securlock fraud alert management operations guide 2016 · the success of fraud prevention depends...

Participant Guide

SecurLOCK Fraud Alert Management

Operations Guide 2016

Fraud Alert Management Operations Guide

Page ii June 2016 © 2016

© 2016 FIS. Intellectual property. All rights reserved.

This document and its contents are confidential and proprietary to FIS.

No reproduction or distribution of this document or its contents is allowed, in whole or in part, in any form, without the written permission of FIS.


© 2016 June 2016 Page iii

Table of Contents

Disclaimers ....................................................................................................................................... iv

Notices ..................................................................................................................................................... iv

Institution’s Responsibilities .................................................................................................................... iv

Confidentiality ........................................................................................................................................... v

Introduction to FIS Fraud Alert Management Services .........................................................................1

Contact Numbers and Hours of Operation ..........................................................................................2

Updating Cardholders’ Personal Information ......................................................................................3

Updating Issuer Card Department Contact Information .......................................................................3

Educate Cardholders about Fraud Alert Management Services ............................................................4

Fraud Alert Management ...................................................................................................................5

Real Time Decisioning ........................................................................................................................6

Travel Indicator ..................................................................................................................................7

External Scores ..................................................................................................................................9

Visa Advanced Authorizations .................................................................................................................. 9

Mastercard ................................................................................................................................................ 9

Automated Contact Systems ........................................................................................................... 10

Automated Call System ........................................................................................................................... 10

Automated SMS System .......................................................................................................................... 11

Automated Email System ........................................................................................................................ 11

Security Verification ......................................................................................................................... 14

Fraud Alert Detail Reports ................................................................................................................ 15

Example Fraud Alert Detail Report ......................................................................................................... 17

Memo Abbreviations and Definition Examples ................................................................................. 23


Page iv June 2016 © 2016

Disclaimers

Notices

FIS uses reasonable efforts to ensure the accuracy of the material described in this Guide. This Operations guide is current only through the published date. Thereafter, changes to FIS's systems, programs, and procedures may occur that are not referenced in this guide. Such changes will be communicated to the financial institution by the Client Communications department. In addition, from time to time, FIS may make updates to this Operations guide available to the institution.

FIS makes no warranty, express or implied, with respect to the quality, accuracy or completeness of this Operations guide or the products it describes. FIS makes no representation or warranty with respect to the contents of this Operations guide and specifically disclaims:

Any implied warranties of fitness for any particular purpose; and

Liability for any direct, indirect, incidental or consequential, special or exemplary damages, including but not limited to, lost profits resulting from the use of the information in the Operations guide or from the use of any products described in this guide.

Data used in examples and sample data files are provided for practice and illustration purposes only. Any similarities to real persons or companies in any examples or illustrations are entirely coincidental.

Before using reference materials provided by FIS, the institution should review its entire Financial Institution Service Agreement with FIS to familiarize itself with all of the terms of the Agreement. The institution should specifically review the contractual obligations listed below.

Institution’s Responsibilities

The financial institution is solely responsible for complying with:

All laws, rules, and regulations applicable to all aspects of the operations of the Visa and/or MasterCard programs;

Usury laws;

The Truth-In-Lending, Fair Credit Reporting, Equal Credit Opportunity, and Electronic Funds Transfer Acts;

All state laws and regulations regardless of whether the financial institution uses any forms or other materials supplied by FIS.

The financial institution has already acknowledged that it either possesses a copy of the Visa and MasterCard by-laws, rules, and regulations, or it knows that it may receive a copy of each by requesting them in writing from Visa and MasterCard or FIS, and paying the applicable fees.


© 2016 June 2016 Page v

Confidentiality

The financial institution has agreed to hold as secret and confidential information, reports, plans, cardholder lists, documents, drawings, writings, samples, know-how, and other proprietary material received from FIS (Confidential Information).

Confidential Information provided by FIS remains the property of FIS. The financial institution must restrict access to Confidential Information received from FIS to those employees and persons in the organization who need to know such Confidential Information in order to fulfill their obligations. The contents of this guide and other information provided by FIS are deemed to be Confidential Information.

The institution should review the Financial Institution Service Agreement with FIS if it has any questions regarding the above. For any questions of a legal nature, the institution should consult legal counsel.

FIS, Inc.

North America Card Division

Documentation Department

11601 Roosevelt Blvd.

St. Petersburg, FL 33716

FIS (http://www.fisglobal.com)

E-Library E-Mail Address (mailto:[email protected])

http://www.fisglobal.com/

mailto:[email protected]


© 2016 June 2016 Page 1

Introduction to FIS Fraud Alert Management Services

FIS has developed a state of the art fraud detection/prevention solution through the integration of

authorization and card systems, neural network technologies and fraud analytics. FIS neural network

capabilities include the use of the FIS proprietary fraud business intelligence, FICO’s Falcon Fraud

ManagerTM neural network engine, as well as other data sources including Visa Advanced Authorizations

and MasterCard EMS (Expert Monitoring System Code) where applicable. These components combine

individual cardholder behavior, transactional data, credit/debit modeling techniques and other fraud

analytical strategies to prevent fraud, including the ability to stop potentially fraudulent transactions

Real Time at the point of sale.

Fraud Alert Management Servicing: We are on guard for our client partners 24 hours a day, 365 days a

year. Utilizing integrated neural network solutions and teams of both Fraud Alert Specialists and Fraud

Analysts to provide financial institutions a full complement of detection and prevention efforts.

Servicing includes fraud strategy deployment, case management, fraud alert analysis, account blocking,

transaction validation, issuer notification through Fraud Alert Detail Reports, and monthly and daily

reporting. Fraud strategy rules can be applied in two methods: Real Time scoring during the

authorization cycle, or post authorization.

Falcon Fraud ManagerTM is a proprietary fraud detection product developed by FICO, a leader in

transaction fraud detection. Together with analytic services offered by FIS and the Falcon Fraud

Manager engine, Fraud Alert Management delivers one of the most powerful resources against fraud

available. Our service uses individual cardholder, transaction, and merchant data to detect a wide range

of credit and debit card fraud, including the following categories, which comprise more than 95 percent

of all credit and debit card fraud losses:

Account Takeover Application

Card Skimmed Counterfeit

ID Theft Internet

Lost/Stolen Mail/Phone

Non-receipt

Currently, there are three ways in which a fraud alert is generated; fraud scores assigned by the SecurLOCK System, fraud trend strategies, and Real Time decline strategies. These thresholds are determined by FIS, Institutions cannot adjust them. FIS sets the same threshold levels for all subscribers. The threshold will never vary widely as it determines the number of fraud alerts FIS can effectively handle in a timely manner. The lower the threshold, the more fraud alerts generated.

Neural networks recognize specific fraud patterns, and discriminate between low and high-risk

authorizations. The scoring component contains a neural engine that can simultaneously examine very

large amounts of transaction and cardholder data. For each authorization processed through FIS, the

neural network assigns a risk score from 0 (not at all likely to be fraud) to 999 (very likely to be fraud).


June 2016 © 2016 Page 2

This score indicates how suspicious each transaction is relative to other transactions on record. The

scoring model is proprietary to the vendor, FICO, and FIS cannot alter the model.

FIS staffs experienced fraud analysts who look for fraud patterns across all customers and create rules to find and prevent additional fraud that could occur below the score threshold set by FIS. These rules can be either simple fraud strategies or advanced strategies using data within the neural network, and other inputs outside of the neural network. Rules can be implemented as Real Time, focusing on high-risk transactions to prevent fraud directly at the point of sale using Real Time Decisioning, or as Fraud trend rules to promptly detect fraud after the authorization response is presented to the merchant.

Contact Numbers and Hours of Operation

If the financial institution needs to update us to close a fraud alert, we prefer notification to our

department for any fraud alert related information updates via email at [email protected], or by

calling the cardholder line to validate through self-service. However, if emailing, please provide the

following information on fraud alerts in the body of the email: Case number and the last four of PAN, full

cardholder name, and information in regards to the validation of the fraud alert (No Fraud, Confirmed

Fraud, removed temporary block, etc.). Please note this email address is only for fraud alert updates. It

is only necessary to advise us of updates for current fraud alerts (within 7days of creation). Please

refer all other questions/inquiries to your Client Services or Product Support Teams.

If your financial institution needs to contact the Fraud Alert Management team directly for questions on

active alerts, please use the following number to bypass the cardholder IVR 1-866-334-1048. This is for

use by the financial institution only. Please do not share this number with your cardholders.

If the institution wants to validate as the cardholder via the IVR, please call directly to 800-369-4887. The phone number and the case number or the date of birth— or the ZIP code if the full date of birth is missing –listed on the account are needed for security verification. There will be a memo on the account that shows validated activity (FICO Fraud Verification - all transactions confirmed valid.) so it would be beneficial to add your own FI memo to the account to indicate the institution validated the activity versus the cardholder. This is a time saving process for the institution rather than waiting for an available specialist. We highly suggest utilizing the IVR on our busiest of days, Mondays, and days following holidays.

SecurLOCK Fraud Alert Management service hours are 24 hours a day, 7 days a week. Cardholders are emailed 24 hours a day, 7 days a week. They are called between the hours of 8:00 AM and 9:00 PM, and text messaged between the hours of 7:00 AM and 10:00 PM, in their specific time zone. However, we continue to monitor account activity during non-calling and non-texting hours, and take appropriate action as needed.

FIS utilizes a toll-free telephone number for fraud alert verification purposes; 800-369-4887 (we

prohibit publication of this number). Please note that we also provide a collect telephone number for

your cardholders that may be traveling or living overseas. This collect number 727-227-2447 is only to

be used for international cardholders who are returning a call made by Fraud Alert Management.



© 2016 June 2016 Page 3

Updating Cardholders’ Personal Information

The success of fraud prevention depends on the cardholder verification process. It is critical that you

provide accurate cardholder mailing address, email address, and telephone number information to FIS.

We encourage you to gather cell/mobile telephone numbers and email addresses from your cardholders

to make use of them. Your Client Services or Product Support Team can assist you with details on how to

update the appropriate card system with additional telephone numbers and an email address.

Updating Issuer Card Department Contact Information

If your card department has a change in contact information for your Fraud Alert Detail Reports please

notify your Client Services or Product Support Team at FIS to open a case management services (CMS)

ticket. They will then notify the Fraud Alert Management team to update your information. If you

utitilize the Client Portal you can open this ticket yourself requesting us to update contact information

for your Institution.


June 2016 © 2016 Page 4

Educate Cardholders about Fraud Alert Management Services

When it comes to using FIS Fraud Alert Management services, the good news is cardholders do not have

to do a thing but use their cards to be protected. Consumers who find out they are being protected by

one of these programs say they will start using their card more often. How do we know?

Each month, the Performance Management unit at FIS conducts a random survey of your cardholders

who have had a fraud alert generated by our service. Repeatedly, these cardholders tell us they did not

know such protection existed—much less that their card was guarded by it!

Cardholders are impressed to learn that our Fraud Alert Management team has been hard at work

behind the scenes, watching their individual accounts when suspicious activity occurs. They also tell us

they will be using their card more frequently knowing they have this protection.

Don't be shy about informing your cardholders about the value of your portfolio’s fraud protection. Why

let your cardholders find out about it from us after a fraud alert has been generated? Be the first to tell

them that you are looking out for their best interests. It’s in your best interest too!

If you do protect your portfolio with our service, print an article in your newsletter, send a direct mail

package, update your website or add a message or insert to their statement. Educate your cardholders

about these security protection services!

Guarding your portfolio with FIS SecurLOCK Fraud Alert Management services gives you more than

state-of-the-art fraud protection. If cardholders in our survey sample are typical, you will have a

significant marketing advantage at the same time.

FIS prohibits any Financial Institution from adding our Fraud Alert Management Toll free number on plastics, statements, websites, voicemails or any other documentation. This includes listing our processes on documents or websites. We need to keep this number safe and secure; preventing it from being obtained and used to incur fraud. Financial Institutions should transfer callers to the department IVR if they have confirmed a current fraud alert has incurred impact to their cardholder, or refer the caller to call the number listed on their voicemail. Cardholders may also use this number for other types of inquiries which can cause delays as our Fraud Alert Specialists are only available to answer questions related to a particular fraud alert.


© 2016 June 2016 Page 5

Fraud Alert Management

Fraud alerts are generated based on the probability of fraud assessed by FIS’s neural network and rules

engine. Automated processes review suspicious activity on lower risk items in order to reduce the false

positive rate of cardholder contact and help ensure consistent review of all suspicious activity. There

are occasions that a fraud alert will generate due to elevated probability of fraud but further/second

step statistical analysis will demonstrate that the transactional activity is normal. In this instance a call

will not be placed to the cardholder and memos will not be added to the fraud alert. Speed of detection

is imperative in fraud management therefore; the highest risk items will be contacted first by FIS’s Fraud

Alert Management. Any change in transaction activity is constantly evaluated in real time, and will

generate resurface fraud alerts if the probability of fraud has elevated.

Fraud alerts and their corresponding transactions are reviewed by a member of the FIS team and further

evaluated to determine the next appropriate action. For example, a temporary block can be placed on

the card to protect the cardholder until they can be reached, or the issuer can simply be notified for

consideration of internal action. We use our best judgment and experience when determining if a

temporary block is necessary. We make these decisions very carefully because customer convenience is

very important. As such, we cannot be responsible for any fraud losses should we not place a

temporary block on an account.

The account will be permanently blocked Lost/Stolen if the cardholder is contacted and has confirmed

that the activity is fraudulent. A Fraud Alert Detail Report will be sent to you as notification of our

action(s).

In order to ensure we are not negatively impacting your cardholders within a short period of time, the

SecurLOCK system is designed to maintain historical information on a particular fraud alert that has

been confirmed as valid activity (No Fraud) for a period of 7 days. This period of time allows

cardholder’s not to be contiously impacted by Real Time decline strategies and allows them to continue

card use as normal.

All authorizations will continue to be scored during this 7 day period by the SecurLOCK system. During

this timeframe a fraud alert may “reactivate” on closed fraud alerts or a new alert could generate for

review. This process will be implemented for the riskiest of authorization fraud scores and trends.

Therefore, a fraud alert that has been verified as valid may have the potential to “reactivate” for

suspicious activity during the 7 day period.

Keep in mind that this does not apply to fraud alerts that are considered “Unconfirmed/Active” because

we have not been able to successfully contact the cardholder. In this instance additional transactions

may cause the fraud alert to ‘resurface’ so that we can make another attempt to reach your cardholder

and verify the activity. Additionally, the IVR system will be able to identify an alert created within the

last 30 days by the phone number being called from (ANI). These unresolved cases may then be treated

in an expedited manner once the cardholder reaches a fraud alert specialist.


June 2016 © 2016 Page 6

It is extremely important that you take the time to update the home,mobile, and alternate/work

telephone numbers in your card system, as well as the cardholder’s email address, so we have current

information which will enable us to reach your cardholders as quickly as possible in the case of a fraud

alert. Currently we will send a text message to all SMS enabled phone numbers. After 30 minutes with

no response to the text message, we will call the mobile number first, then the home number, then the

work number. Lastly, we will send an email to the email address on file for the account.

If the cardholder’s telephone number information is missing or invalid, FIS will proceed with the next

necessary action such as sending the cardholder an email.

Real Time Decisioning

Real Time Decisioning allows another layer of protection for your portfolio. By reviewing authorizations

during the authorization process and interrogating risky type authorizations, you now have the ability to

prevent fraud sooner, and reduce additional exposure to a cardholder’s available balance. Through

multiple layers of review FIS targets high-risk authorizations via key filtering parameters upfront and

further focusing in on fraud through unique fraud characteristics known as rules. This approach allows

you to prevent additional fraud immediately, yet minimize impact to legitimate cardholder

authorizations.

Currently the SecurLOCK system reviews and scores the authorization after the response is presented

back to the merchant. This is called Online Mode. A risk score is assigned ranging between 0 (not at all

likely to be fraud) and 999 (very likely to be fraud) that indicates how suspicious each authorization is,

relative to other authorizations in the cardholder profile.

Fraud alerts are created for purposes of preventing fraud. Fraud alerts may be created when scores

exceed FIS pre-determined thresholds and/or fraud strategies are engaged. Fraud strategies allow other

fraud criteria to be considered in addition to or in lieu of the score to create a fraud alert after the

authorization has been processed.

Real Time Decisioning means reviewing the authorization during the authorization process to prevent

fraud while the fraudster is potentially at the point of sale.

If the authorization passes the edits, it then is presented to the Real Time authorization parameters to

target highly risky authorizations. These FIS controlled parameters key in on known patterns of risk

based on previous fraud analytics and historical fraud data. Key variables considered for FIS targeting

include, but are not limited to Country Codes, Merchant Category Codes, Previous Scores, and Dollar

Amounts.

An authorization matching the parameters is then passed to the SecurLOCK system to be scored first

and then run against Real Time Decisioning strategies. Fraud strategies are deployed by FIS Fraud


© 2016 June 2016 Page 7

Management. If the authorization meets the rule criteria, a decline response is sent back to the

merchant. Otherwise, the authorization continues through the approval process and a response is

returned to the merchant.

An authorization that does not pass the authorization parameters is processed as normal in the Online

Mode, i.e. after the response is presented back to the merchant. This means the authorizations are still

scored and reviewed for fraudulent behavior, but after the merchant receives a response.

Real Time alerts will be blocked up front by the IVR before contact is attempted to your cardholder. The

institution will receive a Fraud Alert Detail Report, prior to the contact being made. Please allow for

time for the contact to your cardholders to be made by FIS before taking action yourself. If your card

system allows for memos please check for our notes to confirm if your cardholder was reached. If you

have no notes to reference on your card system, please allow an hour before attempts are made during

contact hours.

Travel Indicator

The Travel Indicator is utilized to indicate a cardholder is traveling and the dates respectively. Once the

Travel Indicator is updated on an account, Fraud Alert Management will utilize this indicator to

recognize a separate process is required. We will utilize our experience with fraud trends and

knowledge in our review process to determine if a temporary block is warranted for the riskiest of

activity. Please remember our goal is to stop fraud and fraud may still present during cardholder travel

dates. We also recommend this for any ‘VIP’ type cardholders that the issuer wishes to alter the fraud

alert process. When a fraud alert creates we will attempt to reach the cardholder at the telephone

numbers listed on the account, as well as text and email. If we are unsuccessful in reaching the

cardholder, and we have temporary blocked the cardholder, we will generate the Fraud Alert Detail

Report to the issuer. This will provide notification to the issuer that a fraud alert has created for a

traveling cardholder that was temporary blocked due to the activity in question. In order to easily

identify a traveling cardholder verses any other Fraud Alert Detail Report that may be sent, our memo

will begin with “Travel”.

We solely rely on the issuer to update the account with a Travel Indicator and the dates of travel. This

indicator will be employed in fraud strategies as well as queue assignments for the Fraud Alert

Specialist’s review. The issuer may want to implement internal procedures for Traveling indicator

accounts to ensure all fraud prevention tools are in effect to maximize protection. Please be sure to

reference the Cardholder Exclusions and Reports Guide for specific details surrounding these processes.

We encourage the issuer to add an extra day to the timeframe selected if the account is to be excluded

the whole day. These exclusions are set to expire at 12:00am GMT on the end date chosen. So if the

cardholder will be transacting at all that date it is recommended to set the end date a full day further

out to ensure the cardholder is not inconvenienced.


June 2016 © 2016 Page 8

*Note - the travel exclusions are used to alter how Fraud Alert Management processes the

authorizations as a result FIS would be exempt from any loss that may occur during the use of these

exclusions.*


© 2016 June 2016 Page 9

External Scores

FIS has integrated Visa Advanced Authorization data elements into our authorization systems and Fraud

Alert Management processes. In some cases MasterCard EMS scores will also be utilized in the

SecurLOCK Predict product. Strategies have been implemented in our Fraud Alert Management service

to review activity and generate fraud alerts based on these data elements. FIS continually analyzes

these codes to ensure only the most effective codes are creating fraud alerts.

This added enhancement is a standard part of the Fraud Alert Management service at no additional

product cost to clients.

Visa Advanced Authorizations

Visa Advanced Authorizations is an enhancement to VisaNet authorization processing. Risk level data

elements, called Risk Score and Risk Condition Codes, are encoded into incoming messages that will

provide insight into new and emerging fraud schemes.

Risk Condition Codes provide descriptive information on high-risk compromise events. A Risk Condition

Code (RCC) will be received on every authorization if the account was listed on a previous CAMS alert.

Each RCC contains data about the compromised event based on analysis by Visa. There are hundreds of

RCC combinations. Because RCCs are provided with all CAMs accounts, only the riskiest codes should be

used to generate a fraud alert.

* Visa Advanced Authorizations is a service of Visa. Licensing and fees may apply to participate in their

programs.

Mastercard

Expert Monitoring System (EMS) is a fraud scoring solution that offers clients both primary and

supplemental means of fraud detection and risk decisioning capabilities. For each authorization

request, MasterCard evaluates compromise events to determine whether the accounts referenced in

the request may have been compromised and provide a predictive threat score that can enhance your

real-time authorization decisioning and fraud detection processes. These scores can range from 000-

999.

* Mastercard EMS is a service of Mastercard. License and fees may apply to participate in their

programs.

**This is subjected to availability with the SecurLOCK Predict product.**


June 2016 © 2016 Page 10

Automated Contact Systems

Automated Call System

FIS is integrated with an automated call system (IVR) referred to as SecurLOCK Communicate for Fraud

Alert Management service. The IVR is employed to initiate cardholder contact on fraud alerts to help

improve contact rates with cardholders and allow Fraud Alert Management Specialists to direct their

attention to confirmed alerts of fraud and those with higher risk activity.

When contact with the cardholder is needed, their account information is moved to a Call Queue in the

IVR. The system initiates a call to the cardholder’s telephone numbers on file. When contact is made,

the IVR processes the call as follows:

Identifies that the call is on behalf of [Financial Institution Name] Fraud Service Center.

Confirms if the recipient is the cardholder [Cardholder Name Spoken].

If the cardholder is unavailable, a message is played asking that the cardholder return the call,

and provides the appropriate toll-free number.

If the cardholder is available, the system verifies their identity by prompting entry of the their

date of birth or ZIP code if the full date of birth is missing.

When the cardholder’s identity is confirmed, they are then prompted to confirm the reported

transaction(s) as legitimate or suspect by using their telephone keypad to respond. The cardholder is

presented up to five transactions if available on the fraud alert. If the cardholder indicates that they do

not recognize any of the reported transactions, the call is automatically routed to a Fraud Alert Specialist

for further action. Additional security tokens may be required when connected to a specialist. If all

transactions are acknowledged as legitimate, the call is completed and the fraud alert will be updated

appropriately as No Fraud.

If the IVR reaches an answering machine or voicemail system, the following message is left for the

cardholder:

“This is the fraud service center calling on behalf of (Financial Institution) with an important message for

(Cardholder 1)(or Cardholder 2). We need to verify some recent activity on your (Visa/MasterCard)

(Credit/Debit/ATM) ending in (Last Four of Account Number). For expedited service when returning our

call, please reference case number (Case Number Read Digit by Digit). It is important that you call us

back at your earliest convenience, toll free at 800-369-4887. If you are outside of the US or Canada,

please call us collect at 727-227-2447. You may call us back 24 hours a day, 7 days a week. The number

again is 800-369-4887. Your case number is (Case Number Read Digit by Digit). Thank you.”


© 2016 June 2016 Page 11

Automated SMS System

In addition to the Automated Call System, FIS is integrated with an automated Short Message Service (SMS) which sends a short message, or text message, to all mobile phone numbers listed on the account. The text message will contain their Financial Institution, the last four of their account number, and information about the suspicious transaction which triggered the fraud alert. Additionally, it will provide them with options to confirm the activity as valid or as unrecognized. SMS are free to end user. The short code for our SMS text is: 32874. Example SMS: FreeMsg: (Financial Institution) Fraud Dept 8003694887: Suspicious txn on acct 1111: $201.99 WALMART. If authorized reply YES, otherwise reply NO. To Opt Out reply STOP. If they reply YES the case will be closed as not fraud and they will receive the following response:

FreeMsg: (Financial Institution) Fraud Dept: Thank you for confirming this activity. Your account is safe for continued use. To Opt Out reply STOP.

If they reply NO the Automated Call System will generate an outbound call to the cardholder during available calling hours. The cardholder will be asked to identify security and the call will then be transferred to a Fraud Alert Specialist. The cardholder will also receive the following response:

FreeMsg: (Financial Institution) Fraud Dept: Thank you. We will call you or you can call us anytime at 800-369-4887. To Opt Out reply STOP.

Automated Email System

FIS is also integrated with an automatic email system which will send an email to the email address on file for the account. The email will contain details about the fraud alert.


June 2016 © 2016 Page 12

Example Email:


© 2016 June 2016 Page 13

If they click the link “All Transaction(s) Authorized” then we will close the case as not fraud, remove any temporary block and they will be provided with the following message:

If they choose the link “One or More Transaction(s) NOT Authorized” the Automated Call System will generate a call to their phone numbers on file ( timezone permitting) and then transfer them to a Fraud Alert Specialist after verifying security. Additionally, they will be provided the following message:


June 2016 © 2016 Page 14

Security Verification

In order to provide a greater level of privacy and security for your cardholders while still accurately

verifying the caller’s identity, we utilize several points of security verification. Initially the incoming

phone number is tested to ensure that it was not spoofed to make it look like a genuine phone number.

Then, the Automatic Number Identification (ANI) system identifies the telephone number the

cardholder is using when they contact the FIS IVR and compares it to the phone numbers on existing

accounts with a fraud alert. If the ANI does not match an existing fraud alert, then the caller is

prompted to enter their phone number on file.

For inbound calls to the IVR, the Case Number and the ANI, or the manually input phone number, will

be the primary security tokens to authenticate a fraud alert. Cardholder’s calling from a phone number

on their account or successfully inputting the correct phone number, will be requested to provide their

case number. If they do not have the case number, then they will be asked to verify their date of birth or

their ZIP code if their full date of birth is missing or invalid.

When the cardholder speaks directly to a Fraud Alert Specialist to ensure that FIS is speaking with the

primary or secondary cardholder (if applicable) and not another member of the family or household

guest, cardholders are asked to provide the case number and/or telephone number listed on the

account along with the last four digits of the social security number or tax identification number (FIS

does not ask for their entire number), and the Date of Birth, when they return a call to FIS. This security

information may be altered as necessary to assist in validating the caller. When the Fraud Alert Specialist

determines they are speaking with the cardholder, they can begin inquiring about the transactions on

the fraud alert. However, if a caller insists upon verifying transactions, and is NOT listed as the primary

or secondary cardholder, FIS does not release information to that person.

For cardholders who simply will not verify any type of personal information, FIS politely refers them

back to the financial institution. FIS will send you the Fraud Alert Detail Report, including a memo

indicating that this particular cardholder refused security verification, and then close the fraud alert as

Active - Unable to Confirm Fraud.

For issuers calling in to discuss a fraud alert we ask for the “The Code of The Day” to be validated before

releasing any account information. Please refer to your Client Services or Product Support Team if you

need information about “The Code of The Day”. Please keep this information safe and secure and

provide to only employees that need to know in order to speak to Fraud Alert Management.

Please alert your staff to this procedure so they can reassure customers who may call you to confirm the

call was valid. In addition, you may want to consider a statement message or note in your next

newsletter or website to familiarize customers with the Automated Contact System.


© 2016 June 2016 Page 15

Fraud Alert Detail Reports

If we are unable to reach the cardholder, we will send the Fraud Alert Detail Report to your institution

for you to take any further action you deem necessary and close the fraud alert with FIS. You will see

our comment “SEND EMAIL TO ISSUER” which initiates the automated process of sending the Fraud

Alert Detail Report to your financial institution. The Fraud Alert Detail Report is sent under the following

circumstances:

When we have placed a temporary block on the account.

When we have confirmed fraud and placed a permanent block on the account.

Your cardholder refuses to validate security with us. We will refer them to the financial

institution.

Suspicious callers that need to be referred to the Financial Insitution for further assistance.

Based on your instructions, we can add or remove a block on the account, or we can take no action at all

and close the fraud alert. If the cardholder calls you directly regarding our verification attempt, it is very

important that you notify the Fraud Alert Management department when you confirm the activity so we

can update the status of the fraud alert appropriately.

This allows us to update our records and provide accurate reporting. We prefer notification to our

department for any fraud alert related updates via cardholder IVR by self resolving the alert, or email at

[email protected]. If emailing, please provide the following information on fraud alerts in the body

of the email: Case number or last four of PAN if case number is not available, full cardholder name, and

information in regards to the validation of the fraud alert (No Fraud, Confirmed Fraud, removed

temporary block, etc.). Please note this email address is only for fraud alert updates. Please refer all

other questions to your Client Services or Product Support Teams.

**For Passthru system users only: Fraud Alert E-Delivery screen – The Fraud Alert Detail Report will

no longer show the tag for the transaction that created the alert. The IVR system no longer tags any

transactions, until validation of No Fraud or Fraud occurs. This will result in authorizations showing

with no tags on the E-Delivery screen. If an agent touches the alert, they will tag the appropriate

transactions. This is only for the E-Delivery screen. If you receive the Emailed Fraud Alert Detail

report it will still show tagged transactions.**



June 2016 © 2016 Page 16

A sample Fraud Alert Detail Report is shown below. See the field descriptions for further explanation on

each item identified.

These reports are only generated via e-mail for more efficient and secure handling. FIS prefers to utilize

a group or department e-mail address rather than an individual e-mail address as they can go

unattended during vacation and time away from the office. In addition, we can only provide the fraud

alert to one e-mail address; therefore a department e-mail address is preferred. Also, it is important to

note that the e-mail address you provide should be no longer than 60 characters in length. This includes

the ‘@fi.org’ or ‘@fi.com’ extension. Please ensure to update your Client Services or Product Support

team if you should need to change your current e-mail contact information.

The subject line of the e-mail will contain the following:

{InstitutionID}.{PANLast4}.{LastName}.{Time-HHmm}.{CaseStatusCode}.

Naming Element Description

Institution ID Card Portfolio Number, Institution ID, ABA Number, Mainbank Number, or Routing and Transit Number preceded by a 1.

PANLast4 Last four digits of the Credit/Debit/ATM number

Last Name Cardholder last name

Time-HHmm 12-hour format with AM/PM indicating when the alert was e-mailed

CaseStatusCode Two-digit Case Status Code:

Back, etc.)

We would suggest Issuers view their alerts in the order of priority:

First priority is 03 = Other Status (Active, Unable to Confirm, Call Back, etc.) These are the most important, as they have not been confirmed by your cardholder.

Second priority is 01 = Confirmed Fraud

These typically require follow-up action on reissued cards or action to start the fraud chargeback process by the Financial Institution.

Third priority is 02 = Confirmed Not Fraud Review these fraud alerts for validated activities in case additional review of the case is warranted.


© 2016 June 2016 Page 17

Example Fraud Alert Detail Report

Figure 1.

Field Descriptions – Cardholder / Case Info Section

Institution Name

Lists the name of the financial institution.

Customer Name

Lists the name of the cardholder.

Case Number

Lists the unique number assigned.

Card Number

Lists the cardholder’s last four of the PAN.

Block Status

Block status within the fraud alert. Will list as ‘No Block’ if we have been unable to reach the cardholder

or ‘Temporary Block’ if we have been unable to reach the cardholder and have placed a Temporary

Block on the account due to suspicious activity. “Fraud Block” will display when fraud has been

confirmed on the card and a Permanent Block has been placed.


June 2016 © 2016 Page 18

Fraud Type

Lists the fraud type if the account is closed Confirmed Fraud: Account Takeover, Application, Card

Skimmed, Counterfeit, ID Theft, Internet, Lost/Stolen, Mail/Phone, Non-Receipt.

Case Status

Lists the status of the fraud alert when sent: Active – CCS No Contact Active – Unable to Confirm Closed – Fraud Closed – No Fraud Closed –Unable to Confirm

The ‘Unable to Confirm’ and ‘Active – CCS No Contact’ status are still eligible to resurface again to be worked if further activity warrants review. ‘Confirmed Fraud’ status will not resurface to work again since the account has been Permanently Blocked.

The actions taken on the fraud alert can also be viewed in the comment section of the Fraud Alert Detail Report which provides the detailed actions taken by both specialists and our Automated Contact System.

Field Descriptions – Case Actions Section

Date and Time

Lists the date and time of the actions taken on the account.

Case Actions

Lists the actions taken by the IVR as well as by the Fraud Alert Specialist who has worked the fraud alert.

Field Descriptions – Transaction History

Transaction Date/Time

Lists the date and time of the transaction in Eastern Standard Time.

Transaction Tag

Reflects the status of the authorization(s) associated with the fraud alert (Suspect Fraud, Not Fraud,

Fraud).

Authorization Amount

Lists the dollar amount of the transaction in U.S. currency.

Fraud Score

Lists fraud scores from 0 through 999.


© 2016 June 2016 Page 19

Auth Decision Code

Denotes if the Authorization system approved or declined the transaction. Values include:

Value Description

A Approval

D Decline

P Pickup

Decline Code Lists the two digit FIS – SecurLOCK defined alpha/numerical code for the decline or approval if provided. Based upon the data passed from the card system this code will match a universal FIS SecurLOCK code which will display on the fraud alert. For clarification of the code provided we suggest referencing the authorization on the card system for the original decline reason. The values include:

Decline Code (Response codes includes Approval Codes) Authorization Decision Code

Approval Response

00 - Approved or completed successfully. A

09 - Request in progress. A

10 - Approved for partial amount. A

11 - Approved. A

16 – Approved. A

Pick Up Card Response

04 - Pick-up. P

07 - Pick-up card, special conditions. P

33 - Expired card, pick-up. P

34 - Suspected fraud, pick-up. P

35 - Card acceptor contact acquirer, pick-up. P

36 - Restricted card, pick-up. P

37 - Card acceptor call acquirer security, pick-up. P

38 - Allowable PIN tries exceeded, pick-up. P

41 - Lost card, pick-up. P

43 - Stolen card, pick-up. P

67 - Hard capture, pick-up. P

89 - Card verification value (CVV) verification failed (No pickup).

P

Decline Response

02 - Refer to card issuers special conditions. (Specific block codes)

D


June 2016 © 2016 Page 20

03 - Invalid merchant. D

05- General Decline D

06 - Error. (System error prevented approval) D

12 - Invalid transaction. (Type of transaction is not supported. Example - Selected 'credit' when only a 'debit' card.)

D

13 - Invalid amount. D

14 - Invalid card number. D

15 - No such issuer. D

19 - Re-enter transaction. (System error requesting to reprocess)

D

20 - Invalid response. (System error prevented approval) D

23 - Unacceptable transaction fee. (The fee was deemed unacceptable)

D

39 - No credit account. D

40 - Requested function not supported. D

42 - No universal account. D

44 - No investment account. D

51 - Insufficient funds. D

52 - No checking account. D

53 - No savings account. D

54 - Expired card. D

55 - Incorrect PIN. D

56 - No card record. D

57 - Transaction not permitted to cardholder. D

58 - Transaction not permitted to terminal D

59 - Suspected fraud. (Temporary block for specific switches only)

D

60 - Card acceptor contact acquirer. (Notify merchant to contact issuer)

D

61 - Exceeds withdrawal amount limit. D

62 - Restricted card. D

63 - Security violation. (Example - OFAC countries) D

65 - Exceeds withdrawal frequency limit. D

66 - Card acceptor call acquirer security. (An acquire denial with instruction for the merchant to contact the sponsor bank.)

D

75 - Allowable number of PIN tries exceeded. D

78 - Customer not eligible for POS (STAR). D

82 - Count exceeds limit (VISANet limit exceeded). D

86 - Cannot verify PIN (VISANet fails pin validation). D

88 - Information not on file. (unable to complete authorization due to missing information)

D

91 - Issuer or switch is inoperative. D

93 - Transaction cannot be completed, violation of law. (Transaction deemed illegal) (Example - online gambling)

D


© 2016 June 2016 Page 21

N7- CVV2 decline D

SR – Bad CVV2 D

S3 – Cashback Limit Exceeded D

S9 Expiration Date Mismatch D

POS Entry Code Lists the entry method of the authorization on the card.

Values include:

Value Description

C = Contactless Magnetic Stripe D = Contactless Microchip Card E = Ecommerce (card not present) F = Fallback to Magnetic Stripe G = Fallback to Keyed Entry K = Keyed (card not present) S = Swiped (card present) T = Chip Read (CVV/CVC may not be available) U = Magnetic Strip Read V = Chip Read Blank = Unknown/Other Merchant Name

Lists the name of the merchant, if available.

Merchant Category Code (SIC)

Lists the classification of the merchant associated with the transaction.

Merchant Postal Code

Lists the ZIP Code of the merchant.

Merchant Country Code

Lists the Country Code of the merchant.

Card Expiration Date

Displays the current expiration date of the card utilized.

Number of Cards

Lists the Number of Cards distributed on the account.


June 2016 © 2016 Page 22

EXT Risk Code (External Risk Code)

Lists the Visa Advanced Authorization (VAA) Risk score or MasterCard Risk Score of the transaction if one

is provided. The VAA Risk score and the MasterCard EMS score, like the SecurLOCK system score,

indicates the probability that the transaction is fraudulent.

VISA - The first 2 digits of this field are populated on the fraud alert and represent a number

ranging from 1 – 99 and represent the Risk score. The 3rd and 4th digits are reserved for future use.

Visa assigns a 2 digit score, from 1 to 99. The higher the score, the more likely it is to be fraudulent. This

score is calculated using predicative fraud models, built on Visa’s transaction database.

MASTERCARD EMS – This is a three digit number ranging from 000-999 to represent the score. The higher the score, the more likely it is to be fraudulent. This score is calculated using predicative fraud models, built on MasterCarrd’s transaction database. (subjected to availability)

**Client must be signed up for this product with VISA or MasterCard**

EXT Risk Cond Code (External Risk Condition Code)

VISA - Lists the Visa Advanced Authorization Risk Condition Codes (RCC) for the transaction if

one is provided. The first 2 digits of this field are populated on the fraud alert and represent the

Condition Code. The next 4 are reserved for future use. This code provides descriptive information

about high-risk events detected across the VisaNet payment system. Current RCCs focus on high-risk

event activity on compromised accounts. Therefore, a RCC is only assigned to an account if it was listed

on a previous CAMS alert. A RCC alone is not necessarily indicative of a fraudulent transaction.

**Client must be signed up for this product with VISA**


© 2016 June 2016 Page 23

Memo Abbreviations and Definition Examples

This topic provides descriptions for the memo abbreviations and definitions used by our Fraud Alert

Management department. These memos are placed on the Fraud Alert Detail Report and card system

where available. We have revised our comments where feasible to ease comprehension. Use of

abbreviations has been limited.

ANI = Automated Number Identifier

Card1 = Cardholder 1

Card2 = Cardholder 2

CCS-Result: FICO TRANSVER = This means our IVR system taking automated actions on the alert

CCS-Result: Temp Block = Transaction is reason that the alert is being temporary/warm blocked

CH = Cardholder

FI = Financial Institution

FRMC = Case actions being sent and received by IVR

FRMC: Acknowledgment Received From CCS – Alert picked up to start contacting cardholder

FRMC: Case sent to CCS = Alert sent to IVR

IB= Inbound

ISSR = Issuer

IVR = Integrated Voice Response Unit

POSS = Possession

SEND EMAIL TO ISSUER = this initiates the Fraud Alert Detail Report email to the institution

Set CB =Set Callback

SMS = Text for mobile phone

Temp Block/Warm Block = Temporary Block/Warm Block

VRU = Voice Response Unit

securlock fraud alert management operations guide 2016 · the success of fraud prevention depends...

Documents