Part 2 in our series, “A Primer in Digital Wallet Technology”
As discussed in Part 1 of this series, digital wallet usage is expected to rise dramatically in the near term, giving consumers a host of faster, more convenient payment options at checkout. While experts regard technologies such as Apple Pay, Samsung Pay and Android Pay as highly secure, there are added steps credit unions and their members can take to further protect account data.
Responding to Yellow Path Requests
Apple Pay remains the most widely used digital wallet today and has its own authentication process for tokens that credit unions need to understand. Here’s how it works:
When the cardholder adds a card to Apple Pay, both Apple and the network run the request through a number of risk parameters to ensure that the requester is indeed the valid owner of the card. This may include things like the user’s history in iTunes and address verification. If it passes, the card will be tokenized and enabled on the phone.
If, however, these checks fail, the cardholder will go into “yellow path” authentication, which requires the credit union to authenticate the cardholder.
As with other member requests, it is always best for your service and support staff to apply “out-of-wallet” authentication when provisioning a token. Questions such as “When did you make your last loan payment?” or “How long have you worked for your current employer?” cannot be answered with the information a fraudster might steal online or find in a physical wallet.
Cardholder Authentication with Samsung Pay and Android Pay
Unlike Apple, Samsung and Google usually do not have access to the depth of user information that the iTunes database provides. As a result, authenticating cardholders and provisioning tokens are manual processes that your credit will need to handle.
When a cardholder adds a card to Samsung Pay or Android Pay, he or she will be alerted to contact your service staff to provision the token. As with Apple Pay tokens, it is best to use out-of-wallet authentication, asking three or four questions that only the cardholder can answer.
Managing a Token’s Life Cycle
Across all three “Pays,” once the token request is authenticated, the credit union will then need to access what is known as the “life cycle management” portal to release the token and send it to the member. Provided by Visa and MasterCard, the life cycle management portal allows credit unions to manually change the status of a given token. A token can go through various changes during its life cycle, such as “Active,” “Suspended,” “Resumed” and “Deleted.”
As a general rule, credit unions should closely monitor all transactions originating from tokens provisioned, and especially from those that required call center authentication. Changes in transaction velocity and amounts, in particular, should be closely watched.
Best Practices for Members
Encouraging members to use digital checkout options such as Visa Checkout and MasterCard’s MasterPass can help secure card data as well. These tools allow members to input personal and account information one time – and then automatically apply this information to transactions conducted online or via a mobile device. This practice helps safeguard member data as it eliminates the need to type in sensitive information time and again with each merchant, making it more difficult for fraudsters to access it. Using Visa Checkout and MasterPass comes with an added perk – it qualifies users for exclusive promotional offers and discounts on future purchases.
Equipping members with a smartphone app for card controls and alerts can also prove instrumental in fighting card fraud. With these apps, a member can restrict card usage in a variety of ways, including by transaction type, amount, merchant and geographic area. Cards can also be turned on and off on-demand by the user for added security.
The “Pays” Are Here to Stay
Credit unions and their members only benefit from embracing the most advanced and secure technologies available. Toward that end, we recommend offering members at least one of the three industry-leading digital wallets – or ideally all of them if you have the service resources to support them.
There are many compelling reasons every credit union should take the leap into the digital wallet market today, but one stands out: It truly is the direction of the industry. In order for your credit union to demonstrate innovation and leadership – and to reach the coveted millennial population – you need to weave a “Pay” or two into your product mix.
Today’s consumer craves convenience, speed and flexibility – and the peace of mind that comes with knowing payment transactions are secure. Digital wallets help you give members all of this and more, and will position you well for the future of e- and m-commerce.
The original article Digital Wallets Are Secure – But You Can Do More to Keep Member Data Safe can be found on Insight Vault.
