Risk management policy

Risk management policy

Great importance for minimizing risks in the area of payment cards fraud is a human factor. The human factor is able to nullify all labor and financial costs in the fight against fraud. A large number of people stubbornly keeps the card together with the pin code, or sometimes even write the pin code on the card.

Have you ever noticed how often the cashier while accepting the card for payment, pays attention to a signature on the bank card, verifies this signature with the signature on the check? Compares the name indicated on the bank card, with the name on the check? And these are the simplest rules that must be performed by the cashier, while making payment by the card. What is it? Is it a low-skilled employee or misunderstanding the seriousness of the problem by management? The result is –every year billions of dollars disappear from the card accounts of owners around the world.

The Golden rule of risk management is to reduce risks to zero is impossible, but to decrease is possible and necessary.

Methods of fighting with the fraud in the payment cards industry.

Measures for anti-fraud can be divided into several groups:

1. On the part of the issuing Bank:
  • Training the clients-cardholders the rules of safe handling and storage of Bank cards. Ideally, ask the client whether he plans to make online payments or to make online shopping for explanations the possibilities of limiting these operations by the card holder (it helps to reduce fraudulent transactions in the Internet significantly)
  • To set limits on the number of transactions without authorization. Unauthorized transaction is a transaction that is conducted without the approval of the Bank, its success does not depend on the presence or absence of money resources on the bank card (filling, transactions on Board of the aircraft, etc.) As a rule, the transaction amount without authorization is insignificant and is just a few dollars, but the number of such operations indefinitely.
  • Setting limits on cash withdrawal at ATMs
  • Card issue with the photo of card holder
  • Generate card numbers randomly
  • A detailed examination the documents of the potential client before deciding to issue the card
  • Meticulous customer identification when contacting the Bank with the aim of changing personal data
  • SMS notifications about conducted authorizations on the bank card
  • Efficient card blocking upon request of the holder, or the message of the payment systems
  • Providing customers with an unrestricted access to the operator of the Bank 24 hours a day
  • The training Bank employees related to the production, storage, transport Bank cards to appropriate security measures
  • Monitoring and analyzing transactions appealed by the customers
  • If the Bank is posting cards to customers, it needs to take care of the card all the time while shipping to the customer, the Bank cannot send the card and pin code in the same envelope. To eliminate this kind of distribution of cards If It is possible, because there is high probability of compromise and subsequent use in the Internet
  • Immigration to EMV (microprocessor) cards and setting rules for Chip&Pin. In Russia, many banks have immigrated to this product, and that guarantees the impossibility of copying the card data, in the case when the transaction is on the chip. In the US, for example, the process of migration to EMV cards just begins
  • The use of 3D-secure Protocol (e-commerce)
  • Execution of the requirements of PCI DSS (payment card industry data security standard) for storage and transmission of payment card details
  • Online monitoring system - tracking unusual activity for a cardholder. Further – call the customer in case of detection of such activity
  • Intermittent checks of ATMs for the presence skimming devices
  • To equip ATMs by cameras
  • A careful analysis of the notifications of the international payment systems on the fixed fraudulent transactions
  • Continuous interaction with payment systems, third party banks, law enforcement agencies, internal investigations
2. On the part of acquiring Bank:
  • A careful inspection of the retailer prior concluding the agreement on acquiring
  • Online monitoring of transactions of a retailer for suspicious
  • Periodic inspection of retailers by employees of the Bank
  • To provide the responsibility of retailer in the contract for financial losses for fraud
  • Highly recommend the retailer to open a Bank account in acquirer Bank to prevent fraud associated with the account takeover
  • Carefully check the documents (verification of the organization signature and a seal) in the event of change company details
  • Training the retailer employees by the rules to accept the card for payment (verification the signature on the check and on the card, etc.)
  • Monitoring operations appealed in the retailer
  • Careful analysis of the international payment systems notifications about fixed fraudulent transactions
  • Support 3D-secure Protocol (e-commerce)
  • Execution of the requirements of PCI DSS for storage and transmission of payment card details
  • Continuous interaction with payment systems, third party banks, law enforcement agencies, internal investigations
  • Timely monitoring the level of fraud indicators, notification the retailer in case of approach to threshold figures and taking necessary measures (e-commerce)
3. On the part of retailer
  • Training the employees by the rules to accept the Bank card for payment
  • Understanding the seriousness of risks in card fraud
  • The desire to cooperate with acquirer on the card fraud affectively
  • Careful analysis of the customers ' geography, "the average check" of transactions to configure the necessary rules, limits and conditions of payments (e-commerce)
4. A number of recommendations for card holder:
  • Do not keep the card together with the pin code
  • To activate SMS-informing about all authorization requests
  • To use virtual card in the Internet. Ideally, one virtual card for one purchase or multiple purchases for a limited period of time. The validity of such cards can vary from several minutes up to a month. Even if the data of such a card is stolen, the fraudsters will hardly have time to withdraw money of the cardholder
  • When you make a purchase by credit card or pay the bill in a restaurant etc. do not let the card out of your sight. Require the payment in your presence, mobile terminals are no longer a rarity
  • To set limits on online transactions
  • Customers of many banks have the possibility to limit the number of unauthorized transactions
  • Using checked retailer
  • Do not send card or payment details to staff of the Bank by phone, mail, etc.
  • Provide the Bank with the information about your movement over the world. In this case the Bank will closely monitor the account transactions
  • Traveling with a credit card, you should be very careful: don't keep all your money on one card account, ideally, at least two card accounts and several cards issued to each.

Of course, you need to be aware in any country, however, we would like to mention a list of high-risk in terms of Bank-card service countries. These are the states which have not immigrated to chip technology: Southeast Asian countries (Thailand, Indonesia, India, China), North Africa, southern and Eastern Europe, USA, Latin America.

The most important thing in the fight against Bank cards fraud is an effective interaction of all participants of the payment system.

For example, the interaction of the Issuer and the acquirer - the joint work of the rapid sending and handling of request to each other, as well as providing information for internal investigations.

The interaction between the cardholder and the Issuer. For example, do not become angry at employees of the Bank who contact You to confirm the transaction, this is for the safety of the card holder. In this case we are talking about fraud-monitoring of the issue.

The interaction between the acquirer and the retailer. Sample arrangement of the interaction: notification of the retailer (with the necessary recommendations for action) – taking an appropriate measure by retailers. If only ones the retailer ignores the recommendations of the acquirer, the probability of successful completion of fraudulent transactions is increased significantly.

Of course methods mentioned above are not all the anti-fraud measures, but only bases on which the policy of risk management in payment cards is developed. But even such basic methods are not always followed by the banks, retailers, and especially by cardholders. And with the improvement of technology there are new opportunities for fraud (fraud with Android pay and analogues, social engineering fraud etc). Therefore, at this moment it is extremely important for all process participant to have a fresh and reliable information, to prevent the spread of fraud, to interact with each other actively, and to follow the recommendations of professionals of fraud-monitoring.