Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presented by David Cole

Published byAgnes Thompson Modified over 8 years ago

Similar presentations

Presentation on theme: "Presented by David Cole"— Presentation transcript:

1 Presented by David Cole
Card Risk Management Presented by David Cole

2 Chip End-to-End process
AUTHORISATIONS Offline PIN Validation Card holder verification method Terminal Risk Management iCVV checking Card Risk Management ATC checking ISSUER HOST Online CAM Online PIN Script processing

3 Chip issuer decisions Magnetic stripe Issuer decisions
At the POS – Minimal Card provides service code and account information. Terminal processes accordingly At Visa Stand In Processing (STIP) decisions plus CVV checking At Issuer host Authorisations decisions based on transaction processing (e.g. successful CVV) plus risk processing (e.g. available credit, account status, previous transactional data) Card Risk Management

4 Chip issuer decisions Chip Issuer decisions
At the POS – Substantially more than magnetic stripe Card is interactive. Contains card risk parameters Card is able to make decisions at POS based on Issuer’s choice At Visa Additional Chip Stand In Processing (STIP) decisions At Issuer host New authorisations data available to the Issuer based on chip transaction processing Ability to change the card’s chip parameters and status Card Risk Management

5 Chip issuer decisions Chip card risk parameters
Set at card level as part of personalisation Parameter is set to: Decline if triggered (Denial) Go Online if triggered (Online) Decline or Approve if unable to go online (Default) Called Issuer Action Codes (IAC’s) Combination of: Transaction errors (e.g. PIN failed) Domestic and International counters (e.g. offline spend) Traditional triggers (e.g. Floor limit exceeded) Card Risk Management

6 Card action analysis Terminal Request to the card Card Risk Management
Can this transaction proceed? Record events so far Have any exceptions been triggered such as PIN failed, counters exceeded? Record ‘position statement’ in the Card Verification Result (CVR) Apply actions provided by the Issuer (IAC’s) Apply Issuer Action Codes Provide a response to the terminal (Online, Decline, Approve) Card Risk Management

7 Card Verification results (CVR)
Card action analysis Card Action Analysis Counter checks Previous Txn checks Domestic LCOL Not completed Decision Int’l LCOL Issuer script failed Domestic currency Offline spend SDA failed DDA failed 2nd currency Offline spend New Card PIN exceeded Card Verification results (CVR) Card Risk Management

8 Card action analysis Terminal Card can respond with requests Decline
Online Decline Online Approve Decline Online Approve Card Risk Management

9 Card action analysis Visa Recommendations See Visa Perso Templates
Condition Response IAC Denial - decline offline IAC Online - go online IAC Default - decline offline if unable to go online Offline Data Authentication Not performed 1 Offline Static Data Authentication Failure Chip Data Missing Primary Account Number on terminal exception file Offline Dynamic Data Authentication Failure Combined DDA/AC Generation failure Chip and terminal are different versions Expired Application Application not active (effective date check) Service not allowed for card product New Card Cardholder verification failed CVM not recognized PIN try limit exceeded Visa Recommendations See Visa Perso Templates Card Risk Management

10 Card action analysis Card Risk Management Condition Response
IAC Denial - decline offline IAC Online - go online IAC Default - decline offline if unable to go online PIN entry required and PIN pad not working or not present 1 PIN entry required, PIN pad working but no PIN entered Online PIN entered Reserved for future use 00 Transaction exceeds floor limit Lower offline limit exceeded Upper offline limit exceeded Transaction selected randomly for online transmission: Merchant forced transaction online Issuer Authentication Failed Script processing failed prior to generating final cryptogram Script processing failed after generating final cryptogram Card Risk Management

11 Card action analysis Value of Total Consecutive Offline Spend Limit and what to do if unable to go online International offline counters Value of Lower Consecutive Offline Limit Value of Upper Consecutive Offline Limit Value of PIN try limit 2nd Currency values Card Risk Management

12 Card action analysis Card provides terminal with one of the following:
A decline message containing an end of transaction certificate for audit purposes. Called an AAC (Application Authentication Cryptogram) An approval message containing an end of transaction certificate for audit purposes. Called a TC (Transaction Certificate) An online message request containing an online cryptogram message that can be validated by the Issuer. Called an ARQC (Authorisation ReQuest Cryptogram) Card Risk Management

13 Summary Traditionally, terminals execute risk management at the POS
Now the card has a major impact in the POS decision process Cards need to be personalised with Issuer Action Codes (IAC’s) Card decisions should not be made in isolation of the host decisions as they are linked The terminal will request a Decline, Go Online or Approve. The card: Must agree with a decline request Cannot overturn an online request with an approval Can choose the outcome of a transaction if the terminal is happy to approve Lets assume an online request and see what Risk tools are available when we go online Card Risk Management

14 Importance of Issuer Action Codes (IACs)
The Issuer Action Codes are a list of up to 37 conditions that if they occur the card then decides what it will do: Authorise offline Go online Decline An example is. Is this the first transaction on a new card. If so Go Online and if you cant go online decline

Download ppt "Presented by David Cole"

Similar presentations

ORDER VERIFICATION ORDER ENTRY DAILY PROCESS ORDER VERFICATION - Order Sort Browse - Enter Order # - F-8 OK.

ORDER VERIFICATION ORDER ENTRY DAILY PROCESS ORDER VERFICATION - Order Sort Browse - Enter Order # - F-8 OK.
© 2007 First Data Corporation. All Rights Reserved. This document contains unpublished, confidential and proprietary information of First Data Corporation.

© 2007 First Data Corporation. All Rights Reserved. This document contains unpublished, confidential and proprietary information of First Data Corporation.
Government Prepaid Card

Government Prepaid Card
Credit Card Processing

Credit Card Processing
Card Verification Support

Card Verification Support
Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management.

Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management.
Use Case & Use Case Diagram

Use Case & Use Case Diagram
1 U.S. EMV Migration Update and Best Practices Hap Huynh, Senior Director Risk Products April 2015.

1 U.S. EMV Migration Update and Best Practices Hap Huynh, Senior Director Risk Products April 2015.
Lecture 9 e-Banking. Introduction The most used methods to pay for a service or merchandise are: –The real money (so called “cash”) –cheque (or check.

Lecture 9 e-Banking. Introduction The most used methods to pay for a service or merchandise are: –The real money (so called “cash”) –cheque (or check.
Harvesting High Value Foreign Currency Transactions from EMV Contactless Credit Cards without the PIN 21st ACM Conference on Computer and Communications.

Harvesting High Value Foreign Currency Transactions from EMV Contactless Credit Cards without the PIN 21st ACM Conference on Computer and Communications.
Access Online (AXOL).

Access Online (AXOL).
Security in a Mobile App World - A Payments Perspective James Sellwood 6 th Sept 2014.

Security in a Mobile App World - A Payments Perspective James Sellwood 6 th Sept 2014.
Www.winman.com ©2008 TTW Where “Lean” principles are considered common sense and are implemented with a passion! Product Training Credit Cards.

©2008 TTW Where “Lean” principles are considered common sense and are implemented with a passion! Product Training Credit Cards.
Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Credit Card And Prepaid Process Edward M. Kwang President.

Credit Card And Prepaid Process Edward M. Kwang President.
BATCH TRANSACTION PROCESSING Option 1: Transaction Processing Systems.

BATCH TRANSACTION PROCESSING Option 1: Transaction Processing Systems.
PCI PIN Entry Device Security Requirements PCI PIN Security Standards

PCI PIN Entry Device Security Requirements PCI PIN Security Standards
Session #15 The StudentLoans.gov Experience Julie Aloisio Rosa Trejo U.S. Department of Education.

Session #15 The StudentLoans.gov Experience Julie Aloisio Rosa Trejo U.S. Department of Education.
PeopleSoft Time and Labor Training Instructor: Karin Alvarado

PeopleSoft Time and Labor Training Instructor: Karin Alvarado
1 Access Online. 2 VERY IMPORTANT!!! To run ACCESS ONLINE – you need: Pentium 120 MHz or higher 36 MB memory64 MB recommended to run reports Windows 95,

1 Access Online. 2 VERY IMPORTANT!!! To run ACCESS ONLINE – you need: Pentium 120 MHz or higher 36 MB memory64 MB recommended to run reports Windows 95,

Similar presentations

Ads by Google