CardNavSM by CO-OP
Frequently Asked Questions
What Does It Do?
What is CardNavSM by CO-OP?
The CardNav technology developed by CO-OP is a solution that enables credit unions to deliver
superior control, security, and financial visibility to their members via their mobile phones.
Members can manage their cards on-the-go with an intuitive mobile app.
Cardholders can control when and where their cards can be used as well as view and act on
instant alerts when transactions are processed, perform card management functions such as
turning the card on/off, and perform basic mobile banking functions such as view balances and
transactions, transfer funds between accounts linked to a card, and search for nearby ATMs.
What are the benefits to CO-OP credit unions that deploy this solution?
• Offer market-differentiating service to their members
• Build out mobile as the primary delivery channel
• Reduce risk and fraud cost
• Provide new revenue-generating services to grow net revenue per member
• Lower member-support costs and improve member experience
• Keep credit union card top of wallet
• Improve member retention and attract new members
What are the benefits to the members?
• Control when and where their card is used
• Receive near-real-time notifications to alert cardholder of any unauthorized use
• Enhanced member experience
• Secure their accounts by locking their card when not in use and unlocking for use
• Control dependent purchases to avoid misuse
How Does It Work?
How does CardNav work?
CardNav enables a cardholder to define controls for card usage and to define preferences
for alerts to be received when transactions using the enrolled card are made or attempted.
Participating financial institutions will identify the BINs to be enrolled in the service. All
transactions from the enrolled BIN are routed to the CardNav application. Cardholders enroll
by downloading an app to a smartphone. Using two-factor identification, the member’s
identity is verified. Once enrolled, the cardholder can set real-time controls and receive
near-real-time alerts based on preferences identified.
The main difference between controls and alerts is that controls recommends an action/
denial to the processor based on the controls set for that card by the member, and alerts
notifies the cardholder based on the policies set by the member.
CardNavSM by CO-OP
(How Does It Work? continued)
What types of controls and alerts can the member set/receive within
the application?
The following controls and alerts can be customized individually by card:
Type
Location—
based on where
the transaction
occurs
(merchant
location)
Transaction
Type—based
on type of
transaction at
point-of-sale
Alert Preferences
Control Preferences
Only one of the following location
preferences may be set at one time. The
location policy is always based on the
primary device.
Only one of the following location
preferences may be set at one time.
The location policy is always based on
the primary device.
• M
y Location—alert is sent when
phone location is different from
merchant location for in-store
transactions
• M
y Location—denial is recommended
when phone location is different
from merchant location for in-store
transactions
• R
egion—alert is sent when transaction
occurs outside of an area defined by
the user (region on a map around a
city or postal code)
• R
egion—denial is recommended when
transaction occurs outside of an area
defined by the user (region on a map
around a city or postal code)
• I
nternational—alert is sent when
transaction occurs outside of the U.S.
• I
nternational—denial is recommended
when transaction occurs outside of
the U.S.
Any of the following types may be turned
on to send an alert when a transaction of
that type occurs:
Any of the following types may be turned
on to deny transactions of that type:
• In-store (card present)
• Online (including bill pay)
• Online (including bill pay)
• Mail/phone order
• Mail/phone order
• Auto pay (recurring transactions)
• Auto pay (recurring transactions)
• A
TM transactions (except balance
inquiries)
• A
TM transactions (except balance
inquiries)
• In-store (card present)
• Others
• Others
Merchant
Type—based
on merchant
category code
(MCC). These
are ignored
for ATM and
Auto Pay
transactions.
Any of the following types may be turned
on to initiate an alert when a transaction
of that type occurs:
Any of the following types may be turned
on to deny transactions of that type:
• Department stores
• Entertainment
• Entertainment
• Gas station
• Gas station
• Groceries
• Groceries
• Household
• Household
• Personal care
• Personal care
• Restaurants
• Restaurants
• Travel
• Travel
• Age restricted
• Age restricted
• Others
• Department stores
• Others
Thresholds—
one threshold
based on the
transaction
amount;
another based
on the available
balance in the
linked account
Any of the following alert threshold
preferences may be set:
Only the following threshold
preference may be used as a control:
• C
ard Threshold Amount—alert
is sent when transaction amount
exceeds specified threshold amount
• C
ard Threshold Amount—denial
is recommended when transaction
amount exceeds specified threshold
amount
• Account Low Balance Threshold—
alert is sent when the balance
received by CardNav (during login
or refresh) is below the specified
threshold amount
CardNavSM by CO-OP
(How Does It Work? continued)
Do locations-based alerts apply to
online transactions?
How does CardNav work with
existing fraud programs?
No, Location alerts apply to card-present
transactions (in-store and at ATMs), but do not
impact online and auto-pay transactions. Only
one location can be set at one time, and the
location policy is always based on the primary
device.
CardNav does not replace Falcon or any fraud
program. Rather, it provides an extra layer of
security by notifying the user of any potentially
suspicious transactions after they pass all
the Falcon and PMC checks. For example, if a
transaction is denied by Falcon, it will not move
on to CardNav. However, if the transaction
passes the initial edits, and it is used outside
the geographic location that the cardholder
has authorized for use, the transaction will
be denied, and the member will receive an
alert from CardNav notifying them that a
transaction was attempted. The application only
recommends approval or denial of a transaction
based on the control preferences that the
cardholder has set within the app. AP or the host
has the final approval or denial authority.
Is CardNav a secure solution?
Yes, the solution is secure and uses the following
safeguards:
• The mobile application does not store any
protected cardholder data (such as debit or
credit card numbers, PIN, CVV/CVV2, etc.)
•
It only identifies a payment card using
commonly used references such as the
last four digits of the card number and the
cardholder name
• By design, the mobile application does not
contain any information that is subject to
PCI-DSS or PA-DSS rules, because it can be
downloaded and run on any unprotected
device
• The user provides login credentials and passes
them to the authentication server without
storing any passwords internally
•
There is a passcode-based feature for
application lock/unlock, where the passcode
is stored on the mobile device. Unauthorized
attempts into the application are prevented by
locking the application after a fixed number of
invalid attempts, and forcing the user to
provide their login credentials for subsequent
app usage
• In case of lost mobile devices, the mobile app
can be remotely deactivated, thereby stopping
any unauthorized access
• Funds can only be transferred from one linked
account to another
Is it limited to cards on our BINs?
Yes, a credit union determines the BIN(s) that
should be enrolled in the CardNav program.
Only cards with specified BINs will be allowed to
register.
Who has access to transaction
and GPS tracking data?
CardNav technology does not hold complete
cardholder data—only the last four digits of the
card number. All proprietary data remains in the
CO-OP switch. CO-OP’s partner will not house
any card-sensitive data.
Is CardNav a stand-alone solution?
Yes, the CardNav application requires no
integration to the credit union’s core processor
or home banking system. The application works
with version 2.33.0 and higher for Android and
4.0 and higher for iOS. On an ongoing basis,
the last two releases of Android and iOS will be
supported.
What tools will credit unions have
to help manage this program?
A web-based management tool will be available
through your Desktop Director (CO-OP Portal).
You can use it to view application usage and to
support your members who have downloaded
the app. The dashboard view provides real-time
metrics on total members who have downloaded
the app, active members, transaction alerts by
category, and transaction controls by category.
This data can also be exported into Excel. In
addition the management tool provides you with
the ability to search on a cardholder and look
at card activity and alert notifications. You’ll
be able to assist users that are locked out of
the registration process, review settings that
the cardholder has applied to their card, and
perform certain activities “on behalf of” your
member.
CardNavSM by CO-OP
(How Does It Work? continued)
Can the solution be customized or
branded by credit unions?
Yes, once the cardholder enrolls in the
downloaded app, branding and other customized
features by credit unions are supported. Credit
unions can modify and add to several elements
of the app to best reflect their brand, including:
•Login page—Logo and color
•App background colors—Per credit union
branding guidelines
•Card Image—Use digital assets for a
card image to closely resemble the actual
physical card(s)
•ATM locations—Specific to credit union
•Contact Us page—Use the credit union’s
headquarters address, email, phone, customer
service hours, as well as social media links to
Facebook, Twitter, etc.
Is CardNav brandable to the credit
union as an alternative to offering
an app branded by CO-OP?
If you would like to have an app with your own
branding at the app store level, you would need
a white label app. This option will be available
and will have the identical standard CO-OP
CardNav app features, but the packaging and
pricing will be slightly different.
How does CardNav work
with mobile security?
CO-OP’s CardNav solution is particularly strong
in terms of mobile security. The app mutually
authenticates at both the app level and the
cardholder level with the server. There is no
sensitive information in the app. All sensitive
information is tokenized. Communication
is strictly through SSL with two-way
authentication. The solution follows OWASP
guidelines and meets or beats all accepted
industry best practices.
How will this best be used with
and integrated with Apple Pay/
tokenization?
We are evaluating how we can enhance
CardNav given the new developments in mobile,
particularly with Apple Pay. Alerts specific for an
Apple Pay transaction are something we will be
considering.
Does the app require the cardholder
to authenticate each time the
application is started or accessed?
After the initial registration and two-factor
authentication, the cardholder will only need
to log in with their user ID and password or a
four-digit pass code if the application’s session
has timed out.
Are alerts based on
authorization or settlement?
Controls are in real time and alerts are near real
time, within seconds. In the case of a
two-part transaction, the alert is sent when the
transaction is initiated, during authorization.
Will CardNav integrate
with our mobile app?
Initially this product will be rolled out as an
independent app; however, APIs into a CUs
mobile platform will be available in 2015.
Can the app be controlled from
a desktop or laptop computer?
No, this is a mobile app and is controlled by a
smartphone or iPad.
Will CardNav work outside the U.S.?
Yes. If your phone works, the app will work.
Can transactions be conducted in
foreign currencies?
Yes. Transaction amounts are displayed in issuer
currency, but transactions may be initiated and
authorized in any currency.
CardNavSM by CO-OP
(How Does It Work? continued)
Does location functionality depend
on phone signal? As an example, I
travel to an area of Texas where my
®
AT&T phone has no signal. If set to
‘My Location’ would this impact use
of my card?
An alert is triggered or a control is initiated
by in-store transactions that occur outside of
the area where your primary mobile device is
located. The mobile device must have location
services (GPS) enabled with permission to use
the current location. If your phone is turned off,
without cellular service, or does not provide GPS
location coordinates it will use the last saved
GPS location. However, if this situation occurs
for more than eight hours, CardNav temporarily
ignores the My Location policies. Transactions
would not trigger alerts or control denials based
on My Location preferences during this time;
however an alert would be generated informing
the cardholder that a transaction was conducted.
Is there an ATM locator on the app?
Yes. Your members will be able to search for
“All” ATMs via a Google search in the app or by
“My ATMs” based on the credit union name and
configuration used during implementation of the
product.
What if a member has their card
turned off and can’t get it turned
back on using the app?
A member should always be able to turn their
card back on using the app, unless they have
lost their phone. In that case, the CardNav
management tool (mConsole) will allow you to
perform a variety of activities “on behalf of”
users in real time, including turning the card
“On.” As the number of users increases, CO-OP
will explore offering member call support out of
our CO-OP Member Center for 24/7 support.
Will transactions declined due
to CardNav settings show up
differently than other types of
declines in DataNavigator or host
systems?
Transactions will have a unique flag in
DataNavigator for any denial based on a
CardNav recommendation.
Can a credit union use the CardNav
app to send out manual alerts,
such as marketing messages or
reminders about holiday closures?
Not at this time. This is scheduled for a future
enhancement.
How much control will members
really have? Will members be able
to turn on cards that their credit
unions have set to deny for NSF or
overdue loans?
No. This product does not change or override
the credit union’s existing authorization process
or change a card status set by the credit union.
CardNav will make a recommendation to AP
for approval or denial based on the user’s
preferences, but AP or the host will make the
final determination as to whether the transaction
should be approved or denied. Just because the
cardholder is okay with the transaction does not
mean it will be approved.
How long can a cardholder
leave a card “off”?
They can turn their cards off, leave them off as
long as they want to, and only turn them back
on when they want to perform transactions.
How many cards can each
user set up?
There is no limit to the number of cards that a
user can set up; however each card must belong
to a BIN that participates in CardNav.
If I have two credit union accounts
and a debit card with each, can I
manage the different cards from
the same CardNav account?
A separate CardNav account would be required
for each card that belongs to a different CU.
Do CardNav controls work
regardless of how the card is
used—plastic, EMV or token?
Correct, that is the beauty of this product.
EMV helps prevent fraud for card-present
transactions. CardNav also helps identify
potential fraud for card-present, online and
auto-pay transactions.
CardNavSM by CO-OP
(How Does It Work? continued)
Can you transfer funds between
cards?
No, you can only transfer funds between
accounts that are tied to the same card.
Can I identify CardNav debit card
®
customers in CO-OP Revelation to
track their performance and market
to them?
Would there be a balance inquiry
each time the app is opened?
A report listing the active CardNav users will be
available to credit unions and can be imported
into Revelation.
A balance inquiry is only generated when the
member logs into the application or when they
refresh the app.
Are the in-app notifications
via push, or do you have to
be logged in?
Notifications are push notifications in app.
You do not need to be logged in.
Does the app time out (log off)
after a period of time?
Yes, however, we recommend as a best practice
that the members set up a passcode, which
requires entry of a 4-digit code every time the
app is launched and every time the app comes
to the foreground.
Is CardNav available for issuers
only using CO-OP for PIN
transaction processing?
We require both PIN and signature processing
to allow for a better user experience. The
members do not know or care what processor
is approving their transaction. So if CardNav is
implemented only for the PIN transactions, then
any signature debit transaction would not invoke
the Controls set by the member. This would be
very confusing and give the member a false
sense of security. For example if they set the
card OFF, all transactions would be denied for
PIN transactions, but any signature transaction
could be approved.
What if I have my card turned off
and a recurring utility bill wants
to charge my card? Will that
transaction be denied?
When the card is off, most card transactions
are denied by CardNav and alerts are generated
for attempted transactions. However, Autopay transactions and credits (deposits, returns
and reversals) are exempt from this high-level
control.
Since the alerts are sent as in-app
messages, do you have to have
CardNav active all of the time to get
messages, and does an alert trigger
an audible sound so you know when
you receive one?
Transaction-related notifications are received
within seconds after a transaction is performed
or attempted based on the preferences set by
the member. For transactions that are denied,
either by AP or because of CardNav control
preferences, alerts are always generated. And
this is the case even if the CardNav app is not
open or active. The audible sound however,
is based on the settings that you have for
that device.
If a transaction is declined based
on CardNav controls set by the
member, will this transaction still
be forwarded to our host system?
If you have denials sent to the host today, then
any denial due to a CardNav setting will also
be sent.
CardNavSM by CO-OP
What Will It Cost?
How much does the app cost the member?
Participating members can download CardNav free from either the app store on iTunes
or Google Play Store. It is up to the credit union whether they would like to assess a
fee for the service. A monthly file containing a list of active users for that month will be
available to assist credit unions that wish to assess a fee to their members.
How Do We Get Started?
Which credit unions are eligible for CardNav?
CardNav will be available to any credit union that processes their signature and PIN debit
or in-house credit programs through CO-OP. For additional information, please contact
your Relationship Manager or CO-OP Client Services at 800.782.9042, Option 2. You may
also email [email protected] with your question.
Is CardNav available now?
Yes. CardNav began beta testing in Q2 2014, and is currently available.
How do members sign up?
A user simply downloads the CardNav application onto their smartphone from the Apple
iTunes App Store or Google Play store. The member will then enroll into the system by
presenting card credentials and going through additional user-verification checks. Once
enrolled, a user can specify preferences for alerts and controls for each registered card
within the intuitive mobile application.
CO-OP Financial Services
9692 Haven Avenue
Rancho Cucamonga, CA 91730
CO-OPFS.ORG
©2014 CO-OP Financial Services
121114CF1421