overview of card regulations, disputes, &...
TRANSCRIPT
Overview of Card Regulations, Disputes, & FraudTina Giorgio, President & CEO
ICBA Bancard Inc.
Agenda
• Regulation Overview• Chargebacks• Fraud Trends• Fraud Prevention • Investigation Strategies• Fraud Tool Box• Response Plan
2
Regulation Overview
Regulation E
• First adopted in 1978, established obligations, rights and liabilities of participants in EFT and Remittance Transfer Systems
• “Transfer” by definition is initiated through an electronic terminal, telephone, computer, or magnetic tape for the purpose of ordering, instructing, or authorizing a financial institution to debit or credit a Consumer’s Account
• A Consumer is defined as a natural person.• An Account is defined as an account used for personal, family or
household purposes.• A business is not a consumer, however a sole proprietor may be
consider a Consumer under Regulation E.
Regulation E, cont.
• Consumer Responsibilities• Notify the bank within two business days of discovering the
“error”o Consumer liability is limited to $50
• After two business days, the Consumer has 60 days from the statement mailing to report the error.o Consumer liability is limited to $500
• Anything after 60 days does not apply (unless there are extenuating circumstances, e.g. hospital stay)
Regulation E, cont.• Bank Responsibilities
• Must resolve the dispute within 10 business days or give the Consumer provisional credit – reduced to 5 business days for Visa and Mastercardo Any overdraft fees or service charges must be reversed
• Consumer notification in writing of provisional credited and full use of the funds during the investigation
• The dispute must be resolved within 45 days (90 for POS) or the credit is final no matter what the outcome
• Final resolution letter is required within 3 business days and credit cannot be reversed for 5 business days after the notice
Visa and Mastercard Zero Liability Policies
• Visa and Mastercard both have a Zero Liability Policy on purchases made with a debit card
• If a Consumer notifies the bank within two business days of discovering an error, the Consumer liability for the transaction(s) is $0
• If a Consumer notifies the bank after two business days but before 60 days from statement mailing, the Consumer liability is $50
• Also offer liability waiver on commercial and business cards (not part of the regulations)
Regulation Z
• The liability for unauthorized use is a maximum of $50• The Consumer has 60 days from the receipt of the statement to
report the error• Issuer has two billing cycles to resolve• Consumer cannot be billed/debited for disputed amount(s)• Bank cannot adversely affect the Consumer’s credit report• If the credit is attached to a debit card, Reg E applies, not Reg Z
Chargebacks
The Cardholder
The Issuing Bank
The Card Brand
The Processor
The Merchant
The Dispute Process
Chargeback Changes
• April 2018 Visa Claims Resolution (VCR) launched• Reduce dispute timeframes
o Closure timeframe has decreased to avg. 16 days from 54 dayso Arbitration acceptance rates have increased
• Queue management – displays days to next action to ensure compliance
• Most rejects result from ineligible claims or wrong claim types• Know your dispute type (e.g. CP, CNP, POS Mode, etc.)
Fraud Trends
Fraud Continues to Shift with EMV Adoption
• 67% of cards representing 97% of payment volume are chip cards• 2.9M merchants are chip enabled and processed 1.5B transactions• Counterfeit card fraud has dropped by over 50% since the liability
shift in 2015• Contactless is next and is getting faster adoption than chip alone did,
especially now that first generation chips are expiring
Fraud Rates - Debit
• 79% of the fraud occurs in the card not present environment• CNP represents over 50% of sales volume and is growing 3%/year
• Fraud rates have remained fairly flat since 2016• CP represents 4.2 bps of sales volume while CNP represents 25.4 bps of sales
volume making the blended fraud rate 14.6 bps of sales
• Fraud rates for Bancard clients are much lower• CP represents 2.0 bps and CNP represents 15.0 bps
Fraud Rates - Credit
• Credit fraud losses are higher than debit • More loss per occurrence
• Have remained fairly flat since 2016• CP represents 11.0 bps of sales volume while CNP represents 22.2 bps of sales
volume making the blended fraud rate 14.6 bps of sales
• Fraud rates for Bancard clients• CP represents 11.2 bps and CNP represents 24.3 bps
Fraud Prevention
Fraud Types• Lost/Stolen• Not Received Issue (NRI) Cards• Fraudulent Application• Account Takeovers• Counterfeit (Skimming)• Card Not Present
17
Fraud Prevention Best Practice
•Neural Networks•Data Matching•Address Verification Service•Address change monitoring•Daily parameter controls•Report Monitoring•3D Secure Solutions
Authorization Parameters• Daily Controls• Code Blocks• Authorizations• Payment Parameters• Over Limit Levels• PIN Validation• Credit Line Management Controls
19
Authorization Parameter Settings• Issuers should review or evaluate their
authorization parameter settings and controls either on a quarterly basis or every six months
• Daily Limits• Velocity• Dollar Amounts• Merchant Code Blocks (MCC/SIC)• Payment Parameters
20
Visa CAMS and MasterCard ADC Alerts
• The Visa Compromised Account Management System (CAMS) and the MasterCard Account Data Compromise Event (ADC) is a tool to inform your institution of a situation involving stolen, recovered, or compromised credit or debit accounts.
• As the issuer and owner of the accounts, your institution has the responsibility to determine the best action to take to secure your interest and protect your institution from fraud losses.
• Create a severity rating based on the elements that are considered “at risk” to help aid the decisioning factor whether to block and reissue an account or to monitor the account for possible fraud trends
21
Investigation Strategies
Investigation Strategies
• Review Fraud Trend and identify fraud type• Identify the number of accounts impacted• Conduct CPP – Common point of purchase analysis• Compile fraud data to present as financial evidence. • Contact local law enforcement to present case
23
Investigations – Law Enforcement Reporting• Financial Evidence - Provide all fraud
transaction data to law enforcement• Elements to include in report• Approved fraud transactions including overall
total• Declined fraud transactions including overall
total• Fraudulent payments including overall total• Overall total amount for all fraud activity
24
Investigation – Law Enforcement Case Types
• Assist with Various Cases• Family/Friendly fraud cases• First party fraud cases• Traditional fraud cases• Internal fraud cases
• LEO Requests• U. S. Secret Service• U.S. Marshals Financial Surveillance Unit• FBI – Cybercrime Division• U.S. Postal Inspection Service• Local, State, & International law enforcement agencies
25
Fraud Tool Box• Crimedex Alerts
o https://www.crimedex.com/• International Association of Financial Crimes Investigators – IAFCI
o https://www.iafci.org/• Association of Certified Fraud Examiners – ACFE
o http://www.acfe.com/• United States Secret Service eInformation Network
o https://www1.einformation.usss.gov/eInformation/home.seam• United States Secret Service Electronics Crimes Task Force – ECTF
o http://www.secretservice.gov/ectf.shtml• FICO Card Alert Network Fraud Forum
o https://community.fico.com/community/fraud-alert-network• National Cyber Forensics Training & Alliance – NCFTA
o http://www.ncfta.net/
26
Response Plan
Steps to respond to a fraud trend:
• Evaluate the situation:• Network in your community• Review & adjust your controls and parameters• Notify appropriate law enforcement• Notify insurance company
@tnagiorgio
Blog: icba.org/bancard/news-events/tinas-take-on-payments