We have been bombarded with cash advances from all over the states using counterfeit cards. Card numbers match our system; however names on the cards do not. At the same time, we do not see any of those transactions hitting our "Name Mismatch" report. Couple of questions:
- It seems like card holder's name is not even used in authorization. What does that mean? Merchant using track 2 data? Are they allowed to do that? Cash advances are from big banks, like Wells, I would think that it would be in their interest to validate that encoded name matches to the embossed.
- We requested all transaction documents, and it looks like Wells did everything they were supposed to, except encoded name verification (which is I guess is not required). Do we have any chargeback rights? Card was present, I understand that. However it just seems that we should be able to do something at this point.
Thank you!

First, you are correct, VISA/MasterCard do not require that the name be included when a card is submitted for authorization. (Note that even if they did this would not eliminate fraud. When the crooks hack a card terminal or processor, they steal all of the information that is transmitted to make the counterfeit card. If the name were transmitted as well, they would steal that too, and have the name on the card be correct.)

Also understand how counterfeit cards are made. I buy a VISA/MC gift card at the store, use the money, and the wipe the mag stripe and re-encode it with the stolen information. There is no name on these cards so I simply sign whatever name I am using (probably fake ID to go with it) obtain a cash advance from the account at your institution, and my signature matches the back panel perfectly.

The short answer is, "No" you have no chargeback rights and are on the hook for the loss. Make sure to report losses to MasterCard's SAFE or VISA's FRS systems. In the event a data breach is found to be responsible, and a merchant is found to not be PCI Compliance, VISA/MC could levy fines against that merchant and offer some reimbursement to those who took losses.

Thank you so much! You pretty much confirmed what I thought...

Many years ago we had name matching enabled with our card processor--we even had an authorization rule that declined any authorization request that had a cardholder name of "GIFT/CARD"

Of course, the authorization rule stopped 0 fraud, and the name matching typically caused more problems for cardholders than solved fraud related issues for us.