We have recently been receiving a number of CRIS reports from our core processor. I have had several customers fill out our Debit/EFT Fraud form as per Reg E and we have sent it back to our core processor via the correct proceedures. The chargebacks are being rejected due to a signature on the transaction and we cannot proceed eventhough the signature does not match the customer. I'm curious as to if there is something we can do or do we have to continue to eat the transaction?

Stephen

Start chewing. You'll have to eat it.

Unfortunately Regulation E is the most customer friendly regulation there is and in probably 95% of the cases the bank must eat the disputed item. There is nothing your bank can do but refund the money to the customer.

Just read the Authority an Purpose section of Reg. E.

"The primary objective of the act and this part is the protection of individual consumers engaging in electronic fund transfers."

And if Reg. E wasn't consumer friendly enough, the contractual obligations banks have with Visa/MasterCard just add to it.

Yeah, Reg E doesn't care about us However, recovery of funds is not impossible, just very unlikely. Both Visa and MasterCard have compliance rights for mis-matched signature, but you have to recover the lost card and prove that the signature is different - specifically the last name on the sales draft is not the same last name on the card. There are other requirements as well, detailed under the appropriate compliance citation.

If the perp signs the draft with the same name as the name on the card, there is nothing you can do even with the recovered card. Merchants are not signature experts.

I have just re-read the Visa rules for merchants and there is specific language about "unsigned cards." In fact, look at the back of your issued cards, it should clearly state "NOT VALID UNLESS SIGNED." Therefore, if your customer can produce their card and it is not signed - the merchant accepted an INVALID card and they are subject to chargeback - without dispute. Personally, I have never signed the back of a card and a merchant has never questioned it.

Think about this - how does the merchant verify the signature at the "self check" line ?

WacoBanker - there is no Chargeback right for unsigned card. What you are citing is a compliance requirement, which is something else entirely.

An imprinted and signed sales receipt is not fraudulent as defined under Visa's unauthorized chargeback. (Reg E and Z of course see things differently.) You would therefore have no basis to claim a financial loss due to fraudulent activity and would loose any compliance case. Since the card was not reported lost/stolen at the time of the transaction, the merchant had no way of knowing the card should not be honored. Sure, they should have observed the signature panel requirement, but since the consumer had possession of the card at all times then there can be no fraud.

If the consumer is not in possession of the card, then you can make the compliance citation for unsigned card stick - but the only way to do that is to recover the card so you can prove that the signature panel requirement was not met.

The fact a violation has occurred is not enough. Compliance citations require you to prove 3 things:
1) There is no Chargeback or Representment right (this req is met since the draft would be signed and imprinted)
2) You would have incurred or will incur a financial loss as a direct result of the violation (this req is not met - the transaction doesn't qualify as unauthorized and the consumer didn't loose the card and is responsible for all card activity)
3) You would not have incurred the financial loss if the violation did not occur (this req is not met for the same reason as #2)

In the case of a counterfeit card, issuers are held responsible. It's a cost of doing business.

Also, self check terminal falls under the Supermarket Incentive Program which does not require signature comparison.

Good information and thanks for the clarification.

My use of "chargeback right" was a poor choice of terminology. I guess my point was that banks should not just roll over and take every loss straight to the bottom line. A merchant has certain "due dilligence" to perform or they could be subject to the taking the loss.

Thanks !

Debit card transactions are certainly on the rise and consumers want their banks to offer this product. Our bank has had several losses lately, including a loss when a customer's card was used to purchase merchandise over the internet, out of country. Our chargeback was denied because the transaction was approved under the verified by visa program.

With the existing regulations(consumer friendly), what can a bank do to reduce its exposure to fraudulent card use?

For example, I have been told that a bank can exclude specific SIC codes for merchants.

Can a bank arrange to reject certain types of transactions, ie. out of country, POS debit card access with MasterCard logo?

What are banks doing to reduce this unending risk?
Tom Bodet

What we have been told is Visa/Mastercard says you cannot block countries. However, it is a service our processor can provide and we are going to take adavantage of it.

You cannot block countries on open accounts; also you cannot affect the card acceptance due to the "accept all cards" policy. But you can exclude any MCC you want from your authorization parameters. Talk to whomever administers your auth system. Before it became law, many banks blocked online gambling merchants.

While not required by anyone, for a best practice I'd advise disclosing to your customers that you do not allow charges from certain merchant classifications.

What does MCC stand for

MCC = Merchant Category Code
SIC = Standardized Industrial Code

While used interchangeably, they are not the same. SICs are used by all business entities worldwide. MCCs are only used by the associations - they do mirror all the SICs but they also contain additional codes for specific merchants.

For instance, the SIC for hotel is 7011. The MCC for hotel is also 7011. However there is no SIC for Sheraton Hotel. There is an MCC for it.

A previous poster asked "How can we lower our risk?" Lower the daily limits. Review some of your recent claims and determine how your losses would have been different if the daily limit was lower.

Some banks have daily limits as high as $3,000. I use my debit card a lot, but I am smart enough to know that I should use a credit card for big purchases. It doesn't make sense to give every customer the same daily limit. It only exposes the bank. Certain customers that maintain higher balances may use their card more and need a higher daily limit. However, I would bet that a good majority of your customers never go near your bank's daily limit.

We have the ability to assign daily limits at the account level. This is an approach that we are considering.