M A Y2 0 1 6

brought to you by ProSight Specialty Insurance

& Allied Solutions

Card-Not-Present FraudFEATURED ARTICLE:

THE GOOD NEWSChip card technology is making in-person transactions with cards safer.

THE BAD NEWSWith the improved security of card present transactions,

online transactions are now facing a greater risk.

2

Brought to you by ProSight Specialty Insurance and Allied Solutions

As a credit union, the fallout from increasing card-not-present fraud falls on you–unless you take steps to prevent it.

Learn what you can do to avoid covering the costs of stolen funds during transactions that don’t require the physical presence of a card.

3

Brought to you by ProSight Specialty Insurance and Allied Solutions

QUESTIONWait a minute, isn’t EMV chip technology making card transactions safer?

ANSWERIt is when the card is present, but it’s also making it more attractive for

criminals to find ways to access personal card information in environments where cards are not on hand.

4

Brought to you by ProSight Specialty Insurance and Allied Solutions

HOW DOES CARD-NOT-PRESENT FRAUD EVEN TAKE PLACE?

Fraudsters and swindlers have developed a variety of methods—like phishing—to obtain private financial data to access card accounts.

phish-ing: attempting to uncover sensitive financial information such as usernames, passwords, and card account numbers by pretending to be a trustworthy entity in an email, text or phone communication, phishing is typically performed to steal the information for criminal purposes.

3 TYPES OF SECURITY INFORMATION FRAUDSTERS CAN UNCOVER THROUGH PHISHING:

Visa’s Verified by Visa® or MasterCard® SecureCode Password

Billing Address

3-Digit Card-Security Code on the Back(known as the CVV2/CVC2 code)

123

5

Brought to you by ProSight Specialty Insurance and Allied Solutions

FIRST DETERMINE IF FRAUD IS OCCURRING BY TAKING THESE STEPS:

THEN LOOK FOR THE FOLLOWING IN AN AUTHORIZATION REPORT:

Step 1: Obtain your authorization report to identify the entry code for card-not-present authorizations.

Step 2: Understand the card-not-present codes. For example, ECI (electronic commerce indicator) 5 means VBV/MCSC password matched in the authentication.

Step 3: Run an authorization report for card-not-present authorizations. This will split the card-not-present from card present.

Electronic Commerce Indicators (ECI) 05 and 06 will tell you what kind of fraud occurred for Verified by Visa/MasterCard SecureCode.

ECI 05 means that the fraudster was able to phish for enough information to get the correct password for Verified by Visa/MasterCard SecureCode.

ECI 06 means the Visa transaction was attempted, but didn’t go through.

In either case, your credit union will likely absorb the loss until you establish more challenging enrollment criteria.

WHAT CAN A CREDIT UNION DO TO ARM ITSELF AGAINST CARD-NOT-PRESENT FRAUD?

WHEN FRAUD HITS,

YOUR CREDIT UNION

WILL LIKELY

EXPERIENCE

FINANCIAL LOSS,

UNLESS YOU

PROTECT YOURSELF.

CU UNIVERSITY

6

Brought to you by ProSight Specialty Insurance and Allied Solutions

Take steps to improve security: • Require more challenging forms of authentication if you’re seeing fraud cases where the password was accurately entered by the fraudster.

• Employ increased layers of security protection, such as encryption, biometrics, tokenization, chip technology, and Verified by Visa (VBV)/MasterCard SecureCode (MCSC).

• Encourage your vendors to also adopt these more secure authentication methods.

Discover who’s financially responsible:• Find out from your “fraud close out packet” if any fraud losses can be charged back to the merchant.

• If the fraud losses cannot be charged back to the merchant, find out why.

The online merchant can charge back fraud losses to a credit union when they use the Verified by Visa (VBV) and/or MasterCard Secure Code (MCSC) and the financial institution does not.

Help prevent the financial loss with increased vigilance: • OBTAIN a list of all of your cardholders who have not yet enrolled in VBV/MCSC.

• MONITOR these accounts closely, since these cardholders may be especially vulnerable to fraud since they are not yet enrolled in VBV/MCSC and the scammer may enroll them.

• REVIEW your fraud monitoring reports to see which authorizations were stopped by the Fraud Monitoring System (FMS) and which authorizations were approved.

• DETERMINE next steps to help prevent future instances of this fraud from recurring at your credit union.

Raise awareness with education:• Urge your cardholders to only use secure sites when shopping online and to take extra precautions whenever doing so.

• Provide clear and helpful information on Visa Checkout®, Master Pass®, the Visa Digital Enablement Program®, and the MasterCard Digital Enablement Service®.

A PARTNERSHIP YOU CAN BANK ON

Contact ProSight973.532.1900creditunions@prosightspecialty.comwww.prosightspecialty.com/credit-unions

Contact Allied Solutions800.826.9384info@alliedsolutions.netwww.alliedsolutions.net

With a niche focus on the credit union industry, ProSight Specialty Insurance caters to the insurance needs of credit unions as well as their management teams and professional employees.

Allied Solutions has over 35 years of experience in the financial service industry and aims to be the most customer-focused and respected provider of insurance and related products whose customized solutions help clients grow their business and more effectively manage risk.

Together, ProSight and Allied Solutions are dedicated to providing specialized insurance solutions and services that are backed by decades of combined, niche, credit union experience.

This material is for general informational purposes only and does not take into account your personal circumstances or objectives. The description of any coverage herein is a summary only. Please refer to the actual policies for complete details of coverage and exclusions. Coverage may not be

available in all states. Issuance of coverage is subject to eligibility and underwriting by ProSight Specialty Insurance.

Allied Solutions presents an

ongoing webinar series through

NAFCU Services on various

topics related to risk prevention,

management, and response.

Visit nafcu.org/allied to register or

learn more about these webinars.

WEBINAR SERIES

SHARE THE WEALTHLike what you’re reading? Know someone you think would also enjoy it? Send us the email addresses of colleagues and friends, and we’ll put them on the CU Enriched mailing list. If you would no longer like to receive this newsletter, simply send your request to opt out of future communications to creditunions@prosightspecialty.com.

412 Mount Kemble AveSuite 300C

Morristown, NJ 07960

PROSIGHT P.S.Get a discount of up to 70% on background check services. ProSight is helping to protect credit unions, one background check at a time. To find out how you can ensure the health, stability and profitability of your credit union, go to: www.prosightspecialty.com/credit-unions-bgc