Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk Policy Considerations.  Floor Limits  Fallback considerations  Domestic v International  Credit control (VSDC+) overview  Fraud reporting 

Published byLaurel Perry Modified over 7 years ago

Similar presentations

Presentation on theme: "Risk Policy Considerations.  Floor Limits  Fallback considerations  Domestic v International  Credit control (VSDC+) overview  Fraud reporting "— Presentation transcript:

1 Risk Policy Considerations

2  Floor Limits  Fallback considerations  Domestic v International  Credit control (VSDC+) overview  Fraud reporting  Education (Issuer, Acquirer, Cardholder, Merchant)  Summary Agenda

3 Floor Limits  If a terminal floor limit is set to zero. The transaction will attempt to go online  The card may have a domestic currency value offline limit (like a floor limit)  If the card limit is exceeded but is below the terminal floor limit the card will request an online transaction  As offline transactions are accepted (now or in the future) chip terminal floor limits are expected to rise allowing the card to make more decisions

4 Floor Limits Scheme Policy  International Chip transactions must go online  Domestic floor limits should be set at domestic level with agreement from all schemes  High risk merchants must have a zero floor limit for international and domestic scheme transactions

5 Fallback considerations Scheme Policy – minimum requirements When smart card processing fails what fallback (if any) should be performed Fallback ‘one’ technology – Magnetic stripe processing If fallback to magnetic stripe, must go online to Issuer (zero floor limit) ? If online, the Issuer must be aware that the smart card processing failed If fallback required but terminal unable to go online should the transaction be declined ?

6 Fallback considerations CVM Fallback considerations If PIN try limit exceeded should we allow the customer to fallback to signature processing? NOTE: Transaction remains chip (not magnetic stripe) If the Issuer chooses to do so the Issuer takes liability for any Lost and Stolen fraud that may occur Should you allow PIN to signature fallback initially then move to no fallback when infrastructure in place and cardholders and familiar with the process Consider fraudulent activity Consider requirements to re-issue cards if necessary 1234

7 Domestic v International Domestic Risk ControlsInternational Risk Controls CVM ListsDifferent CVM list Domestic Terminal Floor limitsInternational Terminal Floor limits Domestic currency offline spend limits No currency offline spend limits (except 2 nd currency) Domestic offline transaction counters (LCOL / UCOL) Different International offline transaction counters (LCOL / UCOL) Fallback processing

8 Credit control  Chip provides various credit control tools such as;  Offline transactions counters  Online decision matrix  Script processing  However there is an outstanding question  If I allow offline transactions how can I manage my cardholders account and ensure that they do not exceed their available credit?  Surely I must continue to go online?

9 Credit control – VSDC + Overview FUNCTIONAL OVERVIEW – MARKET REQUIREMENTS ISSUER HOST n Visa products supported – All Visa flag debit and credit products – Visa Electron l Where the market allows offline authorisation n Domestic only (single currency) n Issuer – Certified for full option processing n Acquirer – Certified for full option acquiring n Issuer & Acquirer must support VIP for Authorisations

10 Credit control – VSDC + Overview FUNCTIONAL OVERVIEW – SET-UP ISSUER HOST Account set-up $500 limit held at account level ($400 available on the auth host) ($100 allocated to the card) ($100 allocated to the card) in the Cumulative Total Transaction Amount Limit CTTAL

11 Credit control – VSDC + Overview FUNCTIONAL OVERVIEW – TRANSACTION Allow the card to use the $100 offline. When a transaction goes online: Card interfaces with terminal and instructs terminal to send the amount spent (to date) to the Issuer Issuer receives value and can balance the account before approving CTTAL is the rest after approval or can be changed to manage cardholder spend ACQUIRER ISSUER VisaNet

12 Fraud reporting  Online authorisation reporting  Fraud Warning system reporting  Clearing and settlement reporting  Risk and fraud detection reports  Online cryptogram failures  PIN change failures  Fallback to magnetic stripe  CVR exceptions such as:  Issuer authentication failed  Offline PIN failed  Previous transaction failures  TVR exceptions  SDA / DDA failures  Expired card  PIN PAD not working

13 Education ISSUER  Changes to support PIN processing at POS  ATM or Branch PIN change  Terms and conditions  Merchant training  Terms and conditions  Merchant customer services  Cardholder customer services  Multiple departments require training  Risk and fraud protection is fundamental to chip processing CHIP BEGINS WHEN ROLLOUT IS COMMENCED ! THE PROJECT DOESN’T END WHEN ROLLOUT IS COMMENCED

14  Market Floor Limits will have an impact on your Issuing Risk strategy  Fallback processing is important to manage the cardholder experience v potential misuse  Different Risk tools can be applied to domestic and international card usage  Credit control and offline transactions can be managed with the use of VSDC+. However VSDC+ requires host system changes  Fraud reporting is vital for detection and is an ongoing strategy. Authorisation reporting is vital. If offline transactions occur Clearing system reporting is also important  Education is key to the success of chip. All major areas of the business will be impacted by chip ! Summary

15  In addition to magnetic stripe data the chip authorisation message now contains vital chip data which can be used for Risk detection methods. Including:  Online PIN  ATC  iCVV  Authorisation Request Cryptogram - ARQC  Card Verification Results – CVR  Terminal Verification Results - TVR  Domestic offline spend amount  Risk managers can use all this data  BUT – Authorisation system must be able to break down the data and respond accordingly Host decisions

16 ISSUER Chip Issuer decisions At the POS – Substantially more than magnetic stripe Card is interactive. Contains card risk parameters Card is able to make decisions at POS based on Issuer’s choice At Scheme Additional Chip Stand In Processing (STIP) decisions At Issuer host New authorisations data available to the Issuer based on chip transaction processing Ability to change the card’s chip parameters and status (next session)

17 Host decisions ISSUER DescriptionApprove, Decline, Decline & Pick Up, Refer Data Authentication not performed Data Authentication failed ICC Data missing Card Appears on terminal exception ICC and Terminal have different version Expired application Application not yet effective Requested service is not allowed this card product New card Cardholder verification was not successful

18 Host decisions ISSUER DescriptionApprove, Decline, Decline & Pick Up, Refer Unrecognised CVM PIN try limit exceeded PIN entry required, PIN pad not present or not working PIN required, PIN pad present but PIN not entered Online PIN entered Transaction exceeds floor limit LCOL exceeded UCOL exceeded Transaction selected randomly Merchant forced online Issuer authentication failed

19 Host decisions (STIP) ISSUER Chip Issuer decisions At the POS – Substantially more than magnetic stripe Card is interactive. Contains card risk parameters Card is able to make decisions at POS based on Issuer’s choice At Scheme Additional Chip Stand In Processing (STIP) decisions At Issuer host New authorisation data available to the Issuer based on chip transaction processing Ability to change the card’s chip parameters and status (next session)

20 Host decisions (STIP)  Issuer needs to decide when Scheme should stand-in and for what functionality  Scheme can even stand-in for ALL chip functionality and then send the Issuer the magnetic stripe data only (EARLY OPTION) ISSUER OPTION ISSUE CARDS ACCEPT CHIP DATA EARLYFULL NOTE: Consider your market ‘on-us’ verses ‘Scheme transactions’

21 Host decisions (STIP)  Within Full Option, Issuers need to instruct Scheme of functionality STIP  Online Card Authentication (ARQC)  Scheme to perform Always  Scheme to perform in Stand-in only  Issuer to perform Always  Issuer authentication (ARPC)  Scheme to perform Always  Scheme to perform in Stand-in only  Issuer to perform Always

22  Online processing provides multiple card authentication processes  CVV / iCVV  Online PIN  ATC checking  Online ARQC and ARPC processing  Chip data is vital to Risk manager’s detection methodology  Scheme is able to Stand-In for the Issuer Summary

Download ppt "Risk Policy Considerations.  Floor Limits  Fallback considerations  Domestic v International  Credit control (VSDC+) overview  Fraud reporting "

Similar presentations

ORDER VERIFICATION ORDER ENTRY DAILY PROCESS ORDER VERFICATION - Order Sort Browse - Enter Order # - F-8 OK.

ORDER VERIFICATION ORDER ENTRY DAILY PROCESS ORDER VERFICATION - Order Sort Browse - Enter Order # - F-8 OK.
Government Prepaid Card

Government Prepaid Card
Card Verification Support

Card Verification Support
Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management.

Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management.
Prepaid Cards General Overview PDNB Electronic Banking Solutions.

Prepaid Cards General Overview PDNB Electronic Banking Solutions.
1 U.S. EMV Migration Update and Best Practices Hap Huynh, Senior Director Risk Products April 2015.

1 U.S. EMV Migration Update and Best Practices Hap Huynh, Senior Director Risk Products April 2015.
Payment Cycle Introduction

Payment Cycle Introduction
Introduction to Electronic Processing College of General Studies.

Introduction to Electronic Processing College of General Studies.
Harvesting High Value Foreign Currency Transactions from EMV Contactless Credit Cards without the PIN 21st ACM Conference on Computer and Communications.

Harvesting High Value Foreign Currency Transactions from EMV Contactless Credit Cards without the PIN 21st ACM Conference on Computer and Communications.
Memorial University of Newfoundland An Update on Chip September 26, 2007.

Memorial University of Newfoundland An Update on Chip September 26, 2007.
Electronic Commerce Semester 1 Term 1 Lecture 22.

Electronic Commerce Semester 1 Term 1 Lecture 22.
Debit Card Plastic card that looks like a credit card

Debit Card Plastic card that looks like a credit card
Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Credit card and Debit card Working and Management.

Credit card and Debit card Working and Management.
Ecommerce Applications 2009/10 Session 31 E-Commerce Applications E-payment.

Ecommerce Applications 2009/10 Session 31 E-Commerce Applications E-payment.
PCI PIN Entry Device Security Requirements PCI PIN Security Standards

PCI PIN Entry Device Security Requirements PCI PIN Security Standards
Electronic Payment Systems

Electronic Payment Systems
DEBIT CARDS.

DEBIT CARDS.
EFTPOS and credit Card payments Jana Skriveris Line 4 Due: 14 th Nov Business Admin.

EFTPOS and credit Card payments Jana Skriveris Line 4 Due: 14 th Nov Business Admin.
May 28, 2002Mårten Trolin1 Protocols for e-commerce Traditional credit cards SET SPA/UCAF 3D-Secure Temporary card numbers Direct Payments.

May 28, 2002Mårten Trolin1 Protocols for e-commerce Traditional credit cards SET SPA/UCAF 3D-Secure Temporary card numbers Direct Payments.

Similar presentations

Ads by Google