Spotlight on Service - February 2015

News You Need to Succeed
FEBRUARY 2015
What’s Inside
SHAZAM’s 2015 Forum������������������������������������������������������������������������������������������2
Omnichannel Consumers are Big Spenders�����������������������������������������������������������3
Millennials + Community FIs = A Natural Fit�����������������������������������������������������������4
Celebrate Your AAPs on Feb. 10������������������������������������������������������������������������������6
Be ‘In the Know’ with SHAZAM’s EMV Roadmap������������������������������������������������������7
Reduce Residency Fees by Cleaning Up Your Card Database���������������������������������8
Tokenization 101: The Cardholder Experience������������������������������������������������������10
Updated Falcon Matrix Boosts Your Protection�����������������������������������������������������11
Less is More When Reporting Fraud���������������������������������������������������������������������12
New PCI Guides Address Your Security Challenges�����������������������������������������������13
Cash Advance Scam Tricks Tellers�������������������������������������������������������������������������14
Whom Will Hackers Target Next?���������������������������������������������������������������������������15
How to Identify Internet PIN Transactions�������������������������������������������������������������16
SHAZAM Training��������������������������������������������������������������������������������������������������18
‘Cozy Up to Rewards’ Winners������������������������������������������������������������������������������19
SHAZAM’s 2015 Forum
APRIL 7 – 9, 2015 | DOWNTOWN MARRIOTT HOTEL | DES MOINES, IA
SUCCESS IS SPELLED Y.O.U.
Follow Lee Griffin as he guides you through
success via the power of you. Learn how to
get results, grow your leadership potential
and better understand the needs of your
customers. The power is in you.
BREAKOUT SESSIONS CAN’T BE MISSED!
SHAZAM’s 2015 Forum has it all: nationally known speakers,
industry updates and informative breakout sessions. Each
session is offered twice on April 8, so you won’t have to
miss your favorite topics. They include: What’s Happening
at SHAZAM: Products and Services, eBanking 4.0: Well
Beyond Transfers and BillPay, Success is Spelled Y.O.U. and
Dominance, Extroversion, Patience and Formality — What Does
This Have to Do With Anything?
WHAT’S HAPPENING AT SHAZAM:
PRODUCTS AND SERVICES
Get the latest scoop on SHAZAM’s initiatives and
enhancements from Manish Nathwani and Scott Green.
This session will look at SHAZAM’s major accomplishments
and what’s ahead for the next fiscal year. Don’t miss this
informative session that will help you plan and manage
your electronic payments portfolio.
DOMINANCE, EXTROVERSION,
PATIENCE AND FORMALITY –
WHAT DOES THIS HAVE TO DO
WITH ANYTHING?
Jackie Rolow delves into why market-leading
organizations are increasingly applying
analytical methodologies to understand and
optimize their biggest single competitive
advantage – their people. The ability to
use data-driven, scientifically validated
methodologies to evaluate candidates,
organize teams and develop employees
gives you unprecedented confidence and
accuracy in the selection and development
of the individuals you depend on to make
your company successful. Attend this
session on the Predictive Index and learn
how it can help you get the right people in
the right roles within your organization.

REGISTER TODAY!
REGISTRATION
Visit www.shazam.net/forum to register
IS NOW
OPEN!
and learn more about SHAZAM’s 2015 Forum.
REGISTER EARLY AND SAVE MONEY
Register for SHAZAM’s 2015 Forum by January 31, 2015, and
receive a discounted rate of $200 for the first person and
$75 for each additional person from your institution. After
January 31, 2015, registration will be $275 for the first person
and $100 for each additional person from your institution.
REGISTRATION DETAILS
EARLY BIRD
One person
Additional person*
REGULAR
THROUGH 1.31.15
AFTER 1.31.15
$200
$75
$275
$100
*From the same financial institution
Spotlight on Service
2
Products and Services
Omnichannel Consumers are Big Spenders
Smartphones are becoming increasingly ubiquitous, and
many — if not most — consumers don’t leave home without
theirs. Likewise, consumers are more often turning to these
convenient, ever-present devices to conduct banking and
other business, as well as to make purchases.
A recent Javelin Strategy report found more than half (51
percent) of mobile U.S. consumers purchased physical
goods via their smartphones in 2014. That number is up
from just 14 percent in 2009. The report, “Mobile Wallets
Analysis and Strategy: How The Game Changes With Apple
Pay,” also predicted mobile payments will increase from
roughly $3 billion in 2013 to $53 billion over the next four
years.
As these stats point out, from smartphones to desktops
to in-store visits, we are entering an omnichannel world
in which consumers seek an omnichannel experience. In
this new environment, there’s a certain amount of risk as
financial institutions choosing to put a heavy investment in
one channel may miss the untapped potential of another.
This is what makes omnichannel banking so valuable.
It allows the entire financial industry to make the most
of every technology-driven behavioral change as it
takes place. Additionally, research shows omnichannel
consumers are bigger spenders than their multichannel
counterparts. In fact, according to IDC Retail Insights,
omnichannel consumers spend between 15 percent and
30 percent more than those who only use one channel.
Consumers want to have a seamless experience with a
brand regardless of whether they’re buying online or instore. Each piece of the consumers’ banking experience
should be consistent and complementary. It’s important for
community financial institutions to be aware of this as they
build out their mobile banking and payments strategies.
By Dan Kramer
Senior Vice President
of Marketing and Merchant Services
This article was
featured on the
SHAZAM Network Blog
on Jan. 14, 2015.
Check out our latest posts on SHAZAM news,
industry insights and more. The blog is updated
several times each week, so you can always find
something new to read!
Spotlight on Service
3
Products and Services
Millennials + Community FIs = A Natural Fit
Did you know that nearly 60 percent
of millennials would rather meet
the president of a local financial
institution who just approved a loan
to finally start their dream business
than meet the president of the United
States?
Or, did you know that a quarter of
millennials earn at least part of their
income from a small business they
own or have a stake in? Of the rest,
41 percent desire to start their own
business and many plan to do so
within two years.
These interesting findings and more
come from a recent study by the
Independent Community Bankers of
America (ICBA).
The ICBA cites the nearly 80 million
millennials (ages 19–37) as a key
demographic because they tend to
have dramatically different banking
habits compared with Generation X,
baby boomers and matures. Adapting
to their wants and needs is crucial to
earning their business.
Some differences include:
• Seventy-four percent of
millennials say mobile banking is
very important to them. This is 75
percent greater than the number
of baby boomers (ages 50–68)
with the same answer.
• Twenty-four percent of millennials
report carrying less than $5 every
day of the week.
74% of millennials say mobile banking is very important to them.
Recommended Strategies
Based on the ICBA findings, there’s
a natural fit between millennials and
the characteristics of community
financial institutions.
The ICBA recommends the following
strategies to attract and retain this
important demographic.
Create an Entrepreneur Advisory
Board
Millennials are the generation that
most wants and intends to start a
business. Creating an entrepreneur
advisory board that includes
millennials is a tangible step to
demonstrate you actively engage,
influence and take advice from local
businesses.
Make Them Feel like VIPs
Millennials reacted the strongest
when asked if they feel that financial
institutions treat people like a
number.
Here are a few ways to showcase
how you treat each customer as an
individual, valued customer:
• Introduce new millennial
customers to three employees so
they’re familiar with the team and
not just the person who opened
their first account.
– Continued on next page
Spotlight on Service
4
Products and Services
Millennials – Continued from previous page
• Ask millennials how they’d like
to be contacted. This might
include text messaging rather
than the more traditional email
or voicemail.
• Invite millennials as guests to
exclusive events they otherwise
might not be able to attend,
such as festivals, sporting events,
fashion shows and non-profit
fundraisers.
Adapt to Their Communication
Profile
Millennials are highly visual
learners and communicators. This
is underscored by the fact that they
naturally communicate through
screens, such as smartphone or
tablet screens. Here are a few
strategies to communicate with
millennials that align with their
preferences:
• Tell your institution’s story visually.
Instead of presenting your story
online in multiple paragraphs,
turn it into representative pictures
or a short, fast-paced video that
engages millennials to “see” why
you’re different and important in
the community.
• Present information on a screen
rather than a brochure, printed
handout or solely in conversation.
C o m m u n i t y F I s M o s t Tru s t e d
With community financial institutions being known for personal service
and low costs, it’s no surprise they’re the most trusted.
In a recent Harris Poll, more than 50 percent of all respondents said
the following factors have the biggest effect on their satisfaction with
financial institutions:
• Personal experience
• Quality of products and
services
• Quality of customer care
• Amount and number of fees
charged
• Willingness to work with
customers in time of need
SHAZAM prides itself on offering quality products and services for free or
at the lowest possible cost. This allows community financial institutions to
compete with larger institutions.
To find out how SHAZAM can help you grow your business,
contact your SHAZAM account executive today!
• Instead of providing a traditional
business card, offer to connect
via LinkedIn® or provide your
contact information to them via
text or email.
For More Information
Read the ICBA’s whitepaper, “The
2014 ICBA American Millennials
and Community Banking Study:
Unexpected Findings from the Fastest
Growing Generation in Banking,” for
more tips on working with millennials!
Spotlight on Service
5
Products and Services
Celebrate Your AAPs on Feb. 10
Congratulations!
Five professionals in the SHAZAM, Inc. ACH
Association region achieved the AAP designation for
the first time in 2014. SHAZAM congratulates the
following people for their achievement:
There are more than 4,000 Accredited Automated Clearing
House (ACH) Professionals (AAPs) in the U.S. today, and
they’re considered the “crème de la crème” of payments
professionals.
• Tina Hanks
Bridge Community Bank, Mechanicsville, Iowa
Having an AAP on staff reinforces that your organization is
at the forefront of changes and updates to the ACH rules,
as well as federal and state payments industry regulations.
• Skylar Kelsey
Collins Community Credit Union, Cedar Rapids,
Iowa
To raise awareness and highlight the importance of the
AAP accreditation, NACHA — The Electronic Payments
Association® and the regional payments associations will
celebrate National AAP Recognition Day on Feb. 10, 2015.
• Kimberly Shacklett
Lee County Bank & Trust NA, Fort Madison, Iowa
This annual event aims to bring a higher profile to this
significant achievement among payments professionals.
On AAP Recognition Day, a U.S. flag will be flown above the
Capitol building in Washington, D.C., in recognition of all
AAPs. The flag will then be awarded to one lucky recipient
at the annual AAP reception at NACHA’s PAYMENTS 2015
conference.
• Michelle Hardisty
Iowa Bankers Association, Johnston, Iowa
• Jeffrey Wolf
Northwest Bank, Spencer, Iowa
SHAZAM recognizes the contributions AAPs make to
ensure the ACH network is safe and secure. Please join us
in recognizing them on Feb. 10.
Spotlight on Service
6
Cards
Be ‘In the Know’ with
SHAZAM’s EMV Roadmap
As our account executives visit
financial institutions to talk about
EMV® and the technology changes
within the payments industry, they’ve
been hearing a lot of the same
questions:
• When can we order chip cards?
• When can our ATMs begin
accepting chip-and-PIN
transactions?
• When will your EMV validation
services be available?
Good news! We’ve answered these
questions and more in our
SHAZAM Network EMV Roadmap.
In the roadmap, we’ve outlined
everything our network will support
through third-quarter 2015.
We’ll continually update the roadmap
as additional EMV support dates are
known.
Other Resources
For More Information
And don’t forget, the EMV Products
& Services page in SHAZAM Access
puts educational resources at your
fingertips at all times. Be sure to visit
it often!
Throughout our history, SHAZAM has
focused solely on your success and
we’ll continue to do so! We hope
our EMV roadmap and educational
resources help you plan your EMV
strategy and support dates. If you
have any questions, please contact
your SHAZAM account executive.
Spotlight on Service
7
Cards
Reduce Residency Fees by
Cleaning Up Your Card Database
It’s the beginning of a new year and a good time to
take stock of your card database at SHAZAM. We
recommend keeping your card database up to date
by deleting old or expired card authorization file (CAF)
records and plastics records that are no longer used.
A well-maintained card database benefits you in three
ways:
1. Allows more accurate card counts for
MasterCard® and Visa® reporting
2. Reflects the cards you actually have in
circulation today
3. Results in reduced residency fees
In the sections below, you’ll learn what each part of the
card record is for and how to maintain it.
Plastics Records
Plastics information in the card database is all about the
card order.
Plastics records contain the cardholder’s name, mailing
address, Social Security number (SSN) and telephone
number; the image ID (for SHAZAM myPic Studio®); the
number of reissue months; the expiration date; and the
current card status, so we’ll know whether to reissue the
card.
Plastics records that have been deleted will still appear
in SHAZAM Access, but they won’t be reissued. Once the
card has been expired without reissuance or deleted for
24 months, the record will be purged from SHAZAM Access
automatically.
Please Note: Primary account numbers (PANs) with a
hot-card status will not reissue, regardless of the plastics
record status.
CAF Records
When we talk about cleaning up your card database, the
CAF record is our primary concern. The CAF record is what
makes the card work for positive file financial institutions.
It contains the PAN, card status, deposit limits, withdrawal
limits, last activity date, last maintenance date and more.
The CAF remains in SHAZAM Access until you delete it, no
matter the card’s status. SHAZAM doesn’t automatically
purge CAF records. For cards that have a hot status,
SHAZAM recommends you wait until the card has expired
before deleting.
While SHAZAM will retain a hot status until the CAF is
deleted, MasterCard only retains the hot status for 180
days. This is only important if/when MasterCard stands in.
MasterCard recommends hot-carding the card every 180
days until expiration; however, this isn’t required.
Please Note: Visa deletes the record based on the purge
date entered when the card is hot-carded. If no purge date
is entered, the purge date will default to one year.
– Continued on next page
Spotlight on Service
8
Cards
Database – Continued from previous page
Tools to Maintain Your CAF Records
Tool
Description
How to Use
Availability
Positive/Negative
File Report
This report contains all your CAF
information in an easy-to-use
Microsoft® Excel® spreadsheet.
Use this report to find
all cards with a hot or
deleted status.
To request this report, complete the
Plastics Database and Positive/
Negative Report Request form
(#514) and fax it to SHAZAM client
support at 515-558-7610 or call
client support at 800-537-5427
(options 3, 4). This report is free
once per year.
SHAZAM
Warning Bulletin
(SCD010)
This report lists the following
information:
Use this report to
regularly monitor for
expired hot cards and
delete them as they
arise.
Available daily in the SHAZAM
Access Files SETL folder.
• Debit cards reported as lost
or stolen and the warning
notice regions each card is
listed in, if applicable
• Number of cards for each
action code
• Number of cards listed in
multiple regions
• Foreign (non-SHAZAM)
networks to which the hotcard record was reported
Plastics
Reissuance
(CM250-R)
Report
This report identifies expiring
plastics.
Use this report as a
reminder to delete any
expired cards that are
no longer active.
The report is available on the eighth
day of each month and remains
on the system for 21 days. You
can find this report in the SHAZAM
Access Files SETL folder.
Mass
maintenance
request
SHAZAM deletes old/expired
cards on your behalf.
Use it to clean your
card database without
impacting your staff.
To request this, call client support
at 800-537-5427 (options 3, 4).
Fees vary.
For More Information
If you have any questions about the maintenance tools available and how to use them, please call SHAZAM client support
at 800-537-5427 (option 3) or submit a service request online using SHAZAM® Web Rep.
Spotlight on Service
9
Cards
Tokenization 101:
The Cardholder Experience
In the January issue of Spotlight on
Service, we discussed tokenization,
how this emerging payments
technology works and our upcoming
support of the Apple Pay™ service.
Now our focus is cardholders.
How will this technology impact
cardholders?
Enrollment Experience
When enrolling in Apple Pay, the
cardholder will have to provide card
information, either from his or her
Apple® iTunes® account or from a
different card. This will be done as
part of the “add card” process in
Apple Passbook®.
The PAN
This is where tokenization takes
place. Tokenization protects card data
by substituting the primary account
number (PAN) with a different number
— a token — automatically generated
by the token service provider. The
token is usually the same length and
format as the real PAN, so it appears
no different.
The advantage of tokenization is
that a cardholder’s real PAN is never
stored on the merchant’s system. If
the merchant’s system is breached,
it’s the token that’s compromised.
The token can be easily replaced
without requiring card reissuance.
This minimizes inconvenience to the
cardholder and protects the issuer
and merchant from card compromise
costs associated with reissuance.
The Purchase
Making a purchase is easy. The
cardholder simply waves his or
her phone close to a near field
communication (NFC)-enabled pointof-sale (POS) terminal while holding
a finger on the iPhone 6 “Home”
button for authentication. The phone
transfers the token to the terminal,
and the rest of the transaction
proceeds as normal.
Cardholder Education
The sales receipt may show the last
four digits of the token instead of the
real PAN. Remember, this is because
the PAN was replaced with randomly
generated values. You may need to
educate cardholders on this to avoid
confusion in attributing receipts to
the card used for a transaction.
Another topic for cardholder
education is plastics reissuance. At
reissuance, the cardholder may have
to delete the expired card’s token and
add the reissued card’s information
into the service to create a new
token. We’ll explain more on this as
the implementation time nears.
For More Information
The sales receipt may
show the last four digits
of the token instead
of the real PAN. You
may need to educate
cardholders on this
to avoid confusion.
The payments industry is everevolving with new technologies to
support and new information to
communicate. We’re here for you,
and it’s our mission to provide the
educational assistance you need. If
you have any questions, please email
[email protected].
Spotlight on Service
10
Fraud and Risk Management
Updated Falcon Matrix
Boosts Your Protection
SHAZAM’s fraud operations team is
always looking for ways to deter the
bad guys and reduce fraud losses!
Recent testing showed that by
updating the Decision Block Matrix
for FICO® Falcon® Fraud Manager, we
could block and prevent more fraud
without affecting valid activity.
So, we updated the matrix
(shown at right) on Jan. 6, 2015.
The Falcon user guide has also been
updated to reflect the change.
Updated Matrix
Decision
Temporary
card block
Fraud Score
Transaction Amount
Transaction Origin
950–999
Any amount
Any origin
Any amount
Foreign
More than $150
Domestic
More than $300
Domestic
More than $150
Foreign
900–949
700–899
Our Process
SHAZAM fraud specialists review each
case as it’s created by Falcon. If we
can’t reach the cardholder or it’s after
hours, we may place a temporary
card block (TCB) to halt subsequent
authorizations. We use the Decision
Block Matrix to determine whether a
case qualifies for a TCB based on the
fraud score, the transaction amount
and the transaction origin.
We also incorporate the matrix into
our case management rules. If a
case’s activity meets TCB criteria, it’s
prioritized to the case queue we work
first, since it represents the most risk
to you.
Additionally, all of our Falcon
specialty rules qualify for a TCB
regardless of whether they meet the
above criteria. You can find a list of
all specialty rules in the Fraud Watch
section of SHAZAM Access.
For More Information
If you have any questions, please
call SHAZAM fraud operations at
800-537-5427, ext. 2899.
Spotlight on Service
11
Fraud and Risk Management
Less is More When Reporting Fraud
Save yourself time and effort by skipping a step!
When submitting an exception
request in SHAZAM Access to report
fraud only, please remember you
shouldn’t attach any documentation,
as SHAZAM doesn’t need it and it
could delay reporting.
If SHAZAM receives attachments for a
fraud-only submission, it could delay
the reporting because SHAZAM fraud
operations may need to contact you
to confirm that no action is required
besides fraud reporting.
Please remember this rule of thumb:
Fraud only = no attachments. It’s that
simple!
Changing to a Chargeback
If you report fraud only and later want
to change it to a chargeback request,
simply access the previous fraud-only
form and attach a minimum of two
items:
• A letter stating you want to
change your request from fraud
only to fraud-related chargeback
• A cardholder dispute letter and/
or documents to support the
chargeback
For More Information
For detailed instructions on
submitting exception requests,
please view Initiating Exceptions for
Signature-based Transactions Online
in SHAZAM Resource.
If you have any questions, please
call SHAZAM client support at
800-537-5427 (options 4, 3) or
submit a service request online using
SHAZAM® Web Rep.
Remember this rule
of thumb: Fraud only
= no attachments.
Spotlight on Service
12
Fraud and Risk Management
New PCI Guides Address
Your Security Challenges
Data security has become a moving target
as cybercriminals continue to develop
new ways to steal customer records.
To help issuers, acquirers, processors
and merchants address these security
challenges, the Payment Card Industry
Security Standards Council (PCI SSC) has
released six new documents.
Mobile Payment Acceptance Security
Guidelines for Merchants as
End-Users and Developers
These guidelines describe how to protect
a merchant’s mobile payment application
and securely accept payments on a
mobile device. This includes information
on how to protect mobile devices from
malware and jail-breaking, prevent
unauthorized access and detect loss
or theft.
These guides provide you with in-depth
information to help prevent skimming,
safeguard against mobile and third-party
attacks, train employees about information
security and more!
Third-Party Security Assurance
Document Summaries and Links
This guidance identifies necessary factors for an
organization’s third-party assurance program, including:
Skimming Prevention: Best Practices for Merchants
This document can help merchants:
• Third-party service provider due diligence
• Service correlation to PCI DSS requirements
• Be aware of the physical and logical risks relating to
skimming
• Written agreements, policies and procedures
• Be aware of the weaknesses inherent in point-of-sale
(POS) terminals and terminal networks
• Monitoring third-party service provider compliance
status
• Know the vulnerabilities associated with staff having
access to consumer payment devices
Best Practices for Implementing a Security
Awareness Program
• Prevent or deter criminal attacks against POS
terminals and terminal networks
Often, the biggest security risk to an organization isn’t a
weakness in technology, but the actions or inaction of its
employees. This document outlines the components of
an effective information security awareness program and
how awareness training may change as access to the
cardholder data environment increases.
• Identify and report compromised terminals as soon
as possible to minimize the impact of an attack
Best Practices for Maintaining PCI DSS Compliance
Merchant and service provider compliance with the PCI
Data Security Standards (DSS) has steadily increased
since requirements were introduced in 2006. However,
many organizations still struggle to maintain full
compliance the year following a successful review.
This document provides tips for staying compliant year
after year.
For More Information
The PCI SSC is responsible for the development,
management, education and awareness of payment
security standards and guidelines. Visit the
PCI SSC website for additional resources.
Spotlight on Service
13
Fraud and Risk Management
Cash Advance Scam Tricks Tellers
Beware of a scam in which a
cardholder tricks a financial
institution into processing a
manual cash advance using a
phony authorization. This scam has
been around for a few years and
periodically resurfaces in different
areas.
How It Works
A fraudster enters a financial
institution and requests a cash
advance from a teller. In reported
cases, the fraudster is a stylish, wellspoken woman who drives a newermodel car.
The fraudster gives the teller a
toll-free telephone number to call,
reportedly for the issuing financial
institution. Or, she makes the call
on her cellphone and hands the
cellphone to the teller.
The teller processes the cash
advance as a key-entered transaction,
believing there’s been a manual
authorization. However, the teller
hasn’t been talking to a financial
institution, but rather a second
fraudster involved in the scam.
The cards being used in this scam
are typically already canceled due
to other fraudulent activity. But since
the card isn’t swiped, the financial
institution doesn’t realize it until the
cash advance is charged back as
unauthorized.
Prevention
To prevent your financial institution
from becoming a victim of this scam,
please follow these tips:
• Train your tellers to swipe all
cash advances for a valid
authorization. If the swipe
attempt shows a decline,
the transaction shouldn’t be
processed.
• If the card swipe results in an
error message other than a
decline, it can be key-entered.
However, the authorization
shouldn’t be obtained by taking
a call or calling a telephone
number provided by the
cardholder. In addition, to protect
your institution from chargebacks,
you must be able to prove card
presence by entering the CVV2
or CVC2 for key-entered cash
advances.
If the swipe attempt
shows a decline, the
transaction shouldn't
be processed.
• As long as proper authorization
methods are used — including
the ability to provide a signed,
imprinted sales receipt and
evidence of a valid authorization
— your institution can’t be held
liable for the transaction.
• Immediately contact your local
police if you think your institution
is being targeted for this scam.
For More Information
If you have any questions, please
call SHAZAM fraud operations at
800-537-5427, ext. 2899.
Spotlight on Service
14
Fraud and Risk Management
Whom Will Hackers Target Next?
The answer might surprise you.
We keep hearing about the latest
corporate breach responsible for
millions of dollars in fraud losses.
From point-of-sale (POS) breaches
and stolen card data to hijacked login
credentials and identity theft, the list
goes on and on.
News reports tend to focus on
incidents at well-known companies
where millions of credit cards, patient
records or other pieces of personally
identifiable information (PII) are
stolen. It may seem the bad guys
only go after large companies with
big payoffs, but in reality, individuals
What Can I Do?
To help prevent a hacking attempt, follow the tips found in these recent
Spotlight on Service articles:
• September 2014 — 10 Tips to Thwart Phishing Attempts
• October 2014 — 4 Password Tips to Fend Off Hackers;
10 Fixes for Remote Access Flaws
• November 2014 — Can Old-School Measures Fight High-Tech
Malware? (Yes!)
• January 2015 — 20 Questions to Assess Your Cybersecurity Risk
like you are their primary target!
The truth is, most hacking incidents
begin by exploiting individuals.
According to reports, the starting
point for the recent Home Depot®
breach was the compromise of one
person’s username and password at
a third-party service provider.
The thieves used the stolen
credentials to infiltrate Home Depot’s
networks and steal data that can be
used for fraud and phishing attacks,
including an estimated 56 million
payment cards and 53 million email
addresses.
How Can It Happen?
An organization’s greatest weakness
can be employees logged in to
its network. Employees can be
compromised at work or while
traveling, in a hotel or airport, working
at a public wireless location such as
a coffee shop or even when logging in
from home.
As an employee, you may click a
malicious link, visit a compromised
website or answer a spam email that
leads to an attack. A hacker could
also use your account as a stepping
stone to gain access to other
organizations or to attack your friends
and family members.
Why Me?
Cybercriminals greatly value what’s
available through your computer,
including credit card data, financial
information, account credentials,
medical history, identity information
and access to others.
Criminals can use your information
to break into your accounts or set up
new accounts to commit fraud. They
can also use your computer to hack
into other computers, launch denialof-service attacks or distribute spam.
Protect yourself and your institution
by first being aware that you’re always
the target. Never assume it can’t
happen to you.
Identify Weaknesses
SHAZAM Secure® can perform
security assessments and social
engineering testing to see where you
might be vulnerable to an attack. To
learn more about our IT compliance
and testing services, please call
Tom Quist, SHAZAM Secure account
executive, at 800-537-5427,
ext. 4370.
For More Information
If you have any questions, please
contact Jay Lohmann, SHAZAM
security engineer, at 800-537-5427,
ext. 4211.
Spotlight on Service
15
SHAZAM Access
How to Identify Internet PIN Transactions
In 2010, SHAZAM started Internet PIN debit processing
with Acculynk’s PaySecure® product. But do you know
how these transactions work or how to identify them in
SHAZAM Access? If not, check out the overview below.
What Is It?
Internet PIN debit allows merchants to process PIN-based
debit transactions securely through their websites. The
cardholder enters his or her PIN into a secure, onscreen
PIN pad that scrambles each time a number is entered.
Cardholders have extra peace of mind knowing their online
transactions are protected by the debit PIN only they know.
Tra n s a c t i o n F l o w
During an Internet PIN transaction:
1. The cardholder visits a participating merchant’s
website to make a purchase.
2. He or she enters and submits card information
on the checkout screen.
3. A small, graphical, “floating” PIN pad — similar
to a physical point-of-sale (POS) PIN pad —
appears onscreen and prompts the cardholder
to enter a PIN.
4. If the cardholder chooses to enter a PIN, the PIN
is encrypted and the transaction is routed as a
PIN transaction.
If the cardholder chooses not to enter a PIN:
• Debit card — The cardholder simply selects
Cancel, and the transaction is routed as a
signature transaction.
• ATM card — The cardholder is asked to
select a new payment type.
A transaction demo is available on the PaySecure
website.
Identifying In SHAZAM Access
Internet Transaction Indicator
The Internet transaction indicator at the top of SHAZAM
Access Transaction Detail will display “Y” to note an
Internet transaction. PIN debit transactions are identified
by the transaction description “Purchase from checking.”
PAN Entry Mode
The primary account number (PAN) entry mode indicates
the actual method used to enter the cardholder’s account
number into a terminal. SHAZAM reports the PAN entry
mode in the Issuer Information section of SHAZAM Access
Transaction Detail. PAN entry mode 81 indicates an
e-commerce transaction.
PIN Capture Capability Code
The PIN Capture Capability Code will display as follows in
SHAZAM Access Transaction Detail:
Code
Description
S
Floating PIN pad capable of accepting a
4–12-digit PIN
T
Interactive voice response (IVR) device
capable of accepting a 4–12-digit PIN
1
Unknown (includes PULSE® networkoriginated Internet PIN transactions)
– Continued on next page
Spotlight on Service
16
SHAZAM Access
Internet PIN – Continued from previous page
Participation
Merchants
Issuers
The Where to Shop Web page points cardholders to
merchants enrolled in the PaySecure Internet PIN product.
PaySecure is enabled on more than 3,000 shopping
websites in the U.S.
All SHAZAM issuers with eligible bank identification
numbers (BINs) are required to accept Internet PIN
transactions. It’s possible some of your BINs are eligible
while other BINs are ineligible. All of your eligible BINs are
automatically enrolled to participate.
A BIN is ineligible if its PIN verification process depends
on the presence of all Track 2 data. Track 2 data isn’t
read during Internet PIN transactions and other card-notpresent transactions.
If you have a merchant that may be interested in
processing Internet PIN debit transactions, please contact
Sandra Chesnutt, Acculynk’s vice president of marketing, at
678-894-7013.
For More Information
If you have any questions on Internet PIN debit, please call
SHAZAM client support at 800-537-5427 (option 2) or
submit a service request online using SHAZAM® Web Rep.
Spotlight on Service
17
Training
SHAZAM Training
SHAZAM Lost and Stolen Cards Webinar
Feb. 10: 9:30–11 a.m. CT
Feb. 19: 1:30–3 p.m. CT
Description: Help protect your institution from potential
financial losses resulting from lost or stolen cards. In this
webinar, you’ll learn what to do when a cardholder reports
a card lost or stolen. We’ll also cover when you should
hot-card or delete the card record, what fees are involved
and what reports you can review to monitor the hot-card
process.
February 2015
Sun
Mon
Tue
Wed
Thu
Fri
Sat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
March 2015
SHAZAM Debit Card Fraud Webinar
March 10: 9:30–11:30 a.m. CT
March 19: 1:30–3:30 p.m. CT
Description: Learn how to effectively manage and
mitigate your fraud risk using the many fraud prevention
and detection services available from SHAZAM. With
the knowledge you gain from this webinar, you’ll be able
to prevent, identify and recover fraud losses for your
organization.
SHAZAM Debit Card and ATM Operations
Regional Seminar
Sun
Mon
Tue
Wed
Thu
Fri
Sat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
For more details on training events, visit our Training Solutions page.
March 25: Bloomington, Minnesota
Embassy Suites, Minneapolis - Airport
7901 34th Ave. S.
952-854-1000
Description: Learn everything you need to know about
your ATM card, debit card and ATM programs. Topics
include settlement and related reports, prefunding,
the authorization process, PIN-based adjustments and
disputes, lost and stolen cards, captured card rules,
monthly reporting and billing, SHAZAM Access and recent
product developments.
Spotlight on Service
18
Debit Rewards Winners
‘Cozy Up to Rewards’ Winners
December Winners
• Amanda T. of Fort Deposit, Alabama
(First Citizens Bank, Luverne, Alabama)
• Jesse H. of Devalls Bluff, Arkansas
(Farmers & Merchants Bank, Stuttgart, Arkansas)
• Jeremy M. of Waukee, Iowa
(First American Bank, Des Moines, Iowa)
Congratulations to our grand prize winner, Bo S. of Alamo,
Tennessee. Bo won a $500 North Face® gift card in our
“Cozy Up to Rewards” Debit Rewards campaign, which ran
October–December 2014. Bo is a customer of Foundation
Bank in McKenzie, Tennessee.
We’d also like to congratulate our December monthly
winners, who each received a $50 Starbucks® gift card.
Do you want one of your customers to be a lucky
winner? Call SHAZAM marketing communications
at 800-537-5427, ext. 4160, or email
SHAZAM Debit Rewards to learn more.
• Chad S. of Chaseburg, Wisconsin
(Westby Co-Op Credit Union, Westby, Wisconsin)
• Pamela P. of Redwood Falls, Minnesota
(HomeTown Bank, Redwood Falls, Minnesota)
• Caitlin F. of Milledgeville, Illinois
(First State Bank Shannon-Polo, Shannon,
Illinois)
• Bea I. of Berwick, Illinois
(Raritan State Bank, Raritan, Illinois)
• Ryan V. of Cambridge, Illinois
(BankORION, Orion, Illinois)
About the Newsletter
Contacts
SHAZAM, Inc.
6700 Pioneer Parkway
Johnston, IA 50131
Web | Blog | Twitter
Client support
Call 800-537-5427 or submit
a service request in SHAZAM® Web Rep.
Fax numbers
Chargebacks
Customer Implementation & Support
Fraud operations
Merchant services
515-558-7614
800-267-0549
515-558-7616
515-558-7612
Spotlight on Service, winner of 13
awards of publication excellence,
provides you with information on
the electronic funds transfer (EFT)
industry. It’s not a definitive analysis
of the subjects discussed and is
not an alternative to the requirements of any regulatory
agency.
To join the Spotlight on Service subscription list, send
us your name, account number and email address. We
also welcome your questions or comments about the
newsletter.
Spotlight on Service
19