Michigan Retailer - Use bankcard security features to help deter fraud

Use bankcard security features to help deter fraud

Does your staff routinely require Visa cardholders to show ID at POS? Though prohibited by Visa USA operating regulations, in many cases the answer is yes.

Visa staff has been receiving complaints from cardholders across the country in all market segments that merchants are requiring them to show identification to complete Visa card transactions. This practice is clearly prohibited in all contracts with merchants.

Over the past several years, Visa has been very successful in working with merchants to reduce POS fraud by utilizing the card security features built into every Visa card. These features, and merchants’ Best Practice use of them, have resulted in fraud, expressed as percentage of sales volume, reaching its all-time low.

Recently, however, merchants have begun to require cardholders to show identification to complete Visa card sales. Though this practice may seem to merchants to be another fraud deterrent, it may, in fact, lead to more fraud.

False sense of security
Fraudsters continually attempt to compromise the payment system by stealing other people’s information and reworking it to look like their own, such as using stolen cards or checks, skimming magnetic stripes and, most recently, using personal identification and credit information.

Payment cards have security features that can limit fraud exposure before, during and after a sale. Merchants who rely on cardholder identification to deter fraud—without also checking the Visa card security features—can, in fact, experience higher fraud than merchants who check only the security features on Visa cards.

Security features and Best Practices
As an integral part of their structure, Visa payment cards contain several security features that merchants can use to identify fraudulent cards at the point-of-sale. These features are identified below along with the proven Best Practices that indicate how merchants can use them to reduce fraud.

• Signature, hologram and flying “V”: During POS transaction, merchants must take possession of each card and check to ensure that the card contains these three elements.
• Authorization: Merchants must swipe each Visa card to obtain authorization to complete the POS sale.
• Embossed account number/Pre-printed digit match: Merchants should ensure that the first four numbers in the embossed card account number exactly match the pre-printed four digits directly below it.
• Card account number: Merchants should compare and ensure that the cardholder’s account number matches that on the transaction receipt.
• Signatures: Merchants must check and ensure that the cardholder’s signature on the POS receipt matches the signature on the Visa card. If the payment card is not signed, merchants should request identification.
Visa and issuer support
Visa and its issuers are continually reviewing transactions to identify and stop fraud. The use of neural nets and exception files allow Visa and issuers to make real-time decisions regarding fraudulent, or potentially fraudulent, transactions.

In addition, issuers react differently to cards that are key-entered rather than swiped and often ask for a referral to deter fraud.

Visa has developed a wide range of materials for merchant use in training POS staff on proper acceptance procedures and how these can protect merchants from fraud. Merchants can obtain these materials by calling Visa Fulfillment at 800.235.3580 and requesting the Catalog of Materials, Tools and Training (VBS 03.01.03).

Rules for checking identification
The Visa USA Operating Regulations clearly state the conditions under which merchants can check cardholder identification:
• If the Visa payment card is unsigned or the signature panel has been damaged, merchants can require cardholders to produce photo identification.
• If the Visa payment card is signed, merchants can ask to see identification but cannot make this a condition of the sale. That is, if a merchant requests cardholder identification which the cardholder refuses to provide, and the transaction was approved, the merchant must accept the payment card without the requested identification.

Merchants cannot request cardholder identification as part of standard transaction procedure, rather only when dealing with suspicious transactions, as discussed above, and as clearly stated in the merchant contract.

Summary
Protecting the Visa brand and the Visa payment system is the responsibility of all stakeholders: from bankcard processors to issuers, and from merchants to cardholders.

When followed accurately, the proven POS acceptance procedures discussed here will lead to a more efficient payment system with reduced costs and increased merchant profits that also delivers the acceptance, convenience and security expected from Visa.

For more information
Your account executive can provide more information on the regulations and procedures of checking cardholder identification at the point-of-sale.

Reprinted with permission from Visa Directions, August 2003.

Return to October Michigan Retailer Page one • MRA home