As skimming and ATM fraud continue to be a problem across the United States, credit unions must take all available steps to protect their reputations, and more importantly, the sensitive information of their members. Updating ATMs to be EMV compliant should be at the top of the list. With this October’s liability shift at the ATM for MasterCard drawing ever closer, many credit unions are already making strides toward this goal to avoid being targeted by fraudsters looking for easy marks after the deadline.
If last year’s point of sale liability shift teaches us anything, it’s that changes of this scope create a significant amount of hassle and headache. However, these pains are just temporary frustrations and can be eased. Credit unions should follow several steps leading up to and following October’s liability shift to ensure employees and members alike experience as seamless a transition as possible. They should remain proactive, have patience and keep the big picture in mind.
1. Be proactive in your preparation.
With the assortment of moving parts and different parties involved in the EMV certification process, proactive planning and detailed communications are a must. From hardware and software vendors to different departments within the credit union, successfully migrating ATMs requires a significant amount of coordination and cooperation. Ensuring that clear goals and detailed steps are outlined from the beginning will go a long way to help manage expectations and issues.
Last year many merchants approached the liability shift at the point of sale with a “wait and see” attitude. While an aversion to being first is understandable, this hesitation often made conversion to EMV more painful than it could have been. Merchants who decided to wait and see were hit with unprecedented chargebacks, and many have suffered major reputational blows as well.
Credit unions can learn from the mistakes of retailers by proactively embracing the upcoming EMV deadline. Instead of being caught off guard, they should do their homework to understand what threats they are really facing, assess their institutions’ risk levels and then make concerted efforts to reach compliance. It would be far better if history did not repeat itself.
2. Have patience with your members.
The challenge does not end with EMV compliance. ATMs are self-service machines, so changes in transactions may initially be confusing for members. As was the case during the point of sale liability shift, consumers are likely to need help becoming familiar with how a small chip impacts the way they use their card at the ATM.
While merchants can guide customers through an EMV transition at the point-of-sale, credit unions often can’t do so when it comes to EMV-ready ATMs. Members will need to independently determine if the ATM in question is EMV enabled, and whether to dip or swipe every time they approach a machine. To help counter this confusion, credit unions should deploy distinctive signage at their machines, clearly communicating if the ATM is chip-enabled, and what steps are required to successfully complete a transaction. Alerting members to transaction behavior changes, preparing them for these changes and practicing patience with their questions and frustrations post-certification are key to a successful transition.
3. Keep the big picture in mind.
Skimming is a much bigger problem than many consumers in the U.S. realize. According to a recent FICO Card Alert Service study, ATM attacks increased by 546% from 2014 to 2015, and show no signs of slowing down without preventative action. Fraudsters continue to expand the ways in which they target ATMs and the members that use them.
For example, criminals are taking advantage of resources designed to help consumers locate EMV-enabled ATMs. Networks such as MasterCard and Visa offer tools on their websites that specify whether a certain ATM is EMV-enabled or not. Unfortunately, criminals can also access this feature, leading them directly to the low-hanging fruit; i.e., ATMs that are not EMV-ready. This leaves both credit unions and their members vulnerable.
If the leaders of credit unions consistently reiterate the importance of EMV compliance throughout the project, employees and members are more likely to understand and appreciate the EMV goal of a credit union, and will be more understanding should there be inconveniences or missteps along the way. Keeping members aware of the protections and safety the enhanced security of EMV provides will go a long way in keeping members safe, satisfied and secure.
As we approach the October deadline, credit unions across the country are at various levels of EMV readiness. Most larger institutions are already well underway in their EMV migration, but many smaller institutions are quite a bit behind. No matter where your credit union falls on this spectrum, it is helpful to maintain a prepared, patient and big-picture outlook on the journey to EMV compliance at the ATM. Your credit union – and members – will be all the better for it.
Harold Pruitt is a solutions architect for Paragon Application Systems. He can be reached at 214-415-8830 or hpruitt@paragonedge.com.
