Left-Hand Column Image: News Section

Industry Insights

View All Articles

Downloads

View as PDF PDF Document

Share

Bookmark and Share

EMV Card Fraud: Can Your Fraud Detection System Identify Suspect Chip Card Transactions?

Track the number of times the EMV card sends a “PIN tries exceeded” notification
Why: The card tracks the number of invalid PIN tries. Even legitimate cardholders may forget or erroneously enter their PIN, but multiple instances of invalid PIN tries may indicate fraudulent chip card use.
Detection
Strategy: 		The fraud detection system should track the number of times an EMV card notifies the card issuer that the PIN tries have been exceeded. When PIN tries are exceeded more frequently than the established limit, the fraud detection system can notify the issuer to take the appropriate corrective action (perhaps notifying the customer to contact the issuing institution).
Test Plan: Use a test tool to generate offline transactions that use an invalid PIN for the test chip card. Test to ensure that the "PIN Tries Exceeded" notices from the chip card are triggered and that the proper action (as specified by your organization) is taken.
Monitor multiple EMV card transactions from diverse geographies
Why: Obviously, no one can be in more than one location at a time. Similarly, although long-distance travel is more common now than for previous generations, EMV cardholders are unlikely to use their chip cards in several diverse geographical locations within a limited time.
Detection
Strategy: 		Fraud detection systems can monitor the regions from which a chip card’s transactions originate. Actions may include forcing an EMV card on-line so the issuer can block the chip card.
Test Plan: Use a test tool to simulate transactions from a single test chip card occurring in multiple regions within a narrow time frame. Also simulate transactions in multiple regions occurring over multiple days from a single test chip card. Test to ensure the fraud detection system flags the EMV card’s transactions as suspect.
Identify inconsistent tag values in EMV card transactions
Why: Tag values that provide conflicting information about a transaction may be chip card fraud indicators.
Detection
Strategy: 		Fraud detection systems can monitor tag values for CVR (card verification results). For example, the Application Usage tag (9F07) contains information (a sub-element) that indicates whether or not the chip card is allowed for use in international cash-back transactions. The issuer host can use the value in this tag with the processing code and other fields in the EMV message to decide if this transaction is actually allowed for the chip card.
Test Plan: Use a test tool to simulate transactions that include inconsistent tag data. Test to ensure the fraud detection system flags the EMV transactions as suspect.

 

< Previous   Page 3 of 4 1 2 3 4     Next >

Copyright © 1996-2010, Paragon Application Systems