There are several operational functions that the issuing bank must put in place to manage cards.
Fraud management is an essential part of issuing cards. As the card transaction is being authorised (checked against the account balance), a simultaneous fraud check is undertaken to protect against fraud. These are described in Authorisation above.
If fraud is suspected the transaction will not be authorised, and the fraud management team contacts the customer by telephone or SMS message to verify that they have the card and were undertaking the transaction.
They operate 24/7/365 days a year, and to ensure business continuity in the event of an incident that prevents the main fraud management centre from functioning they have dual operational sites in a different region of the country, or even in a different country.
Customers can lose their card, or they can be stolen. Chip and PIN and EMV 3D Secure make it more difficult to use a stolen card that has been reported, but there remains a risk for contactless transactions until the internal transaction counters force a PIN to be used.
Issuing banks provide 24/7/365 telephone services or via their mobile app to report lost and stolen cards and any fraudulent transactions that occur. Reporting the card lost or stolen also triggers a replacement card to be produced and dispatched as soon as possible.
Card scheme rules allow customers to dispute transactions within time limits if there is a problem with the goods that were the subject of the transaction.
This is the process where a customer disputes a transaction with a merchant because the goods delivered were faulty, not as described, or were not delivered.
The customer will request their bank to dispute the transaction with the merchant, providing details of the transaction including receipts, and if it isn’t resolved, it may cause the reversal of the transaction.
This requires the customer to authenticate that they have the card when undertaking online transactions, such as shopping at an online store. To prevent fraud, the customer’s bank (issuing bank) will request their customer to confirm that the transaction is valid by sending an SMS text message with a code that they must input to the pop-up screen that is part of the payment process or via their mobile app that requests confirmation using biometrics, such as fingerprint or face recognition.
Because the security check interrupts the buying process, and can lead to cart abandonment, merchants feared they would lose sales. However, the EMV scheme encourages issuing banks to use data and machine learning only to request authentication where necessary.
EMV 3D Secure includes additional information about the transaction, such as merchant location, delivery address and frequency of the customer using that merchant. This enables many banks to use machine learning to reduce the number of requests for authentication by understanding their customer’s buying patterns, their trusted merchants, and the risks associated with different websites.