by: Daryl Cornell –
The large gathering of ISOs this year at NAC with a laser focus on ATM ISO issues was impressive. While a ton of information was shared during the conference, several recurring themes included:
The fraudsters are winning. Data breaches, bank ATM malware, and POS compromises are seemingly daily events. As banks, processors and big box merchants spend billions hardening defenses, fraud will gravitate towards softer targets. Up until now, the U.S. retail ATM has been largely spared from much of the fraud. This is not true in other parts of the world, where physical ATM attacks continue to grow in sophistication. ISOs would be well advised to harden defenses now in advance of the coming onslaught. High security locks, advanced security modules, updated keypads and regular password changes are all a good start.
Regulatory headwinds continue to extract a heavy toll on the ATM ISO. Operation Choke Point has put pressure on banks to terminate relationships with ISO customers. The result has been cancelled accounts, business disruption and a loss of trust between ISOs and their bank partners. Federal, State and local regulators have also been busy making life more difficult for ATM ISOs. License fees, sticker regulations, disclosure requirements and interchange/surcharge cap legislation continues to pop up like mushrooms at all levels. ISOs banding together to fight these onerous laws is no longer optional. Without sustained, coordinated lobbying, the industry itself is at risk.
EMV liability shift is a contractual issue. The card schemes, issuers, sponsor banks, processors and ISOs all operate under specific contracts. Sponsor banks and processors have admitted that they will be carefully scrutinizing merchants and ISOs who choose not to upgrade to EMV, evaluating their ability pay liability shift fraud claims. Once the chargebacks begin flowing, it will be the contracts in place which determine who pays for the fraud. ISOs would be well advised to scrub their merchant contracts now as a basis for upgrade decisions and merchant conversations. It might also make sense to dust off those old sponsor bank and processor agreements as well.
ISO cash load is on its way out. For banks, supporting ISO cash load is a big expense. As bank branch footprints have shrunk and cash disbursement chores have been largely offloaded to ATMs, banks no longer handle nearly as much cash. Add cash forecasting, cash handling and risk management costs and banks simply no longer want to support the ISO loading cash. So when the Feds come along and discourage banks from supporting ATM ISOs, banks are more than happy to oblige. As ISO cash load slowly evaporates, the industry appears to be headed towards an either CIT/or merchant load model.
Merchant cash load may be next on the chopping block. Despite overwhelming evidence to the contrary, the perception that ATMs are being used to launder cash and to distribute counterfeit currency remains widespread. As a result, regulatory scrutiny of banks, sponsor banks and ISOs continues to grow. Unless the ISO industry actively bands together to aggressively fight this misperception, the risk is that the U.S. could go the way of Europe – mandating either CIT or expensive validating dispensers at merchant load locations. At a minimum, expanded reporting and tracking requirements for merchant load locations would appear to be on the horizon.
Finally, ISO fatigue appears to be at epidemic levels as the industry finds itself under siege. The days of simply putting out machines and harvesting cash are over. The business has gotten exponentially more complicated and expensive. ISOs are clearly at a decision point with the costs of EMV upgrade looming. For many, the level of capital required to stay in the game brings with it another 5+ year commitment to the business. Many ISOs will decide that it’s just not worth it and look to exit. Those who choose to stay will benefit from a less crowded playing field offset by increased cost and complexity.
