Pub. 4 2016 Issue 2

17 Winter 2016 The Community Banker Q&A with Tracey San- tor, CPCU, AFSB, AIC, bond product manager, financial institutions, Travelers Bond & Specialty Insurance Q: Community banks are hearing more and more about EMV technology, can you explain its emergence? A: More and more payment card issuers are opting to min- imize the risk they bear from potential fraud by utilizing EMV technology. EMV (named after Europay, MasterCard and Visa, the col- laborative team that developed the technology) involves smart- chip technology that embeds a microprocessor chip into the payment card itself and creates a dynamic authentication code for each POS transaction. The individualized code prevents the fraudster from relying on the information gleaned from the card’s magnetic strip alone and places a new impediment in the fraudster’s path; an impediment meaningful only if the merchant processing the fraudulent transaction utilizes EMV technology. Additionally, EMV technology relies upon the use of either a PIN or signature in conjunction with the micro- processor to create a secondary layer of authentication (known as Chip and PIN or Chip and Signature). Q: Are Community banks going to be mandated to use this technology? A: Unlike other countries mandating migration to EMV technology, the U.S. has estab- lished a voluntary scheme that enables an individual merchant both to assess the costs and benefits of implementing the technology and the ability to choose whether to participate. However, because of new legislation, merchants that became EMV-compliant by October 1, 2015, shift the risk of fraudulent activity for POS transactions to the card issuers. If the merchant elects not to comply, however, it may share in, or in fact bear entirely, that liability risk. This has proven to be great motivation for card issuers, like community banks, to move to Chip cards. Q: EMV technology might carry its own risk. Can you explain? A: Yes, in reviewing the histo- ry of other countries who have made the switch, EMV technol- ogy has led to increased fraud- ulent activities in ecommerce and telephone transactions – or the so-called Card Not Present (“CNP”) transactions. Q: What does that mean for community banks and credit unions? A: Community banks and credit unions are at risk of be- ing targets for CNP fraud, even after instituting EMV cards. However, there are numerous measures available to mitigate the risk attendant to fraudulent payment card transactions including CNP transactions. Q: What measures can we take to protect against CNP fraud? A: CNP transactions re- quire creative approaches to authentication because the merchant does not have access to the card and cardholder for the transaction. The industry has developed a litany of au- thentication methods, but has advocated for the use of three particular approaches: • CAP/DPA: The Chip Authentication Program for MasterCard and the Dynamic Passcode Authentication for Visa use microprocessor and payment applications to generate a readable cryptogram • 3D Secure: A tool that payment networks support where the card issuer determines whether the transac- tion will require a static or one-time password based on the card issu- er’s preferences and the level of risk it assigns to the transaction • Tokenization: Digital payment tokens replace traditional customer account numbers for ecommerce and mobile transactions Q: Where can I learn more? A: In addition to insurance coverage that can help offset the impact of computer fraud risks, Travelers offers numerous educational resources, such as insightful loss-control articles and tips. Learn more here. EMV TECHNOLOGY—WHAT YOU NEED TO KNOW By Tracey Santor,Travelers Bond & Specialty Insurance