Overview of Card Regulations, Disputes, & Fraud Tina Giorgio, President & CEO ICBA Bancard Inc.
Agenda Regulation Overview Chargebacks Fraud Trends Fraud Prevention Investigation Strategies Fraud Tool Box Response Plan 2
Regulation Overview
Regulation E First adopted in 1978, established obligations, rights and liabilities of participants in EFT and Remittance Transfer Systems Transfer by definition is initiated through an electronic terminal, telephone, computer, or magnetic tape for the purpose of ordering, instructing, or authorizing a financial institution to debit or credit a Consumer s Account A Consumer is defined as a natural person. An Account is defined as an account used for personal, family or household purposes. A business is not a consumer, however a sole proprietor may be consider a Consumer under Regulation E.
Regulation E, cont. Consumer Responsibilities Notify the bank within two business days of discovering the error o Consumer liability is limited to $50 After two business days, the Consumer has 60 days from the statement mailing to report the error. o Consumer liability is limited to $500 Anything after 60 days does not apply (unless there are extenuating circumstances, e.g. hospital stay)
Regulation E, cont. Bank Responsibilities Must resolve the dispute within 10 business days or give the Consumer provisional credit reduced to 5 business days for Visa and Mastercard o Any overdraft fees or service charges must be reversed Consumer notification in writing of provisional credited and full use of the funds during the investigation The dispute must be resolved within 45 days (90 for POS) or the credit is final no matter what the outcome Final resolution letter is required within 3 business days and credit cannot be reversed for 5 business days after the notice
Visa and Mastercard Zero Liability Policies Visa and Mastercard both have a Zero Liability Policy on purchases made with a debit card If a Consumer notifies the bank within two business days of discovering an error, the Consumer liability for the transaction(s) is $0 If a Consumer notifies the bank after two business days but before 60 days from statement mailing, the Consumer liability is $50 Also offer liability waiver on commercial and business cards (not part of the regulations)
Regulation Z The liability for unauthorized use is a maximum of $50 The Consumer has 60 days from the receipt of the statement to report the error Issuer has two billing cycles to resolve Consumer cannot be billed/debited for disputed amount(s) Bank cannot adversely affect the Consumer s credit report If the credit is attached to a debit card, Reg E applies, not Reg Z
Chargebacks
The Card Brand The Issuing Bank The Dispute Process The Processor The Cardholder The Merchant
Chargeback Changes April 2018 Visa Claims Resolution (VCR) launched Reduce dispute timeframes o Closure timeframe has decreased to avg. 16 days from 54 days o Arbitration acceptance rates have increased Queue management displays days to next action to ensure compliance Most rejects result from ineligible claims or wrong claim types Know your dispute type (e.g. CP, CNP, POS Mode, etc.)
Fraud Trends
Fraud Continues to Shift with EMV Adoption 67% of cards representing 97% of payment volume are chip cards 2.9M merchants are chip enabled and processed 1.5B transactions Counterfeit card fraud has dropped by over 50% since the liability shift in 2015 Contactless is next and is getting faster adoption than chip alone did, especially now that first generation chips are expiring
Fraud Rates - Debit 79% of the fraud occurs in the card not present environment CNP represents over 50% of sales volume and is growing 3%/year Fraud rates have remained fairly flat since 2016 CP represents 4.2 bps of sales volume while CNP represents 25.4 bps of sales volume making the blended fraud rate 14.6 bps of sales Fraud rates for Bancard clients are much lower CP represents 2.0 bps and CNP represents 15.0 bps
Fraud Rates - Credit Credit fraud losses are higher than debit More loss per occurrence Have remained fairly flat since 2016 CP represents 11.0 bps of sales volume while CNP represents 22.2 bps of sales volume making the blended fraud rate 14.6 bps of sales Fraud rates for Bancard clients CP represents 11.2 bps and CNP represents 24.3 bps
Fraud Prevention
Fraud Types Lost/Stolen Not Received Issue (NRI) Cards Fraudulent Application Account Takeovers Counterfeit (Skimming) Card Not Present 17
Fraud Prevention Best Practice Neural Networks Data Matching Address Verification Service Address change monitoring Daily parameter controls Report Monitoring 3D Secure Solutions
Authorization Parameters Daily Controls Code Blocks Authorizations Payment Parameters Over Limit Levels PIN Validation Credit Line Management Controls 19
Authorization Parameter Settings Issuers should review or evaluate their authorization parameter settings and controls either on a quarterly basis or every six months Daily Limits Velocity Dollar Amounts Merchant Code Blocks (MCC/SIC) Payment Parameters 20
Visa CAMS and MasterCard ADC Alerts The Visa Compromised Account Management System (CAMS) and the MasterCard Account Data Compromise Event (ADC) is a tool to inform your institution of a situation involving stolen, recovered, or compromised credit or debit accounts. As the issuer and owner of the accounts, your institution has the responsibility to determine the best action to take to secure your interest and protect your institution from fraud losses. Create a severity rating based on the elements that are considered at risk to help aid the decisioning factor whether to block and reissue an account or to monitor the account for possible fraud trends 21
Investigation Strategies
Investigation Strategies Review Fraud Trend and identify fraud type Identify the number of accounts impacted Conduct CPP Common point of purchase analysis Compile fraud data to present as financial evidence. Contact local law enforcement to present case 23
24 Investigations Law Enforcement Reporting Financial Evidence - Provide all fraud transaction data to law enforcement Elements to include in report Approved fraud transactions including overall total Declined fraud transactions including overall total Fraudulent payments including overall total Overall total amount for all fraud activity
Investigation Law Enforcement Case Types Assist with Various Cases Family/Friendly fraud cases First party fraud cases Traditional fraud cases Internal fraud cases LEO Requests U. S. Secret Service U.S. Marshals Financial Surveillance Unit FBI Cybercrime Division U.S. Postal Inspection Service Local, State, & International law enforcement agencies 25
Fraud Tool Box Crimedex Alerts o https://www.crimedex.com/ International Association of Financial Crimes Investigators IAFCI o https://www.iafci.org/ Association of Certified Fraud Examiners ACFE o http://www.acfe.com/ United States Secret Service einformation Network o https://www1.einformation.usss.gov/einformation/home.seam United States Secret Service Electronics Crimes Task Force ECTF o http://www.secretservice.gov/ectf.shtml FICO Card Alert Network Fraud Forum o https://community.fico.com/community/fraud-alert-network National Cyber Forensics Training & Alliance NCFTA o http://www.ncfta.net/ 26
Response Plan Steps to respond to a fraud trend: Evaluate the situation: Network in your community Review & adjust your controls and parameters Notify appropriate law enforcement Notify insurance company
Questions? Tina.Giorgio@icba.org @tnagiorgio Blog: icba.org/bancard/news-events/tinas-takeon-payments