card, called the

Cardholder Verification Method (CVM), no longer resides in their hands, but rather in the merchant’s. They may or may not be

1

jhaPassPort / / a p r i l 2015 2

>> Continued

asked for a PIN; they may or may not be asked to sign; and the transaction may or may not process through the EFT network or the

Visa/MasterCard network. No one knows for sure except the merchant, and as of today they are not disclosing to the cardholder

which path they are using to direct the transaction.

One implication to consider is rewards. If you positioned your debit card with a rewards program that only “pays” upon completion

of a traditional signature transaction, then the cardholder may or may not earn the full reward at the discretion of how the

merchant chooses to route the transaction. This is the power the Durbin Amendment has given to merchants.

Another consideration or implication involves interchange income. Generally speaking, traditional signature-routed traffic earns

a higher rate of interchange revenue for the issuer. PIN-directed traffic typically earns a smaller percentage. Now, the merchant

along with the EFT network may decide that no CVM is required and thus the issuer may be exposed to a higher risk transaction

without the offsetting premium in interchange revenue. You get the transaction, but you may also experience higher risk and

lower interchange.

One last consideration … what will happen to the common knowledge of Zero Liability when using Visa or MasterCard debit? You

have spent years hammering this into your cardholders’ heads. How will you now educate them that their transactions may or may

not qualify for Zero Liability, and that unfortunately the cardholder has zero control over it?

On a related note, compare and contrast the range of dispute rules available to you as an issuer under Visa or MasterCard’s

operating regulations versus your primary EFT network rules for dispute management.

There is a lot more to contemplate as this evolves, but I wanted to bring it to your attention. As if you didn’t have enough to worry

about, right?

2

Quarterly Network ReportingMasterCard®, Maestro®, Cirrus® – Reporting forms and instructions, based on your network membership(s), were emailed from

EFTNetworkAdministration@jackhenry.com to your institution on Friday, March 20, 2015 with reminders again on

Tuesday, March 31, 2015. The deadline to submit your quarterly report(s) for 1st quarter 2015 is Midnight CT on Friday, April 10, 2015.

PLUS®, Interlink® – Reporting forms and instructions were emailed from PPSquarterlyreporting@jackhenry.com to your

institution on Wednesday, March 25, 2015. The deadlines to submit your quarterly report(s) for 1st quarter 2015:

PLUS – Monday, April 6, 2015

Interlink – Wednesday, April 8, 2015

jhaPassPort / / a p r i l 2015 3

How to Make jhaPassPort™ Extra Awards® Go to Work for You

Some financial institutions offer a rewards program because cardholders ask for it and leave it at that. Other institutions take a creative, proactive approach and make loyalty awards pay off in a big way.

Always Something New

A common strategy for awards success is to keep the promotions changing. If you do something different every few months, you

are more likely to engage with cardholders. Below are suggestions to use rewards for maximum value.

It’s a good idea to have a new promotion each quarter. For example, take one quarter of each year and focus on a balance transfer

promotion. You can offer double or triple awards for transfers. Another quarter can be geared toward certain types of transactions,

such as using the card at a gas pump, or purchasing entertainment, travel, or whatever you want to emphasize. Again, make

offers of double or triple points for these transactions. It’s common to spotlight back-to-school purchases in the third quarter and

holiday gift spending in the fourth.

A great idea is to create a theme for promotions, such as sports, travel, pets, or fashion. These themes offer an opportunity to

use eye-catching images, and they can easily be translated to social media and presented as fun games or challenges. Other

successful campaigns:

• Entice inactive cardholders with points for changing to a rewards card.

• Provide extra points if cardholders reach a specified spending amount, such as $1,000 or $5,000.

• Offer an awards incentive for getting a new car loan, or any other activity you want to promote.

Rewards Get Measurable Results

When institutions start and promote a rewards program, the difference is apparent. The number of new cards and the amount

of interchange income changes dramatically. There is a large, documented difference in activation between awards and

non-rewards cards.

The critical part of success is knowing that you can’t just offer a rewards program and wait for it to work. Keep it fresh, keep it lively,

and rotate among promotions that target different types of spenders. Every cardholder you engage becomes more inclined to

keep and use your card.

If you have questions about Extra Awards or loyalty promotions, email us at tellmemore@jackhenry.com.

3

jhaPassPort / / a p r i l 2015 4

To Stop a Thief

This issue includes a grab bag of three topics for your consideration.

Bits and Pieces

After a data breach, you sometimes hear people say, “Well, only email addresses were stolen, and that’s not so bad,” or “They got

names but not passwords.” The fact is that a name, an email address, a phone number, a postal address; these are all pieces of a

puzzle that identifies you or your cardholders.

These bits of information are particularly helpful in creating phishing attacks. If someone has both an email and mailing address,

victims might be more inclined to think that their financial institution is trying to reach them. As always, train your cardholders to

put verification before trust in questionable communications.

Some Things Never Go Out of Fashion

Skimming is a good example of a trend that just won’t quit. Throughout 2014 and into 2015, this old favorite form of theft is as

popular as ever. Criminals are still putting card-reading attachments on top of the real readers on ATMs and gas pumps. People

are still looking over shoulders to spy on PIN numbers. People are still picking up credit cards and quickly passing them through a

pocket card reader when no one is looking.

Teaching your cardholders to always be on their guard is never out of style.

Most Common Ways Credit Card Data Are Stolen

Few people know more about credit card fraud than Brian Krebs of KrebsOnSecurity.com. In a January posting on his website,

he listed the most common ways a person will find his or her credit card compromised. Read the full article, which describes the

characteristics of each type of fraud and the chances of the cardholder learning exactly what happened. The top nine:

• Hacked main street merchant or restaurant

• Processor breach

• Hacked point-of-sale service company/vendor

• Hacked e-commerce merchant

• ATM or gas pump skimmer

• Dishonest employee

• Lost/stolen card

• Malware on consumer PC

• Physical record theft

Note the frequent appearance of breaches and hacks in this list, which are out of the control of your cardholder. They look to you

for protection. Stay alert and make smart use of Auto-Block rules to minimize damage.

Questions? Email us at tellmemore@jackhenry.com.

4

jhaPassPort / / a p r i l 2015 5

Domestic Fraud Watch

Each new day brings with it a new opportunity to fight fraud. Let’s fight it together.

The following information represents a brief recap of suspected or known fraudulent activity by state reported within the past

several months. Its intent is to inform and educate.

Nationwide/multi-state

Parking Garages: PA, IL, IA, WA; Bebe stores: Nov. 8th – Nov. 28th; One Stop Parking (airports)

eCommerce

Bigtreesolutions.com Jan 1st – Jan 13th; Idparts.com; bolderimage.com; shop.dutchbros.com Nov. 7th – Dec. 6th; C3Controls.com;

Book2Park.com

Join our monthly interactive WebEx sessions to learn and share information about the latest problems and solutions in the fight

against financial fraud. To register go to www.jha.webex.com, click on “Event Center” and look for “Fraud Today.” If you have any

questions contact John Larsen at 206-352-3419 or email at jlarsen@jackhenry.com.

5

• Vermont• Missouri• Virginia• Florida• Texas• California• Louisiana• Indiana• Arizona

Indicates a state with known or suspected fraud

jhaPassPort / / a p r i l 2015 6

Reporting MasterCard® and Visa® Fraud in DataNavigator

jhaPassPort™ has recently experienced an increasing number of incorrectly completed MasterCard and Visa fraud reporting cases in

DataNavigator. There is a two-part process for entering MasterCard and Visa fraud and both must be completed for the process to

work. The system is showing that some users are completing the first part of the process but not continuing on to the second.

Part 1 of the process includes a step called Create Unworked Fraud Advice Case.

Part 2 of the process includes two steps; completing the Fraud Reporting section, and selecting the Fraud Reason.

After completing both parts of the fraud reporting process, the user should have two batch numbers. When the user checks to

make sure the fraud process was completed, it will display Add Fraud Forwarded under the Current Case Stage column on the

Case Search Results screen. It is recommended that a user check this to make sure the fraud has been reported.

Detailed instructions for reporting fraud to MasterCard or Visa in DataNavigator can be obtained by selecting the appropriate link below.

MasterCard Visa

If you have any questions or would like additional information, please place a support call to jhaPassPort™ at 800-299-4222 or

open a case through the For Clients portal.

6

Updates to DataNavigator Cases for the Regional PIN Network Dispute Process

jhaPassPort™ would like to remind financial institutions that once a PIN dispute is successfully entered into DataNavigator for a

regional network (i.e. Pulse, NYCE, Shazam, STAR, MAC, etc.), do not go back into the case and try to make changes. If any updates

to the case are required, you must open a jSource case by contacting Customer Support. Changes made in DataNavigator to

regional PIN dispute cases after the initial "Create Case" submission are not tracked or reviewed by the dispute representative.

The jSource case ensures that the representative working the dispute is notified promptly of any changes so they can be entered

to the appropriate network in a timely manner. Financial institutions can contact Customer Support at 800-299-4222 or open a

case on the For Clients portal to update disputes (Regional PIN Networks) already submitted through DataNavigator.