Friday , March 29, 2024

In Wake of Big PIN Breach, Visa Tightens Debit-Fraud Controls

At a time when debit card fraud is generating unwelcome headlines, Visa USA is taking two new steps to enhance its information about fraud involving payment cards that rely on personal identification numbers for security. With the goal of spotting fraud trends early and keeping overall fraud under control, Visa for years has required members to report information about signature-based fraud originating with credit cards or signature-based debit cards. But it hasn't required such reporting about PIN-based card fraud, even though it operates two major PIN-based debit networks, Plus for ATMs and Interlink at the point of sale. That's about to change, though not all at once. Beginning in June, a few large Visa members will begin to report PIN-based card fraud data to Visa, according to Jean Bruesewitz, Visa USA senior vice president for processing and emerging products. Visa wouldn't say which members are participating and exactly what they'll report. But the idea is to give Visa, with its thousands of members and network-level view, a better perspective about new PIN-based fraud trends and where and how fraud is occurring. “From a fraud-reporting perspective, PIN fraud has been pretty much managed on a bank level,” Bruesewitz told Digital Transactions magazine, a sister publication of Digital Transactions News, for un upcoming story on PIN-debit fraud. Visa will see how the new reporting system works with the large members and then may make PIN-based fraud reports a systemwide requirement, according to Bruesewitz. But exactly if or when that may occur hasn't yet been determined. In another move to control PIN-based fraud, Visa is integrating Plus into its VisaNet transaction network. The integration will bring a number of VisaNet's risk-control features that aren't available on the Plus network, according to Bruesewitz. These features include so-called advanced authorization in which VisaNet gives the transaction a risk score. VisaNet also monitors accounts that have been compromised and makes an assessment of the risk transactions on those accounts pose. The change will require members to consolidate their current, separate connections into VisaNet and Plus. Visa expects the technical aspects of the integration to be done on its end by October. Members will then have two years to migrate to the new system. “That will give a more complete view, all in the same place,” says Bruesewitz. Visa's changes come in the wake of some highly publicized incidents of debit card fraud, including the apparent breach of encrypted PINs and the electronic keys to decode them (Digital Transactions News, March 16). That breach forced financial institutions to reissue several hundred thousand debit cards and remains under investigation by federal authorities. Bruesewitz, without disclosing numbers, says, “we have seen an uptick in debit fraud,” but claims it's still low. Industry analysts say signature-based card fraud is running at about 6 basis points of charge volume, less than half the level of the early 1990s.

Check Also

Buying Groups Might—or Might Not—Give Merchants More Negotiating Power with the Card Networks

Card-acceptance costs and network rules weren’t the only subjects covered by the sweeping settlement revealed …

Digital Transactions