Expert Payments Advisors - NASCUS Seucrity Presentation (Reymann).pdf · Expert Payments Advisors 1129 20th Street, ... • Marketing support - ... General Purpose Reloadable Prepaid

Expert Payments Advisors

1129 20th Street, Northwest | Suite 300 | Washington, DC 20036 | 202-721-9120 | www.mcgovernsmithadvisors.com

“Payments Sleeper Risk”

November 13, 2014

2

• Financial industry regulatory expert

• Co-author of Gramm-Leach-Bliley

Act (GLBA), Data Protection

Regulation

• 28+ years compliance & risk

experience (13 with Department of

Treasury in D.C.)

• Visionary behind outsourced

management compliance products &

services

Paul Reymann

Partner, McGovern Smith Advisors

Payments system risk come from regulations, technology, cyber criminals,

fraudsters, consumers, 3rd party vendors, merchants, competition, & innovation.

Payments Sleeper Risk

Consumer Compliance;

Strategic; Financial; IT;

Info Sec; Reputation

Security

Regulations

Technology

Strategic

Operational

Reputation

Card Act

AML

Durbin

Overdraft

UDAAP

Reg. E

Disclosures

Op Choke Pt.

EMV

APPs

SmartPhones

Mobile Money

Credit Cards

Debit Cards

Prepaid Cards

Innovation

Apple Pay

3rd Party Processors

Program Managers

Merchants

Silo Back Office Ops.

Enhanced Training

Fraud

Cyber Crimes

EMV & Tokenization

Open Source Code

Merchant Breaches

Consider your payments strategy:

Revenue growth.

Build one branch or build a national solution.

EMV is coming, but Swipe continues.

SmartPhones reaching critical mass.

Understand your customers’ needs.

Analyze customer transaction data.

Security will always be paramount.

Vendor management is the next frontier of efficiency.

4

Innovation vs. Fast-follower Strategy

Understanding Success Factors

5

A Prepaid Card Example

• Fees

• No load vs Reloadable (i.e., type of reload)

• Other factors (e.g., alerts, email, OD)

Life of a Card?

• Gender

• Nationality

• Age & Education Levels

Socio-demographic?

• Direct Deposit (21X/mo.)

• Monthly fee (17X/mo.)

• Over Draft (23X/mo.)

Transaction Frequency?

Source: FRB of Kansas City.

“General Purpose Reloadable Prepaid Cards: Penetration,

Use, Fees and Fraud Risks” (Feb 2014)

6

Credit Card Sales Volume

Growth Exceeds Debit Volume

Credit Card Profitability

“After Tax Income”

2010 1.8%

2011 4.2%

2012 3.9%

2013 4.4%

Source: FDIC QTRLY Banking Profiles –

Institutions with managed credit card loans

exceeding 50% of total assets.

Profit Share Joint Venture Self Issuance

Card Issuing Infrastructure Spectrum

• 3rd-party issuer

controlled

- Owns accounts

- No conveyance

• Fixed payments to

FI (usually per new

account + ongoing

card renewal

payments)

• Marketing support -

3rd-party issuer has

access to FI

customer list for

marketing purposes

• Same as Agent

Bank

EXCEPT:

- Revenue sharing

vs. fixed

payments

• FI owns some /

all of portfolio

• Issuer provides

card account

servicing on a fee

for service basis

• All asset risk is

FI’s for assets

owned

• All profits on

owned accounts

accrue to FI

• FI & issuer

agree on a

P&L

measurement

structure

• Profits are

shared as

agreed

• Investments,

costs shared as

agreed

• True separate

entity created

between FI &

issuer

• Each party

contributes

resources as

agreed

• Value to each

party ascribed

based upon

resources

contributed

• Profits shared

based upon equity

stake

• FI issues cards

directly

• FI takes all risk /

retains all profits

• FI either builds or

buys needed

infrastructure, skill

sets

• Numerous

strategic, financial

& regulatory

considerations

Servicing StructureEnhanced Agent BankAgent Bank

7

Align Card Issuing Options & Bank’s Goals

8

Economics

Investment

Ongoing Commitment

Risks

Operational

Credit

Regulatory

Financial & IRR

Reputation

Strategic

Ease of

Implementation

Management

Controls

Member Experience

Pricing

Underwriting

Rewards

Network Relationships

Marketing

Bank Resources

Dedicated

Accounting

Marketing

Evaluate Key Parameters of Card Options

• Members like debit cards

• Attractive DDA-based payment

• Debit issuers are likely to return to a growth agenda to match consumer demand

• Current interchange rates will remain intact

Investments in Debit Issuing

• MC, Visa, & PIN debit networks for cross-line applications, opens gates for EMV enabled debit cards

• Home Depot, Target and other data breaches push fraud agenda and EMV

• MC & Visa waive PCI DSS annual validation

Thumbs Up for EMV

• Prepaid has emerged as competitive DDA alternative

• Prepaid and credit card are Durbin exempt

• Debit cards still favored for security & control Competition

9

Debit Cards & Interchange

5 Reasons CU’s May Like Apple Pay

10

Innovation & Apple Pay

One more means to make payments & transactions

Growing percentage of iPhone users

Works with over 50% of cards issued today

Security:

- NFCommunication enabled (except MCX CurrentC network)

- TouchID – Finger print scan on iPhone 6

- Tokenization – Assigns 1-time codes

EMV retrofits likely to include mobile communications

11

Expect Significant Growth in Electronic Wallets

12

Source: Risk Based Security Source: Privacy Rights Clearinghouse

Credit unions' are concerned and focus on data and cybersecurity in

order to safeguard their members.

NAFCU's October 2014 Economic & CU Monitor Survey

Retailer Breaches Hit CUs

The Air Academy Federal Credit Union said it had blocked about $20,000 in potentially fraudulent activity tied to debit cards compromised in the Home Depot breach.

“A lot more activity off this one than Target," chief financial officer Brad Barnes said. About 5,800 debit cards out of his credit union's 25,000 total debit cards were compromised by the breach, he added.

Credit unions were socked with $28 million in costs for the Target breach, according to research from NAFCU. The Home Depot attack could result in even greater damages.

Source: Fraudulent charges from Home Depot breach surface (CBS MoneyWatch, September 24, 2014)

The Target data breach will cause financial institutions to lose $480 million in card replacement costs and other expenses, according to estimates by NAFCU.

13

14

CREDIT UNIONS WORK HARD TO PROTECT MEMBERS AND ADDRESS

DATA SECURITY ISSUES

PR Newswire

Up to 63% of security infractions & business

disruptions attributed to suppliers & vendors.

16

Sky Rocketing Cost &

Complexity

Intelligent Operational Resources

Outsourcing Savings & Simplicity

SellingCustomer

ServiceRevenue & Profits

Your Core

Focus

The Next Frontier of Operating Efficiency

Competitive Landscape

New Products &

Services

Speed to Market

Economies of Scale

Complexity of

Technology

Compliance Tsunami

Consumer Compliance

Cybersecurity Breaches

Manage Risk to

Company & Consumer

Need Intelligent Expertise

New

Ch

all

en

ges

3rd Parties / Vendor Management Risk

Increasing enforcement activity from third party relationships.

116 Regulatory VM Publications.

Develop a plan tailored to:

17

Inherent Risk

Benefits Complexity

Customer Interaction

Information Security

Contingency Planning

Compliance Oversight

Strategic Validation of 3rd Party Business Needs

Contract Development, Review, &

Performance Monitoring

• Develop and negotiate contracts that address the 18

elements outlined by the OCC.

• Identify and incorporate mutually beneficial performance

indicators and key risk indicators into contracts to enable

effective quantitative monitoring of performance against

anticipated outcomes.

• Review existing contracts on critical vendors, as material

changes warrant.

• Renegotiate at the earliest opportunity, if problems are

identified.18

Getting More Attention

Just Announced on 11/4/14

19

Quick Reference Resources- NAFCU Data Security Website

- CFPB RFI on Mobile Financial Services (June 2014)

- FRB of Boston Payment Strategies

- FRB of Boston Mobile Payments Industry Workgroup

- Other Fed Payments Groups & Research:

• FRB of Atlanta Retail Payments Risk Forum

• FRB of Philadelphia Payment Cards Center

• FRB of Kansas City Banking & Payments Research

• FRB of Kansas City - General Purpose Reloadable Prepaid Cards: Penetration, Use, Fees and Fraud Risks (Feb 2014)

Paul Reymann

P: 410-212-5955

[email protected]

twitter.com/paulreymann

www.mcgovernsmithadvisors.com

20