Responsibilities CenterState Bank of Florida, NA (CSBF) is the issuing financial institution of all prepaid cards and owner of the associated network BINs. CSBF is responsible for all program monitoring and risk mitigation. CSBF has established program parameters specific to how CIP and AML should be handled as well documents program guidelines such as tolerances, velocity limits, cash parameters (when applicable) and more. These guidelines are followed utilizing systems at FIS and through proprietary controls at CSBF. As the marketplace and regulation changes CSBF s prepaid and risk management team continue to update program requirements to ensure that all programs meet rules and best practices associated with federal and state laws, network requirements, CSBF s risk tolerance and industry best practices. At Account Opening Customer Identification Program Detection (CIP/KYC) Prepaid card resellers are responsible for ensuring compliance with CIP/KYC and the USA Patriot Act on all prepaid cards distributed through their channel(s). Standard CIP/MYC/Account Opening procedures followed for traditional accounts should be followed on prepaid cards. Credit history will have no determining factor on a prepaid card, but identity must be verified by the reseller or referral agent. Additionally, FIS ID Verification Service helps ensure comprehensive compliance for the USA PATRIOT Act Section 326, 314(a), and Office of Foreign Assets Control (OFAC) regulations as well as offering an identity fraud prevention program. OFAC Pattern Match FIS OFAC Pattern Match is a proprietary process that complies with the OFAC restrictions of having a current source of the OFAC country restrictions and SDN list. FIS OFAC Pattern Match accesses the most up-to-date SDN list located at the OFAC website at the beginning of each month and downloads the OFAC SDN List into a data table (overwriting the previous month s list), which is then stored and used for screening all new and existing cardholders until the next month s download. The FIS Prepaid Fraud Analyst will review all matches and take the appropriate action to validate the match. If a match is found the following steps are taken to mitigate any potential fraudulent activity. Account is immediately suspended for usage or placed on embossing hold if new The cardholder s funding source, address, and phone number will be placed on the negative file Notification will be sent to the Client Relationship Manager and Compliance Manager
Ongoing Monitoring OFAC Pattern Match Same OFAC Pattern Match run at time of account opening is run monthly on all active cards. If a match is found the following steps are taken to mitigate any potential fraudulent activity. Account is immediately suspended for usage or placed on embossing hold if new The cardholder s funding source, address, and phone number will be placed on the negative file Notification will be sent to the Client Relationship Manager and Compliance Manager Cardholder Profile Matching Cardholder Profile Matching will restrict the number of active accounts that a given cardholder / buyer may have for a given program. CPM will conduct a search for all new enrollments submitted and can be set to temporarily status the card or outsort for Risk Analyst Intervention. Transaction Monitoring FIS Prepaid uses the Falcon transactional fraud detection service (powered by Fair Isaac, Inc.) to detect and ultimately prevent fraudulent transactions on prepaid products. Falcon is a neural network based, predictive software application that examines transactional, cardholder and merchant data to detect a wide range of payment card fraud. Falcon reviews each authorized transaction, and based on historical behavior, provides a score from 0 to 999. This score represents the probability of fraudulent activity; the higher the score, the higher the chance it is a fraudulent transaction. The FIS Prepaid Fraud Analyst will review each transaction that is flagged by the Falcon scoring and/or rules selected and take the appropriate action to identify potential fraudulent activity which may include temporary account status to prevent further authorizations until cardholder validation is completed. In addition, CenterState Bank of Florida, NA (card issuer) runs transaction scripts on all cardholder transactions to monitor and flag transactions that fit a certain risk parameter. These transactions are investigated on a daily basis.
Excessive Credit Monitoring FIS Prepaid uses an Excessive Credit Monitoring service to detect and ultimately prevent fraudulent merchant credit transactions (purchase return) on prepaid products. FIS Prepaid will review each incoming settlement transaction(s) whereby the credit amount exceeds a predefined dollar threshold or excessive number of merchant returns within a 30 day period. The FIS Prepaid Fraud Analyst will review each transaction that is flagged and take the appropriate action to identify potential fraudulent activity which may include temporary account status to prevent further authorizations until cardholder validation is completed. Direct Access Load exceeds Velocity Direct Access Load is a proactive approach in monitoring Direct Access ACH loads. This Risk service sends alerts to the Risk team when the ACH load has exceeded the maximum value limit velocity configuration for the card program. Direct Access Load alerts can be set to outsort or temporarily status the card and outsort for Analyst Intervention. Direct Access Name Matching for Tax Refunds Direct Access Name Matching for Tax Refunds will identify IRS Tax Refunds received via Direct Access and will perform a comparison of the name in the ACH transaction with that of the Cardholder on the FIS Prepaid platform. If the last name of the recipient does not match that of the cardholder, the transaction will be returned to the IRS with a reject code indicating the name did not match. Other Program Controls
Each program type has its own set of limits associated with the above configuration choices outlined by CenterState Bank of Florida s prepaid management group as well as the banks risk management team.
Compromised Account Management System (CAMS) through Visa CAMS is a secure system that allows acquirers, merchants, and law enforcement officers to upload compromised and stolen or recovered account numbers directly to Visa. Visa then validates that an account compromise has occurred. Via CAMS, e-mail alerts are sent to affected issuers to notify them of the compromised accounts. Affected issuers monitor, close, or block the compromised accounts.