Visa has developed a process to enable issuers to recover magnetic stripe-read card account data that have been linked to counterfeit fraud. It is called the Account Data Compromise Recovery (ADCR) process. ADCR allows issuers to identify the compromised entity and then to file a claim to the affected processing bank, in order to obtain copies of both the valid and fraudulent transactions. Counterfeit fraud liability for processing banks is limited to a time-frame of 13 months.
The ADCR process from start to finish. Here is how the ADCR process works:
- Account compromise and subsequent counterfeit fraud. Listed below are the stages of counterfeit fraud:
- Criminals find a way to access a merchant’s point-of-sale (POS) system with stored card data and retrieve card account information.
- The stolen account information is then encoded on counterfeit cards or re-encoded on lost or stolen cards.
- The counterfeit cards are used at various merchant locations. Card issuers approve the transactions since no lost or stolen card or fraud has been reported at this point.
- Compromised Account Management System (CAMS).
- The merchant discovers the account compromise and notifies their processor who uploads the stolen account numbers directly to CAMS.
- Visa investigates and validates that an account compromise has occurred. Visa then sends a CAMS e-mail alert to affected issuers to notify them of the compromised accounts.
- The affected issuers monitor, close, or block compromised accounts.
- ADCR process.
- Visa first determines whether the validated account compromise meets the following ADCR criteria:
- Visa calculates and informs the processor of its potential ADCR financial liability, which includes a percentage of the magnetic stripe-read counterfeit fraud and partial operating expense liability amounts. Estimates are based on the projected magnetic stripe-read counterfeit fraud and account exposure risk expected during the compromise event window*. The processor has 30 days to appeal the preliminary decision.
- If at the end of the issuer fraud-reporting window, it has been confirmed that an event meets ADCR criteria, Visa calculates the actual processor incremental counterfeit fraud and operating expense liability amounts due each participating issuer impacted by the compromise.
- Visa notifies the processor and issuers of their respective liability or reimbursement amounts. Processors then notify the merchant about the estimated and final liability amounts.
*A compromise event window is defined as a 13-month maximum time period that can be up to 12 months prior to and one month past the CAMS alert date. Magnetic stripe-read counterfeit transactions must fall within the event window to qualify for recovery.
Image credit: SDPnoticias.com.