CardNav by CO-OP
SM
What Does It Do?
What is CardNav
The CardNav technology developed by CO-OP is a solution
What are the benefits to the
members?
that enables credit unions to deliver superior control,
•Control when and where their card is used
SM
by CO-OP?
security, and financial visibility to their members via
their mobile phones. Members can manage their cards
on-the-go with an intuitive mobile app.
Cardholders can control when and where their cards can
•Access and manage cards anytime, anywhere
be used as well as view and act on instant alerts when
•Secure their accounts by locking their card when not in
use and unlocking for use
transactions are processed, perform card management
•Control dependent purchases to avoid misuse
functions such as turning the card on/off, and perform
basic mobile banking functions such as view balances and
transactions, transfer funds between accounts linked to a
card, and search for nearby ATMs.
What are the benefits to
CO-OP credit unions that deploy
this solution?
•Offer market-differentiating service to their members
•Build out mobile as the primary delivery channel
•Reduce risk and fraud cost
•Provide new revenue-generating services to grow net
revenue per member
•Lower member-support costs and improve member
experience
•Keep credit union card top of wallet
•Improve member retention and attract new members
1
•Receive near-real-time notifications to alert cardholder
of any unauthorized use
•Track monthly spending at a glance
CardNav by CO-OP
SM
How Does It Work?
How does CardNav work?
CardNav enables a cardholder to define controls for
card usage and to define preferences for alerts to be
received when transactions using the enrolled card are
made or attempted. Participating financial institutions
will identify the BINs to be enrolled in the service. All
transactions from the enrolled BIN are routed to the
CardNav application. Cardholders enroll by downloading
an app to a smartphone. Using two-factor identification,
the member’s identity is verified. Once enrolled, the
cardholder can set real-time controls and receive
•There is a passcode-based feature for application
lock/unlock, where the passcode is stored on the mobile
device. Unauthorized attempts into the application
are prevented by locking the application after a fixed
number of invalid attempts, and forcing the user to
provide their login credentials for subsequent app usage
•In case of lost mobile devices, the mobile app can
be remotely deactivated, thereby stopping any
unauthorized access
•Funds can only be transferred from one linked account
to another
near-real-time alerts based on preferences identified.
The main difference between controls and alerts is that
controls recommends an action/denial to the processor
based on the controls set for that card by the member,
and alerts notifies the cardholder based on the policies
Is it limited to cards on our BINs?
Yes, a credit union determines the BIN(s) that should
be enrolled in the CardNav program. Only cards with
specified BINs will be allowed to register.
set by the member.
Do locations-based alerts apply to
online transactions?
No, Location alerts apply to card-present transactions (instore and at ATMs), but do not impact online and auto-pay
transactions.
Is CardNav a secure solution?
CardNav does not replace Falcon or any fraud program.
Rather, it provides an extra layer of security by notifying
the user of any potentially suspicious transactions after
they pass all the Falcon and PMC checks. For example, if
a transaction is denied by Falcon, it will not move on to
CardNav. However, if the transaction passes the initial
edits, and it is used outside the geographic location that
Yes, the solution is secure and uses the following
the cardholder has authorized for use, the transaction
safeguards:
will be denied, and the member will receive an alert from
•The mobile application does not store any protected
cardholder data (such as debit or credit card numbers,
PIN, CVV/CVV2, etc.)
•It only identifies a payment card using commonly
used references such as the last four digits of the card
number and the cardholder name
•By design, the mobile application does not contain
any information that is subject to PCI-DSS or PA-DSS
rules, because it can be downloaded and run on any
unprotected device
•The user provides login credentials and passes them
to the authentication server without storing any
passwords internally
2
How does CardNav work with
existing fraud programs?
CardNav notifying them that a transaction was attempted.
The application only recommends approval or denial of
a transaction based on the control preferences that the
cardholder has set within the app. AP or the host has the
final approval or denial authority.
Who has access to transaction
and GPS tracking data?
CardNav technology does not hold complete cardholder
data—only the last four digits of the card number. All
proprietary data remains in the CO-OP switch. CO-OP’s
partner will not house any card-sensitive data.
CardNav by CO-OP
SM
How Does It Work?
(continued)
What types of controls and alerts
can the member set/receive within the application?
The following controls and alerts can be customized individually by card:
Type
On/Off—enables and
disables transactions
Location—based on
where the transaction
occurs (merchant
location)
Control Preferences
•Card On—transactions are subject to CardNav
alert and control preferences currently in effect
An alert message displays when:
•Card Off—most card transactions are denied,
except for auto-pay transactions and credits
(deposits, returns and reversals)
•Transactions are attempted when card is off
Users can set multiple location control policies for
each card.
Users can set multiple location alert policies for
each card.
•My Location—denial is recommended when
phone location is different from merchant
location for in-store transactions
•My Location—alert is sent when phone location
is different from merchant location for in-store
transactions
•My Regions—denial is recommended when
transaction occurs outside of an area(s) defined
by the user (region on a map around a city or
postal code)
•My Regions—alert is sent when transaction
occurs outside of an area(s) defined by the user
(region on a map around a city or postal code)
•Block International—denial is recommended
when transaction occurs outside of the U.S.
Note: Block International must be disabled when
either My Region or My Location is enabled.
Similarly, My Region and My Location must be
disabled when enabling Block International.
3
Alert Preferences
•Cards are turned on and off
•Block International—alert is sent when
transaction occurs outside of the U.S.
Note: Block International must be disabled when
either My Region or My Location is enabled.
Similarly, My Region and My Location must be
disabled when enabling Block International.
Transaction Type—
based on type of
transaction at
point-of-sale
Any of the following types may be turned on to
deny transactions of that type:
Merchant Type—based
on merchant category
code (MCC). These are
ignored for ATM and
Auto Pay transactions.
Any of the following types may be turned on to
deny transactions of that type:
Thresholds—one
threshold based on the
transaction amount;
another based on the
available balance in the
linked account
Only the following threshold preference may
be used as a control:
Any of the following alert threshold
preferences may be set:
•Card Threshold Amount—denial is
recommended when transaction amount
exceeds specified threshold amount
•Card Threshold Amount—alert is sent when
transaction amount exceeds specified threshold
amount
•In-store (card present)
•Online (including bill pay)
•Mail/phone order
•Auto pay (recurring transactions)
•ATM transactions
•Others
•Department stores
•Entertainment
•Gas station
•Groceries
•Household
•Personal care
•Restaurants
•Travel
•Age restricted
•Others
Any of the following types may be turned on to
send an alert when a transaction of that type
occurs:
•In-store (card present)
•Online (including bill pay)
•Mail/phone order
•Auto pay (recurring transactions)
•ATM transactions
•Others
Any of the following types may be turned on to
initiate an alert when a transaction of that type
occurs:
•Department stores
•Entertainment
•Gas station
•Groceries
•Household
•Personal care
•Restaurants
•Travel
•Age restricted
•Others
•Account Low Balance Threshold—alert is
sent when the balance received by CardNav
(during login or refresh) is below the specified
threshold amount
CardNav by CO-OP
SM
How Does It Work?
(continued)
Is CardNav a standalone solution?
Yes, the CardNav application requires no integration
Can CardNav be integrated with
our mobile app?
to the credit union’s core processor or home banking
Yes, a CardNav API is available. Contact your Relationship
system. The application works with version 4.1 and
Manager for more information.
higher for Android and device models 4S,5, 5C, 5S, 6 or
6 Plus with iOS operating system version 6, 7, or 8 for
Apple (iOS).
How does CardNav work
with mobile security?
What tools will credit unions have to
help manage this program?
CO-OP’s CardNav solution is particularly strong in terms
A web-based management tool will be available through
There is no sensitive information in the app. All sensitive
your Desktop Director (CO-OP Portal). You can use it to
information is tokenized. Communication is strictly
view application usage and to support your members who
through SSL with two-way authentication. The solution
have downloaded the app. The dashboard view provides
follows OWASP guidelines and meets or beats all accepted
real-time metrics on total members who have downloaded
industry best practices.
of mobile security. The app mutually authenticates at both
the app level and the cardholder level with the server.
the app, active members, transaction alerts by category,
and transaction controls by category. This data can also
be exported into Excel. In addition the management tool
provides you with the ability to search on a cardholder
and look at card activity and alert notifications. You’ll be
able to assist users that are locked out of the registration
process, review settings that the cardholder has applied
to their card, and perform certain activities “on behalf of”
your member.
Can the solution be customized or
branded by credit unions?
Yes, once the cardholder enrolls in the downloaded app,
branding and other customized features by credit unions
are supported. Credit unions can modify and add to
several elements of the app to best reflect their brand,
including:
How will this best be used with
and integrated with Apple Pay/
tokenization?
We are evaluating how we can enhance CardNav given the
new developments in mobile, particularly with Apple Pay.
Alerts specific for an Apple Pay transaction are something
we will be considering.
Does the app require the cardholder
to authenticate each time the
application is started or accessed?
After the initial registration and two-factor authentication,
the cardholder will only need to log in with their user
ID and password or a four- to ten-digit pass code if the
application’s session has timed out.
•Login page—Logo and color
•App background colors—Per credit union
branding guidelines
•Card Image—Use digital assets for a card image to
closely resemble the actual physical card(s)
•ATM locations—Specific to credit union
•Contact Us page—Use the credit union’s
headquarters address, email, phone, customer
service hours, as well as social media links to
Facebook, Twitter, etc.
4
Are alerts based on
authorization or settlement?
Controls are in real time and alerts are near real time,
within seconds. In the case of a two-part transaction,
the alert is sent when the transaction is initiated, during
authorization.
CardNav by CO-OP
SM
How Does It Work?
(continued)
Can the app be controlled from
a desktop or laptop computer?
Is there an ATM locator on the app?
No, this is a mobile app and is controlled by a smartphone
your ATMs or a CO-OP Network ATM nearby.
Yes. The “Find Us” feature will help your members locate
or iPad.
Will CardNav work outside the U.S.?
Can members get personal support
if they need it?
Yes. If your phone has an internet connection, the app
Yes. Optional CO-OP Member Center services can
will work.
provide live assistance 24/7 for inquires regarding the
CardNav app.
Can transactions be conducted in
foreign currencies?
currency, but transactions may be initiated and authorized
What if a member has their card
turned off and can’t get it turned
back on using the app?
in any currency.
A member should always be able to turn their card back
Yes. Transaction amounts are displayed in issuer
on using the app, unless they have lost their phone. In
Does location functionality depend on
phone signal? As an example, I travel
to an area of Texas where my AT&T®
phone has no signal. If set to ‘My
Location’ would this impact use of
my card?
allow you to perform a variety of activities “on behalf of”
users in real time, including turning the card “On.” For
additional support, members can also call CO-OP Member
Center, which offers 24/7 support.
to use the current location. If your phone is turned off,
Will transactions declined due
to CardNav settings show up
differently than other types of
declines in DataNavigator or host
systems?
without cellular service, or does not provide GPS location
Transactions will have a unique flag in DataNavigator for
coordinates, it will use the last saved GPS location.
any denial based on a CardNav recommendation.
An alert is triggered or a control is initiated by in-store
transactions that occur outside of the area where your
primary mobile device is located. The mobile device must
have location services (GPS) enabled with permission
However, if this situation occurs for more than eight
hours, CardNav temporarily ignores the My Location
policies. Transactions would not trigger alerts or control
denials based on My Location preferences during this
time; however an alert would be generated informing the
cardholder that a transaction was conducted.
5
that case, the CardNav management tool (mConsole) will
CardNav by CO-OP
SM
How Does It Work?
(continued)
How much control will members
really have? Will members be able
to turn on cards that their credit
unions have set to deny for NSF or
overdue loans?
Can you transfer funds between
cards?
No. This product does not change or override the credit
Would there be a balance inquiry
each time the app is opened?
union’s existing authorization process or change a card
status set by the credit union. CardNav will make a
recommendation to AP for approval or denial based on the
user’s preferences, but AP or the host will make the final
No, you can only transfer funds between accounts that
are tied to the same card.
A balance inquiry is only generated when the member
logs into the application or when they refresh the app.
determination as to whether the transaction should be
approved or denied. Just because the cardholder is okay
with the transaction does not mean it will be approved.
How long can a cardholder
leave a card “off”?
Are the in-app notifications
via push, or do you have to
be logged in?
Notifications are push notifications in app.
You do not need to be logged in.
They can turn their cards off, leave them off as long as
they want to, and only turn them back on when they want
to perform transactions.
How many cards can each
user set up?
There is no limit to the number of cards that a user can
Does the app time out (log off) after
a period of time?
Yes, however, we recommend as a best practice that the
members set up a passcode, which requires entry of a
four- to ten-digit code every time the app is launched and
every time the app comes to the foreground.
set up; however each card must belong to a BIN that
participates in CardNav.
If I have two credit union accounts
and a debit card with each, can I
manage the different cards from the
same CardNav account?
A separate CardNav account would be required for each
card that belongs to a different CU.
Do CardNav controls work
regardless of how the card is
used—plastic, EMV or token?
Correct, that is the beauty of this product. EMV helps
prevent fraud for card-present transactions. CardNav also
helps identify potential fraud for card-present, online and
auto-pay transactions.
6
Is CardNav available for issuers only
using CO-OP for PIN transaction
processing?
We require both PIN and signature processing to allow
for a better user experience. The members do not know
or care what processor is approving their transaction. So
if CardNav is implemented only for the PIN transactions,
then any signature debit transaction would not invoke
the Controls set by the member. This would be very
confusing and give the member a false sense of security.
For example if they set the card OFF, all transactions
would be denied for PIN transactions, but any signature
transaction could be approved.
CardNav by CO-OP
SM
How Does It Work?
(continued)
What if I have my card turned
off and a recurring utility bill
wants to charge my card?
Will that transaction be denied?
by CardNav and alerts are generated for attempted
Since the alerts are sent as in-app
messages, do you have to have
CardNav active all of the time
to get messages, and does an
alert trigger an audible sound so
you know when you receive one?
transactions. However, auto‑pay transactions and credits
Transaction-related notifications are received within
When the card is off, most card transactions are denied
(deposits, returns and reversals) are exempt from this
high‑level control.
seconds after a transaction is performed or attempted
based on the preferences set by the member. For
transactions that are denied, either by AP or because of
If a transaction is declined based
on CardNav controls set by the
member, will this transaction still be
forwarded to our host system?
If you have denials sent to the host today, then any denial
due to a CardNav setting will also be sent.
What Will It Cost?
How much does the app
cost the member?
Participating members can download CardNav free from
either the app store on iTunes or Google Play Store. It is
up to the credit union whether they would like to assess
a fee for the service. A monthly file containing a list of
active users for that month will be available to assist
credit unions that wish to assess a fee to their members.
7
CardNav control preferences, alerts are always generated.
And this is the case even if the CardNav app is not open
or active. The audible sound however, is based on the
settings that you have for that device.
CardNav by CO-OP
SM
How Do We Get Started?
8
Which credit unions are eligible for
CardNav?
How do members sign up?
CardNav will be available to any credit union that
their smartphone from the Apple iTunes App Store or
processes their signature and PIN debit or in-house credit
Google Play store. The member will then enroll into the
programs through CO-OP. For additional information,
system by presenting card credentials and going through
please contact your Relationship Manager or CO-OP Client
additional user-verification checks. Once enrolled, a user
Services at 800.782.9042, Option 2. You may also email
can specify preferences for alerts and controls for each
[email protected] with your question.
registered card within the intuitive mobile application.
©2015 CO-OP Financial Services
12222015CF15238
A user simply downloads the CardNav application onto
CO-OP Financial Services
9692 Haven Avenue
Rancho Cucamonga, CA 91730
CO-OPfs.org