securlock fraud alert management operations guide 2016 · the success of fraud prevention depends...
TRANSCRIPT
Participant Guide
SecurLOCK Fraud Alert Management
Operations Guide 2016
Fraud Alert Management Operations Guide
Page ii June 2016 © 2016
© 2016 FIS. Intellectual property. All rights reserved.
This document and its contents are confidential and proprietary to FIS.
No reproduction or distribution of this document or its contents is allowed, in whole or in part, in any form, without the written permission of FIS.
Fraud Alert Management Operations Guide
© 2016 June 2016 Page iii
Table of Contents
Disclaimers ....................................................................................................................................... iv
Notices ..................................................................................................................................................... iv
Institution’s Responsibilities .................................................................................................................... iv
Confidentiality ........................................................................................................................................... v
Introduction to FIS Fraud Alert Management Services .........................................................................1
Contact Numbers and Hours of Operation ..........................................................................................2
Updating Cardholders’ Personal Information ......................................................................................3
Updating Issuer Card Department Contact Information .......................................................................3
Educate Cardholders about Fraud Alert Management Services ............................................................4
Fraud Alert Management ...................................................................................................................5
Real Time Decisioning ........................................................................................................................6
Travel Indicator ..................................................................................................................................7
External Scores ..................................................................................................................................9
Visa Advanced Authorizations .................................................................................................................. 9
Mastercard ................................................................................................................................................ 9
Automated Contact Systems ........................................................................................................... 10
Automated Call System ........................................................................................................................... 10
Automated SMS System .......................................................................................................................... 11
Automated Email System ........................................................................................................................ 11
Security Verification ......................................................................................................................... 14
Fraud Alert Detail Reports ................................................................................................................ 15
Example Fraud Alert Detail Report ......................................................................................................... 17
Memo Abbreviations and Definition Examples ................................................................................. 23
Fraud Alert Management Operations Guide
Page iv June 2016 © 2016
Disclaimers
Notices
FIS uses reasonable efforts to ensure the accuracy of the material described in this Guide. This Operations guide is current only through the published date. Thereafter, changes to FIS's systems, programs, and procedures may occur that are not referenced in this guide. Such changes will be communicated to the financial institution by the Client Communications department. In addition, from time to time, FIS may make updates to this Operations guide available to the institution.
FIS makes no warranty, express or implied, with respect to the quality, accuracy or completeness of this Operations guide or the products it describes. FIS makes no representation or warranty with respect to the contents of this Operations guide and specifically disclaims:
Any implied warranties of fitness for any particular purpose; and
Liability for any direct, indirect, incidental or consequential, special or exemplary damages, including but not limited to, lost profits resulting from the use of the information in the Operations guide or from the use of any products described in this guide.
Data used in examples and sample data files are provided for practice and illustration purposes only. Any similarities to real persons or companies in any examples or illustrations are entirely coincidental.
Before using reference materials provided by FIS, the institution should review its entire Financial Institution Service Agreement with FIS to familiarize itself with all of the terms of the Agreement. The institution should specifically review the contractual obligations listed below.
Institution’s Responsibilities
The financial institution is solely responsible for complying with:
All laws, rules, and regulations applicable to all aspects of the operations of the Visa and/or MasterCard programs;
Usury laws;
The Truth-In-Lending, Fair Credit Reporting, Equal Credit Opportunity, and Electronic Funds Transfer Acts;
All state laws and regulations regardless of whether the financial institution uses any forms or other materials supplied by FIS.
The financial institution has already acknowledged that it either possesses a copy of the Visa and MasterCard by-laws, rules, and regulations, or it knows that it may receive a copy of each by requesting them in writing from Visa and MasterCard or FIS, and paying the applicable fees.
Fraud Alert Management Operations Guide
© 2016 June 2016 Page v
Confidentiality
The financial institution has agreed to hold as secret and confidential information, reports, plans, cardholder lists, documents, drawings, writings, samples, know-how, and other proprietary material received from FIS (Confidential Information).
Confidential Information provided by FIS remains the property of FIS. The financial institution must restrict access to Confidential Information received from FIS to those employees and persons in the organization who need to know such Confidential Information in order to fulfill their obligations. The contents of this guide and other information provided by FIS are deemed to be Confidential Information.
The institution should review the Financial Institution Service Agreement with FIS if it has any questions regarding the above. For any questions of a legal nature, the institution should consult legal counsel.
FIS, Inc.
North America Card Division
Documentation Department
11601 Roosevelt Blvd.
St. Petersburg, FL 33716
FIS (http://www.fisglobal.com)
E-Library E-Mail Address (mailto:[email protected])
Fraud Alert Management Operations Guide
© 2016 June 2016 Page 1
Introduction to FIS Fraud Alert Management Services
FIS has developed a state of the art fraud detection/prevention solution through the integration of
authorization and card systems, neural network technologies and fraud analytics. FIS neural network
capabilities include the use of the FIS proprietary fraud business intelligence, FICO’s Falcon Fraud
ManagerTM neural network engine, as well as other data sources including Visa Advanced Authorizations
and MasterCard EMS (Expert Monitoring System Code) where applicable. These components combine
individual cardholder behavior, transactional data, credit/debit modeling techniques and other fraud
analytical strategies to prevent fraud, including the ability to stop potentially fraudulent transactions
Real Time at the point of sale.
Fraud Alert Management Servicing: We are on guard for our client partners 24 hours a day, 365 days a
year. Utilizing integrated neural network solutions and teams of both Fraud Alert Specialists and Fraud
Analysts to provide financial institutions a full complement of detection and prevention efforts.
Servicing includes fraud strategy deployment, case management, fraud alert analysis, account blocking,
transaction validation, issuer notification through Fraud Alert Detail Reports, and monthly and daily
reporting. Fraud strategy rules can be applied in two methods: Real Time scoring during the
authorization cycle, or post authorization.
Falcon Fraud ManagerTM is a proprietary fraud detection product developed by FICO, a leader in
transaction fraud detection. Together with analytic services offered by FIS and the Falcon Fraud
Manager engine, Fraud Alert Management delivers one of the most powerful resources against fraud
available. Our service uses individual cardholder, transaction, and merchant data to detect a wide range
of credit and debit card fraud, including the following categories, which comprise more than 95 percent
of all credit and debit card fraud losses:
Account Takeover Application
Card Skimmed Counterfeit
ID Theft Internet
Lost/Stolen Mail/Phone
Non-receipt
Currently, there are three ways in which a fraud alert is generated; fraud scores assigned by the SecurLOCK System, fraud trend strategies, and Real Time decline strategies. These thresholds are determined by FIS, Institutions cannot adjust them. FIS sets the same threshold levels for all subscribers. The threshold will never vary widely as it determines the number of fraud alerts FIS can effectively handle in a timely manner. The lower the threshold, the more fraud alerts generated.
Neural networks recognize specific fraud patterns, and discriminate between low and high-risk
authorizations. The scoring component contains a neural engine that can simultaneously examine very
large amounts of transaction and cardholder data. For each authorization processed through FIS, the
neural network assigns a risk score from 0 (not at all likely to be fraud) to 999 (very likely to be fraud).
Fraud Alert Management Operations Guide
June 2016 © 2016 Page 2
This score indicates how suspicious each transaction is relative to other transactions on record. The
scoring model is proprietary to the vendor, FICO, and FIS cannot alter the model.
FIS staffs experienced fraud analysts who look for fraud patterns across all customers and create rules to find and prevent additional fraud that could occur below the score threshold set by FIS. These rules can be either simple fraud strategies or advanced strategies using data within the neural network, and other inputs outside of the neural network. Rules can be implemented as Real Time, focusing on high-risk transactions to prevent fraud directly at the point of sale using Real Time Decisioning, or as Fraud trend rules to promptly detect fraud after the authorization response is presented to the merchant.
Contact Numbers and Hours of Operation
If the financial institution needs to update us to close a fraud alert, we prefer notification to our
department for any fraud alert related information updates via email at [email protected], or by
calling the cardholder line to validate through self-service. However, if emailing, please provide the
following information on fraud alerts in the body of the email: Case number and the last four of PAN, full
cardholder name, and information in regards to the validation of the fraud alert (No Fraud, Confirmed
Fraud, removed temporary block, etc.). Please note this email address is only for fraud alert updates. It
is only necessary to advise us of updates for current fraud alerts (within 7days of creation). Please
refer all other questions/inquiries to your Client Services or Product Support Teams.
If your financial institution needs to contact the Fraud Alert Management team directly for questions on
active alerts, please use the following number to bypass the cardholder IVR 1-866-334-1048. This is for
use by the financial institution only. Please do not share this number with your cardholders.
If the institution wants to validate as the cardholder via the IVR, please call directly to 800-369-4887. The phone number and the case number or the date of birth— or the ZIP code if the full date of birth is missing –listed on the account are needed for security verification. There will be a memo on the account that shows validated activity (FICO Fraud Verification - all transactions confirmed valid.) so it would be beneficial to add your own FI memo to the account to indicate the institution validated the activity versus the cardholder. This is a time saving process for the institution rather than waiting for an available specialist. We highly suggest utilizing the IVR on our busiest of days, Mondays, and days following holidays.
SecurLOCK Fraud Alert Management service hours are 24 hours a day, 7 days a week. Cardholders are emailed 24 hours a day, 7 days a week. They are called between the hours of 8:00 AM and 9:00 PM, and text messaged between the hours of 7:00 AM and 10:00 PM, in their specific time zone. However, we continue to monitor account activity during non-calling and non-texting hours, and take appropriate action as needed.
FIS utilizes a toll-free telephone number for fraud alert verification purposes; 800-369-4887 (we
prohibit publication of this number). Please note that we also provide a collect telephone number for
your cardholders that may be traveling or living overseas. This collect number 727-227-2447 is only to
be used for international cardholders who are returning a call made by Fraud Alert Management.
Fraud Alert Management Operations Guide
© 2016 June 2016 Page 3
Updating Cardholders’ Personal Information
The success of fraud prevention depends on the cardholder verification process. It is critical that you
provide accurate cardholder mailing address, email address, and telephone number information to FIS.
We encourage you to gather cell/mobile telephone numbers and email addresses from your cardholders
to make use of them. Your Client Services or Product Support Team can assist you with details on how to
update the appropriate card system with additional telephone numbers and an email address.
Updating Issuer Card Department Contact Information
If your card department has a change in contact information for your Fraud Alert Detail Reports please
notify your Client Services or Product Support Team at FIS to open a case management services (CMS)
ticket. They will then notify the Fraud Alert Management team to update your information. If you
utitilize the Client Portal you can open this ticket yourself requesting us to update contact information
for your Institution.
Fraud Alert Management Operations Guide
June 2016 © 2016 Page 4
Educate Cardholders about Fraud Alert Management Services
When it comes to using FIS Fraud Alert Management services, the good news is cardholders do not have
to do a thing but use their cards to be protected. Consumers who find out they are being protected by
one of these programs say they will start using their card more often. How do we know?
Each month, the Performance Management unit at FIS conducts a random survey of your cardholders
who have had a fraud alert generated by our service. Repeatedly, these cardholders tell us they did not
know such protection existed—much less that their card was guarded by it!
Cardholders are impressed to learn that our Fraud Alert Management team has been hard at work
behind the scenes, watching their individual accounts when suspicious activity occurs. They also tell us
they will be using their card more frequently knowing they have this protection.
Don't be shy about informing your cardholders about the value of your portfolio’s fraud protection. Why
let your cardholders find out about it from us after a fraud alert has been generated? Be the first to tell
them that you are looking out for their best interests. It’s in your best interest too!
If you do protect your portfolio with our service, print an article in your newsletter, send a direct mail
package, update your website or add a message or insert to their statement. Educate your cardholders
about these security protection services!
Guarding your portfolio with FIS SecurLOCK Fraud Alert Management services gives you more than
state-of-the-art fraud protection. If cardholders in our survey sample are typical, you will have a
significant marketing advantage at the same time.
FIS prohibits any Financial Institution from adding our Fraud Alert Management Toll free number on plastics, statements, websites, voicemails or any other documentation. This includes listing our processes on documents or websites. We need to keep this number safe and secure; preventing it from being obtained and used to incur fraud. Financial Institutions should transfer callers to the department IVR if they have confirmed a current fraud alert has incurred impact to their cardholder, or refer the caller to call the number listed on their voicemail. Cardholders may also use this number for other types of inquiries which can cause delays as our Fraud Alert Specialists are only available to answer questions related to a particular fraud alert.
Fraud Alert Management Operations Guide
© 2016 June 2016 Page 5
Fraud Alert Management
Fraud alerts are generated based on the probability of fraud assessed by FIS’s neural network and rules
engine. Automated processes review suspicious activity on lower risk items in order to reduce the false
positive rate of cardholder contact and help ensure consistent review of all suspicious activity. There
are occasions that a fraud alert will generate due to elevated probability of fraud but further/second
step statistical analysis will demonstrate that the transactional activity is normal. In this instance a call
will not be placed to the cardholder and memos will not be added to the fraud alert. Speed of detection
is imperative in fraud management therefore; the highest risk items will be contacted first by FIS’s Fraud
Alert Management. Any change in transaction activity is constantly evaluated in real time, and will
generate resurface fraud alerts if the probability of fraud has elevated.
Fraud alerts and their corresponding transactions are reviewed by a member of the FIS team and further
evaluated to determine the next appropriate action. For example, a temporary block can be placed on
the card to protect the cardholder until they can be reached, or the issuer can simply be notified for
consideration of internal action. We use our best judgment and experience when determining if a
temporary block is necessary. We make these decisions very carefully because customer convenience is
very important. As such, we cannot be responsible for any fraud losses should we not place a
temporary block on an account.
The account will be permanently blocked Lost/Stolen if the cardholder is contacted and has confirmed
that the activity is fraudulent. A Fraud Alert Detail Report will be sent to you as notification of our
action(s).
In order to ensure we are not negatively impacting your cardholders within a short period of time, the
SecurLOCK system is designed to maintain historical information on a particular fraud alert that has
been confirmed as valid activity (No Fraud) for a period of 7 days. This period of time allows
cardholder’s not to be contiously impacted by Real Time decline strategies and allows them to continue
card use as normal.
All authorizations will continue to be scored during this 7 day period by the SecurLOCK system. During
this timeframe a fraud alert may “reactivate” on closed fraud alerts or a new alert could generate for
review. This process will be implemented for the riskiest of authorization fraud scores and trends.
Therefore, a fraud alert that has been verified as valid may have the potential to “reactivate” for
suspicious activity during the 7 day period.
Keep in mind that this does not apply to fraud alerts that are considered “Unconfirmed/Active” because
we have not been able to successfully contact the cardholder. In this instance additional transactions
may cause the fraud alert to ‘resurface’ so that we can make another attempt to reach your cardholder
and verify the activity. Additionally, the IVR system will be able to identify an alert created within the
last 30 days by the phone number being called from (ANI). These unresolved cases may then be treated
in an expedited manner once the cardholder reaches a fraud alert specialist.
Fraud Alert Management Operations Guide
June 2016 © 2016 Page 6
It is extremely important that you take the time to update the home,mobile, and alternate/work
telephone numbers in your card system, as well as the cardholder’s email address, so we have current
information which will enable us to reach your cardholders as quickly as possible in the case of a fraud
alert. Currently we will send a text message to all SMS enabled phone numbers. After 30 minutes with
no response to the text message, we will call the mobile number first, then the home number, then the
work number. Lastly, we will send an email to the email address on file for the account.
If the cardholder’s telephone number information is missing or invalid, FIS will proceed with the next
necessary action such as sending the cardholder an email.
Real Time Decisioning
Real Time Decisioning allows another layer of protection for your portfolio. By reviewing authorizations
during the authorization process and interrogating risky type authorizations, you now have the ability to
prevent fraud sooner, and reduce additional exposure to a cardholder’s available balance. Through
multiple layers of review FIS targets high-risk authorizations via key filtering parameters upfront and
further focusing in on fraud through unique fraud characteristics known as rules. This approach allows
you to prevent additional fraud immediately, yet minimize impact to legitimate cardholder
authorizations.
Currently the SecurLOCK system reviews and scores the authorization after the response is presented
back to the merchant. This is called Online Mode. A risk score is assigned ranging between 0 (not at all
likely to be fraud) and 999 (very likely to be fraud) that indicates how suspicious each authorization is,
relative to other authorizations in the cardholder profile.
Fraud alerts are created for purposes of preventing fraud. Fraud alerts may be created when scores
exceed FIS pre-determined thresholds and/or fraud strategies are engaged. Fraud strategies allow other
fraud criteria to be considered in addition to or in lieu of the score to create a fraud alert after the
authorization has been processed.
Real Time Decisioning means reviewing the authorization during the authorization process to prevent
fraud while the fraudster is potentially at the point of sale.
If the authorization passes the edits, it then is presented to the Real Time authorization parameters to
target highly risky authorizations. These FIS controlled parameters key in on known patterns of risk
based on previous fraud analytics and historical fraud data. Key variables considered for FIS targeting
include, but are not limited to Country Codes, Merchant Category Codes, Previous Scores, and Dollar
Amounts.
An authorization matching the parameters is then passed to the SecurLOCK system to be scored first
and then run against Real Time Decisioning strategies. Fraud strategies are deployed by FIS Fraud
Fraud Alert Management Operations Guide
© 2016 June 2016 Page 7
Management. If the authorization meets the rule criteria, a decline response is sent back to the
merchant. Otherwise, the authorization continues through the approval process and a response is
returned to the merchant.
An authorization that does not pass the authorization parameters is processed as normal in the Online
Mode, i.e. after the response is presented back to the merchant. This means the authorizations are still
scored and reviewed for fraudulent behavior, but after the merchant receives a response.
Real Time alerts will be blocked up front by the IVR before contact is attempted to your cardholder. The
institution will receive a Fraud Alert Detail Report, prior to the contact being made. Please allow for
time for the contact to your cardholders to be made by FIS before taking action yourself. If your card
system allows for memos please check for our notes to confirm if your cardholder was reached. If you
have no notes to reference on your card system, please allow an hour before attempts are made during
contact hours.
Travel Indicator
The Travel Indicator is utilized to indicate a cardholder is traveling and the dates respectively. Once the
Travel Indicator is updated on an account, Fraud Alert Management will utilize this indicator to
recognize a separate process is required. We will utilize our experience with fraud trends and
knowledge in our review process to determine if a temporary block is warranted for the riskiest of
activity. Please remember our goal is to stop fraud and fraud may still present during cardholder travel
dates. We also recommend this for any ‘VIP’ type cardholders that the issuer wishes to alter the fraud
alert process. When a fraud alert creates we will attempt to reach the cardholder at the telephone
numbers listed on the account, as well as text and email. If we are unsuccessful in reaching the
cardholder, and we have temporary blocked the cardholder, we will generate the Fraud Alert Detail
Report to the issuer. This will provide notification to the issuer that a fraud alert has created for a
traveling cardholder that was temporary blocked due to the activity in question. In order to easily
identify a traveling cardholder verses any other Fraud Alert Detail Report that may be sent, our memo
will begin with “Travel”.
We solely rely on the issuer to update the account with a Travel Indicator and the dates of travel. This
indicator will be employed in fraud strategies as well as queue assignments for the Fraud Alert
Specialist’s review. The issuer may want to implement internal procedures for Traveling indicator
accounts to ensure all fraud prevention tools are in effect to maximize protection. Please be sure to
reference the Cardholder Exclusions and Reports Guide for specific details surrounding these processes.
We encourage the issuer to add an extra day to the timeframe selected if the account is to be excluded
the whole day. These exclusions are set to expire at 12:00am GMT on the end date chosen. So if the
cardholder will be transacting at all that date it is recommended to set the end date a full day further
out to ensure the cardholder is not inconvenienced.
Fraud Alert Management Operations Guide
June 2016 © 2016 Page 8
*Note - the travel exclusions are used to alter how Fraud Alert Management processes the
authorizations as a result FIS would be exempt from any loss that may occur during the use of these
exclusions.*
Fraud Alert Management Operations Guide
© 2016 June 2016 Page 9
External Scores
FIS has integrated Visa Advanced Authorization data elements into our authorization systems and Fraud
Alert Management processes. In some cases MasterCard EMS scores will also be utilized in the
SecurLOCK Predict product. Strategies have been implemented in our Fraud Alert Management service
to review activity and generate fraud alerts based on these data elements. FIS continually analyzes
these codes to ensure only the most effective codes are creating fraud alerts.
This added enhancement is a standard part of the Fraud Alert Management service at no additional
product cost to clients.
Visa Advanced Authorizations
Visa Advanced Authorizations is an enhancement to VisaNet authorization processing. Risk level data
elements, called Risk Score and Risk Condition Codes, are encoded into incoming messages that will
provide insight into new and emerging fraud schemes.
Risk Condition Codes provide descriptive information on high-risk compromise events. A Risk Condition
Code (RCC) will be received on every authorization if the account was listed on a previous CAMS alert.
Each RCC contains data about the compromised event based on analysis by Visa. There are hundreds of
RCC combinations. Because RCCs are provided with all CAMs accounts, only the riskiest codes should be
used to generate a fraud alert.
* Visa Advanced Authorizations is a service of Visa. Licensing and fees may apply to participate in their
programs.
Mastercard
Expert Monitoring System (EMS) is a fraud scoring solution that offers clients both primary and
supplemental means of fraud detection and risk decisioning capabilities. For each authorization
request, MasterCard evaluates compromise events to determine whether the accounts referenced in
the request may have been compromised and provide a predictive threat score that can enhance your
real-time authorization decisioning and fraud detection processes. These scores can range from 000-
999.
* Mastercard EMS is a service of Mastercard. License and fees may apply to participate in their
programs.
**This is subjected to availability with the SecurLOCK Predict product.**
Fraud Alert Management Operations Guide
June 2016 © 2016 Page 10
Automated Contact Systems
Automated Call System
FIS is integrated with an automated call system (IVR) referred to as SecurLOCK Communicate for Fraud
Alert Management service. The IVR is employed to initiate cardholder contact on fraud alerts to help
improve contact rates with cardholders and allow Fraud Alert Management Specialists to direct their
attention to confirmed alerts of fraud and those with higher risk activity.
When contact with the cardholder is needed, their account information is moved to a Call Queue in the
IVR. The system initiates a call to the cardholder’s telephone numbers on file. When contact is made,
the IVR processes the call as follows:
Identifies that the call is on behalf of [Financial Institution Name] Fraud Service Center.
Confirms if the recipient is the cardholder [Cardholder Name Spoken].
If the cardholder is unavailable, a message is played asking that the cardholder return the call,
and provides the appropriate toll-free number.
If the cardholder is available, the system verifies their identity by prompting entry of the their
date of birth or ZIP code if the full date of birth is missing.
When the cardholder’s identity is confirmed, they are then prompted to confirm the reported
transaction(s) as legitimate or suspect by using their telephone keypad to respond. The cardholder is
presented up to five transactions if available on the fraud alert. If the cardholder indicates that they do
not recognize any of the reported transactions, the call is automatically routed to a Fraud Alert Specialist
for further action. Additional security tokens may be required when connected to a specialist. If all
transactions are acknowledged as legitimate, the call is completed and the fraud alert will be updated
appropriately as No Fraud.
If the IVR reaches an answering machine or voicemail system, the following message is left for the
cardholder:
“This is the fraud service center calling on behalf of (Financial Institution) with an important message for
(Cardholder 1)(or Cardholder 2). We need to verify some recent activity on your (Visa/MasterCard)
(Credit/Debit/ATM) ending in (Last Four of Account Number). For expedited service when returning our
call, please reference case number (Case Number Read Digit by Digit). It is important that you call us
back at your earliest convenience, toll free at 800-369-4887. If you are outside of the US or Canada,
please call us collect at 727-227-2447. You may call us back 24 hours a day, 7 days a week. The number
again is 800-369-4887. Your case number is (Case Number Read Digit by Digit). Thank you.”
Fraud Alert Management Operations Guide
© 2016 June 2016 Page 11
Automated SMS System
In addition to the Automated Call System, FIS is integrated with an automated Short Message Service (SMS) which sends a short message, or text message, to all mobile phone numbers listed on the account. The text message will contain their Financial Institution, the last four of their account number, and information about the suspicious transaction which triggered the fraud alert. Additionally, it will provide them with options to confirm the activity as valid or as unrecognized. SMS are free to end user. The short code for our SMS text is: 32874. Example SMS: FreeMsg: (Financial Institution) Fraud Dept 8003694887: Suspicious txn on acct 1111: $201.99 WALMART. If authorized reply YES, otherwise reply NO. To Opt Out reply STOP. If they reply YES the case will be closed as not fraud and they will receive the following response:
FreeMsg: (Financial Institution) Fraud Dept: Thank you for confirming this activity. Your account is safe for continued use. To Opt Out reply STOP.
If they reply NO the Automated Call System will generate an outbound call to the cardholder during available calling hours. The cardholder will be asked to identify security and the call will then be transferred to a Fraud Alert Specialist. The cardholder will also receive the following response:
FreeMsg: (Financial Institution) Fraud Dept: Thank you. We will call you or you can call us anytime at 800-369-4887. To Opt Out reply STOP.
Automated Email System
FIS is also integrated with an automatic email system which will send an email to the email address on file for the account. The email will contain details about the fraud alert.
Fraud Alert Management Operations Guide
June 2016 © 2016 Page 12
Example Email:
Fraud Alert Management Operations Guide
© 2016 June 2016 Page 13
If they click the link “All Transaction(s) Authorized” then we will close the case as not fraud, remove any temporary block and they will be provided with the following message:
If they choose the link “One or More Transaction(s) NOT Authorized” the Automated Call System will generate a call to their phone numbers on file ( timezone permitting) and then transfer them to a Fraud Alert Specialist after verifying security. Additionally, they will be provided the following message:
Fraud Alert Management Operations Guide
June 2016 © 2016 Page 14
Security Verification
In order to provide a greater level of privacy and security for your cardholders while still accurately
verifying the caller’s identity, we utilize several points of security verification. Initially the incoming
phone number is tested to ensure that it was not spoofed to make it look like a genuine phone number.
Then, the Automatic Number Identification (ANI) system identifies the telephone number the
cardholder is using when they contact the FIS IVR and compares it to the phone numbers on existing
accounts with a fraud alert. If the ANI does not match an existing fraud alert, then the caller is
prompted to enter their phone number on file.
For inbound calls to the IVR, the Case Number and the ANI, or the manually input phone number, will
be the primary security tokens to authenticate a fraud alert. Cardholder’s calling from a phone number
on their account or successfully inputting the correct phone number, will be requested to provide their
case number. If they do not have the case number, then they will be asked to verify their date of birth or
their ZIP code if their full date of birth is missing or invalid.
When the cardholder speaks directly to a Fraud Alert Specialist to ensure that FIS is speaking with the
primary or secondary cardholder (if applicable) and not another member of the family or household
guest, cardholders are asked to provide the case number and/or telephone number listed on the
account along with the last four digits of the social security number or tax identification number (FIS
does not ask for their entire number), and the Date of Birth, when they return a call to FIS. This security
information may be altered as necessary to assist in validating the caller. When the Fraud Alert Specialist
determines they are speaking with the cardholder, they can begin inquiring about the transactions on
the fraud alert. However, if a caller insists upon verifying transactions, and is NOT listed as the primary
or secondary cardholder, FIS does not release information to that person.
For cardholders who simply will not verify any type of personal information, FIS politely refers them
back to the financial institution. FIS will send you the Fraud Alert Detail Report, including a memo
indicating that this particular cardholder refused security verification, and then close the fraud alert as
Active - Unable to Confirm Fraud.
For issuers calling in to discuss a fraud alert we ask for the “The Code of The Day” to be validated before
releasing any account information. Please refer to your Client Services or Product Support Team if you
need information about “The Code of The Day”. Please keep this information safe and secure and
provide to only employees that need to know in order to speak to Fraud Alert Management.
Please alert your staff to this procedure so they can reassure customers who may call you to confirm the
call was valid. In addition, you may want to consider a statement message or note in your next
newsletter or website to familiarize customers with the Automated Contact System.
Fraud Alert Management Operations Guide
© 2016 June 2016 Page 15
Fraud Alert Detail Reports
If we are unable to reach the cardholder, we will send the Fraud Alert Detail Report to your institution
for you to take any further action you deem necessary and close the fraud alert with FIS. You will see
our comment “SEND EMAIL TO ISSUER” which initiates the automated process of sending the Fraud
Alert Detail Report to your financial institution. The Fraud Alert Detail Report is sent under the following
circumstances:
When we have placed a temporary block on the account.
When we have confirmed fraud and placed a permanent block on the account.
Your cardholder refuses to validate security with us. We will refer them to the financial
institution.
Suspicious callers that need to be referred to the Financial Insitution for further assistance.
Based on your instructions, we can add or remove a block on the account, or we can take no action at all
and close the fraud alert. If the cardholder calls you directly regarding our verification attempt, it is very
important that you notify the Fraud Alert Management department when you confirm the activity so we
can update the status of the fraud alert appropriately.
This allows us to update our records and provide accurate reporting. We prefer notification to our
department for any fraud alert related updates via cardholder IVR by self resolving the alert, or email at
[email protected]. If emailing, please provide the following information on fraud alerts in the body
of the email: Case number or last four of PAN if case number is not available, full cardholder name, and
information in regards to the validation of the fraud alert (No Fraud, Confirmed Fraud, removed
temporary block, etc.). Please note this email address is only for fraud alert updates. Please refer all
other questions to your Client Services or Product Support Teams.
**For Passthru system users only: Fraud Alert E-Delivery screen – The Fraud Alert Detail Report will
no longer show the tag for the transaction that created the alert. The IVR system no longer tags any
transactions, until validation of No Fraud or Fraud occurs. This will result in authorizations showing
with no tags on the E-Delivery screen. If an agent touches the alert, they will tag the appropriate
transactions. This is only for the E-Delivery screen. If you receive the Emailed Fraud Alert Detail
report it will still show tagged transactions.**
Fraud Alert Management Operations Guide
June 2016 © 2016 Page 16
A sample Fraud Alert Detail Report is shown below. See the field descriptions for further explanation on
each item identified.
These reports are only generated via e-mail for more efficient and secure handling. FIS prefers to utilize
a group or department e-mail address rather than an individual e-mail address as they can go
unattended during vacation and time away from the office. In addition, we can only provide the fraud
alert to one e-mail address; therefore a department e-mail address is preferred. Also, it is important to
note that the e-mail address you provide should be no longer than 60 characters in length. This includes
the ‘@fi.org’ or ‘@fi.com’ extension. Please ensure to update your Client Services or Product Support
team if you should need to change your current e-mail contact information.
The subject line of the e-mail will contain the following:
{InstitutionID}.{PANLast4}.{LastName}.{Time-HHmm}.{CaseStatusCode}.
Naming Element Description
Institution ID Card Portfolio Number, Institution ID, ABA Number, Mainbank Number, or Routing and Transit Number preceded by a 1.
PANLast4 Last four digits of the Credit/Debit/ATM number
Last Name Cardholder last name
Time-HHmm 12-hour format with AM/PM indicating when the alert was e-mailed
CaseStatusCode Two-digit Case Status Code:
Back, etc.)
We would suggest Issuers view their alerts in the order of priority:
First priority is 03 = Other Status (Active, Unable to Confirm, Call Back, etc.) These are the most important, as they have not been confirmed by your cardholder.
Second priority is 01 = Confirmed Fraud
These typically require follow-up action on reissued cards or action to start the fraud chargeback process by the Financial Institution.
Third priority is 02 = Confirmed Not Fraud Review these fraud alerts for validated activities in case additional review of the case is warranted.
Fraud Alert Management Operations Guide
© 2016 June 2016 Page 17
Example Fraud Alert Detail Report
Figure 1.
Field Descriptions – Cardholder / Case Info Section
Institution Name
Lists the name of the financial institution.
Customer Name
Lists the name of the cardholder.
Case Number
Lists the unique number assigned.
Card Number
Lists the cardholder’s last four of the PAN.
Block Status
Block status within the fraud alert. Will list as ‘No Block’ if we have been unable to reach the cardholder
or ‘Temporary Block’ if we have been unable to reach the cardholder and have placed a Temporary
Block on the account due to suspicious activity. “Fraud Block” will display when fraud has been
confirmed on the card and a Permanent Block has been placed.
Fraud Alert Management Operations Guide
June 2016 © 2016 Page 18
Fraud Type
Lists the fraud type if the account is closed Confirmed Fraud: Account Takeover, Application, Card
Skimmed, Counterfeit, ID Theft, Internet, Lost/Stolen, Mail/Phone, Non-Receipt.
Case Status
Lists the status of the fraud alert when sent: Active – CCS No Contact Active – Unable to Confirm Closed – Fraud Closed – No Fraud Closed –Unable to Confirm
The ‘Unable to Confirm’ and ‘Active – CCS No Contact’ status are still eligible to resurface again to be worked if further activity warrants review. ‘Confirmed Fraud’ status will not resurface to work again since the account has been Permanently Blocked.
The actions taken on the fraud alert can also be viewed in the comment section of the Fraud Alert Detail Report which provides the detailed actions taken by both specialists and our Automated Contact System.
Field Descriptions – Case Actions Section
Date and Time
Lists the date and time of the actions taken on the account.
Case Actions
Lists the actions taken by the IVR as well as by the Fraud Alert Specialist who has worked the fraud alert.
Field Descriptions – Transaction History
Transaction Date/Time
Lists the date and time of the transaction in Eastern Standard Time.
Transaction Tag
Reflects the status of the authorization(s) associated with the fraud alert (Suspect Fraud, Not Fraud,
Fraud).
Authorization Amount
Lists the dollar amount of the transaction in U.S. currency.
Fraud Score
Lists fraud scores from 0 through 999.
Fraud Alert Management Operations Guide
© 2016 June 2016 Page 19
Auth Decision Code
Denotes if the Authorization system approved or declined the transaction. Values include:
Value Description
A Approval
D Decline
P Pickup
Decline Code Lists the two digit FIS – SecurLOCK defined alpha/numerical code for the decline or approval if provided. Based upon the data passed from the card system this code will match a universal FIS SecurLOCK code which will display on the fraud alert. For clarification of the code provided we suggest referencing the authorization on the card system for the original decline reason. The values include:
Decline Code (Response codes includes Approval Codes) Authorization Decision Code
Approval Response
00 - Approved or completed successfully. A
09 - Request in progress. A
10 - Approved for partial amount. A
11 - Approved. A
16 – Approved. A
Pick Up Card Response
04 - Pick-up. P
07 - Pick-up card, special conditions. P
33 - Expired card, pick-up. P
34 - Suspected fraud, pick-up. P
35 - Card acceptor contact acquirer, pick-up. P
36 - Restricted card, pick-up. P
37 - Card acceptor call acquirer security, pick-up. P
38 - Allowable PIN tries exceeded, pick-up. P
41 - Lost card, pick-up. P
43 - Stolen card, pick-up. P
67 - Hard capture, pick-up. P
89 - Card verification value (CVV) verification failed (No pickup).
P
Decline Response
02 - Refer to card issuers special conditions. (Specific block codes)
D
Fraud Alert Management Operations Guide
June 2016 © 2016 Page 20
03 - Invalid merchant. D
05- General Decline D
06 - Error. (System error prevented approval) D
12 - Invalid transaction. (Type of transaction is not supported. Example - Selected 'credit' when only a 'debit' card.)
D
13 - Invalid amount. D
14 - Invalid card number. D
15 - No such issuer. D
19 - Re-enter transaction. (System error requesting to reprocess)
D
20 - Invalid response. (System error prevented approval) D
23 - Unacceptable transaction fee. (The fee was deemed unacceptable)
D
39 - No credit account. D
40 - Requested function not supported. D
42 - No universal account. D
44 - No investment account. D
51 - Insufficient funds. D
52 - No checking account. D
53 - No savings account. D
54 - Expired card. D
55 - Incorrect PIN. D
56 - No card record. D
57 - Transaction not permitted to cardholder. D
58 - Transaction not permitted to terminal D
59 - Suspected fraud. (Temporary block for specific switches only)
D
60 - Card acceptor contact acquirer. (Notify merchant to contact issuer)
D
61 - Exceeds withdrawal amount limit. D
62 - Restricted card. D
63 - Security violation. (Example - OFAC countries) D
65 - Exceeds withdrawal frequency limit. D
66 - Card acceptor call acquirer security. (An acquire denial with instruction for the merchant to contact the sponsor bank.)
D
75 - Allowable number of PIN tries exceeded. D
78 - Customer not eligible for POS (STAR). D
82 - Count exceeds limit (VISANet limit exceeded). D
86 - Cannot verify PIN (VISANet fails pin validation). D
88 - Information not on file. (unable to complete authorization due to missing information)
D
91 - Issuer or switch is inoperative. D
93 - Transaction cannot be completed, violation of law. (Transaction deemed illegal) (Example - online gambling)
D
Fraud Alert Management Operations Guide
© 2016 June 2016 Page 21
N7- CVV2 decline D
SR – Bad CVV2 D
S3 – Cashback Limit Exceeded D
S9 Expiration Date Mismatch D
POS Entry Code Lists the entry method of the authorization on the card.
Values include:
Value Description
C = Contactless Magnetic Stripe D = Contactless Microchip Card E = Ecommerce (card not present) F = Fallback to Magnetic Stripe G = Fallback to Keyed Entry K = Keyed (card not present) S = Swiped (card present) T = Chip Read (CVV/CVC may not be available) U = Magnetic Strip Read V = Chip Read Blank = Unknown/Other Merchant Name
Lists the name of the merchant, if available.
Merchant Category Code (SIC)
Lists the classification of the merchant associated with the transaction.
Merchant Postal Code
Lists the ZIP Code of the merchant.
Merchant Country Code
Lists the Country Code of the merchant.
Card Expiration Date
Displays the current expiration date of the card utilized.
Number of Cards
Lists the Number of Cards distributed on the account.
Fraud Alert Management Operations Guide
June 2016 © 2016 Page 22
EXT Risk Code (External Risk Code)
Lists the Visa Advanced Authorization (VAA) Risk score or MasterCard Risk Score of the transaction if one
is provided. The VAA Risk score and the MasterCard EMS score, like the SecurLOCK system score,
indicates the probability that the transaction is fraudulent.
VISA - The first 2 digits of this field are populated on the fraud alert and represent a number
ranging from 1 – 99 and represent the Risk score. The 3rd and 4th digits are reserved for future use.
Visa assigns a 2 digit score, from 1 to 99. The higher the score, the more likely it is to be fraudulent. This
score is calculated using predicative fraud models, built on Visa’s transaction database.
MASTERCARD EMS – This is a three digit number ranging from 000-999 to represent the score. The higher the score, the more likely it is to be fraudulent. This score is calculated using predicative fraud models, built on MasterCarrd’s transaction database. (subjected to availability)
**Client must be signed up for this product with VISA or MasterCard**
EXT Risk Cond Code (External Risk Condition Code)
VISA - Lists the Visa Advanced Authorization Risk Condition Codes (RCC) for the transaction if
one is provided. The first 2 digits of this field are populated on the fraud alert and represent the
Condition Code. The next 4 are reserved for future use. This code provides descriptive information
about high-risk events detected across the VisaNet payment system. Current RCCs focus on high-risk
event activity on compromised accounts. Therefore, a RCC is only assigned to an account if it was listed
on a previous CAMS alert. A RCC alone is not necessarily indicative of a fraudulent transaction.
**Client must be signed up for this product with VISA**
Fraud Alert Management Operations Guide
© 2016 June 2016 Page 23
Memo Abbreviations and Definition Examples
This topic provides descriptions for the memo abbreviations and definitions used by our Fraud Alert
Management department. These memos are placed on the Fraud Alert Detail Report and card system
where available. We have revised our comments where feasible to ease comprehension. Use of
abbreviations has been limited.
ANI = Automated Number Identifier
Card1 = Cardholder 1
Card2 = Cardholder 2
CCS-Result: FICO TRANSVER = This means our IVR system taking automated actions on the alert
CCS-Result: Temp Block = Transaction is reason that the alert is being temporary/warm blocked
CH = Cardholder
FI = Financial Institution
FRMC = Case actions being sent and received by IVR
FRMC: Acknowledgment Received From CCS – Alert picked up to start contacting cardholder
FRMC: Case sent to CCS = Alert sent to IVR
IB= Inbound
ISSR = Issuer
IVR = Integrated Voice Response Unit
POSS = Possession
SEND EMAIL TO ISSUER = this initiates the Fraud Alert Detail Report email to the institution
Set CB =Set Callback
SMS = Text for mobile phone
Temp Block/Warm Block = Temporary Block/Warm Block
VRU = Voice Response Unit