by clicking the arrows at the side of the page, or by using the toolbar.
by clicking anywhere on the page.
by dragging the page around when zoomed in.
by clicking anywhere on the page when zoomed in.
web sites or send emails by clicking on hyperlinks.
Email this page to a friend
Search this issue
Index - jump to page or section
Archive - view past issues
Connexus : Issue 41
implement effective long-term solutions and not just quick fixes – has taken time,” he says. When Visa’s seven-point secur ity plan was announced in 2008, it had a five-year implementation plan. Its VBV issuer mandate required all Australian Visa card issuers to enrol cardholders in VBV by April this year. An industry working party, comprising Visa, MasterCard, bank and mutual representatives, is developing a VBV national mandate for higher-risk online merchants who have traditionally been targeted by online fraudsters – for example, those selling smar t phones, iPads and computers. “ This would complement the investment mutuals have made in VBV on the cardholders’ side,” says Visa’s McKindley. Fewer hurdles A major game changer in CNP fraud is the growing sophistication of the way credit card transactions are being monitored, blending human intelligence, information sharing and technology. Mutuals have an advantage in this regard, says Moffat. “Because of our size, we have fewer hurdles to clear than the big banks when it comes to collaborating in sharing information. We tend to learn each other’s hard lessons without having to all go through them.” The diversity of mutuals’ business models means they aren’t competing when tackling CNP fraud, he says. As a relatively large operation, Greater Building Society has the resources to monitor credit card transactions around the clock. Moffat says those that outsource monitoring must keep their internal education and training up-to-date and be aware of new trends. “ But outsourcing your monitor ing doesn’t outsource your losses. You should know as much as you can about it to get as much value as possible from it. “Periodically, when there’s a new event that hasn’t occurred before – a @ Who wears the loss? Acquiring banks are responsible for card not present fraud losses. The acquirers pass the losses, via a chargeback process, to the merchants. Under scheme operating regulations, the acquiring bank of a merchant not using a compliant payment processing system could face being penalised if it suffers a breach where payment card data is stolen. Where the stolen data relates to cards’ magnetic stripe track transaction data, the merchant’s acquirer could face an assessment resulting in a fine which is a portion of the counterfeit card fraud losses issuers have suffered. This amount is distributed back to affected issuers on a pro rata basis. However, where the data breach is restricted to the less volatile account number and expiry date, there is no provision for assessing a penalty for recovery of a portion of the issuer’s reported CNP fraud. Online merchants are becoming increasingly aware of the risks to their customers and businesses, and their responsibilities in protecting card data. This is due to the scheme mandates on data security either in place or firmly on the horizon. Under the Payment Card Industry Data Security Standards, the acquiring bank has the responsibility to ensure with every organisation that every entity that touches a transaction is compliant with the security standard. “But, given the vast number of e-commerce merchants already out there, and with new ones coming online every day, it will take time to ensure everyone is meeting these standards,” says Abacus’ Rob Crawford. Mutuals keen to become even more savvy about dealing with fraud should ask as many questions of industry partners as they can, says Jason Moffat, chair of the Australian Mutual Fraud Committee. He and fellow committee members welcome queries from mutual representatives. Online merchants are becoming increasingly aware of the risks to their customers and businesses. NEWS 22 Connexus