You are on page 1of 65

Credit Card Certification

Disclaimer:
This material is confidential and proprietary to Infosys and may not be copied or otherwise reproduced,
repackaged, further transmitted, transferred, disseminated, redistributed or resold, or stored for subsequent
use for any such purpose, in whole or in part, in any form or any manner or by any means whatsoever, by
any person without express authorization of Infosys.
All information contained herein is obtained by Infosys from sources believed by it to be accurate and
reliable. Although reasonable care has been taken to ensure that the information herein is true, such
information is provided ‘as is’ without any warranty of any kind and Infosys, in particular, makes no
representation or warranty, express or implied, as to the accuracy, timeliness or completeness of any such
information. All information contained herein must be construed solely as statements of opinion and
Infosys shall not be liable for any loss incurred by users from any use of this report or its contents.

Credit Card Certification Page 1 of 65


Table of Contents
1. COURSE OBJECTIVES................................................................................6

2. INTRODUCTION ...........................................................................................7

3. TYPES OF CARDS .......................................................................................9


3.1. Credit Cards ................................................................................................................................... 9

3.2. Debit Cards ................................................................................................................................... 12

3.3. Stored Value Cards ...................................................................................................................... 13

4. KEY FEATURES OF A CREDIT CARD ......................................................17

4.1. Credit-Card Numbers.................................................................................................................. 18

4.2. The Stripe on a Credit Card........................................................................................................ 19

5. CARD NETWORK MODELS.......................................................................21

5.1. Bilateral Model ............................................................................................................................. 21

5.2. Single Card Issuer Model ............................................................................................................ 21

5.3. Multiple Card Issuer Model ........................................................................................................ 22

6. KEY PLAYERS ...........................................................................................25

6.1. Card-Holder ................................................................................................................................. 25

6.2. Merchant....................................................................................................................................... 25

6.3. Issuer ............................................................................................................................................. 25

6.4. Acquirer ........................................................................................................................................ 26

6.5. Network / Association .................................................................................................................. 26

6.6. Processors ..................................................................................................................................... 27

6.7. Credit Bureaus ............................................................................................................................. 28

6.8. On-us and Off-us Merchants and Cards .................................................................................... 28

7. BASIC TRANSACTION FLOW ...................................................................30

7.1. Authorization................................................................................................................................ 30

Credit Card Certification Page 2 of 65


7.2. Clearing......................................................................................................................................... 32

7.3. Settlement ..................................................................................................................................... 32

8. COMMERCIALS OF A CARD TRANSACTION..........................................34

8.1. Discount / Interchange Fees ........................................................................................................ 34

8.2. Membership / Annual Fees.......................................................................................................... 35

8.3. Finance Charges ........................................................................................................................... 35

8.4. Cash Advance Fees....................................................................................................................... 36

8.5. Other Fees and Charges .............................................................................................................. 36

9. BUSINESS PROCESSES ...........................................................................38


9.1. Credit Evaluation ......................................................................................................................... 38

9.2. Reward Programs ........................................................................................................................ 40

9.3. Billing ............................................................................................................................................ 40

9.4. Payments Processing .................................................................................................................... 41

9.5. Disputes and Chargeback............................................................................................................ 42

9.6. Fraud Management...................................................................................................................... 43

10. REGULATIONS IN THE CARDS INDUSTRY .........................................48

10.1. Fair Credit Billing Act ................................................................................................................. 48

10.2. Fair and Accurate Credit Transactions Act .............................................................................. 49

10.3. Anti Money Laundering Regulations ......................................................................................... 50

10.4. Bank Secrecy Act – Financial Record Keeping ......................................................................... 51

10.5. USA PATRIOT Act...................................................................................................................... 52

10.6. Privacy Regulations ..................................................................................................................... 53

10.7. Gramm-Leach-Bliley Act ............................................................................................................ 54

11. RECENT TRENDS IN THE CARDS INDUSTRY .....................................56

11.1. Online Usage of Cards ................................................................................................................. 56

11.2. Smart Cards.................................................................................................................................. 57

Credit Card Certification Page 3 of 65


11.3. Contactless Cards......................................................................................................................... 58

11.4. Decoupled Debit Cards ................................................................................................................ 60

11.5. Mobile Payment Systems ............................................................................................................. 60

APPENDIX 1 - FURTHER READING.................................................................62

APPENDIX 2 - GLOSSARY OF TERMS............................................................63

Credit Card Certification Page 4 of 65


Table of Figures
Fig 2-1 - Non-cash payments statistics during 2003 and 2006........................................... 8
Fig 4-1 - Front-side of a typical card ................................................................................ 17
Fig 4-2 - Back-side of a typical card................................................................................. 17
Fig 4-3 - Numbers on a card ............................................................................................. 18
Fig 5-1 - A bilateral card network model.......................................................................... 21
Fig 5-2 - A single-issuer card network model .................................................................. 22
Fig 5-3 - A multiple-issuer card network model............................................................... 23
Fig 6-1 - Risk-reward matrix for on-us off-us transactions .............................................. 29
Fig 7-1 - Authorization Process ........................................................................................ 30
Fig 7-2 - Clearing and Settlement Process........................................................................ 32
Fig 8-1 - Commercials of a typical card transaction......................................................... 34
Fig 9-1 - Dispute Resolution Process................................................................................ 43
Fig 9-2 - Fraud Reporting Set-up...................................................................................... 46
Fig 11-1 - A typical Smart-card and a Smart-card Reader ............................................... 58
Fig 11-2 - Contactless Cards............................................................................................. 58
Fig 11-3 - Contactless Card Reader .................................................................................. 59

Credit Card Certification Page 5 of 65


1. Course Objectives
In this course you will learn about different types of cards including credit cards,
debit cards and stored value cards. You will know the features of a typical card, role
of various players in the cards industry and commercials of a typical card transaction.
You will also gain a good understanding of business processes followed by various
industry players and the regulations that the industry is subjected to. This material
also gives you some knowledge of recent trends in the industry. The first appendix
has references that the authors have used; you can refer to these sources to learn more
about the topics covered in this material. In the second appendix is a Glossary of
Terms that are used in this material. The table below summarizes the sections and the
key learnings from each of them.

Credit Card Certification Page 6 of 65


2. Introduction
Credit cards, as we know them today, have been around for just over half of a
century. One of the first credit cards appeared in 1951 when loan customers of
Franklin National Bank of New York were screened for credit and those approved
were given a card they could use to make retail purchases. Participating merchants
copied the customer information from the card onto a sales slip and the bank would
credit the merchant account for the loan less a flat fee to cover the costs of providing
the loan. In 1958, The American Express Company began issuing a charge card for
travel and entertainment charges which was accepted at participating restaurant, hotel
and airline merchants.

Card-holders enjoyed the convenience of plastic charge cards (especially when on the
road for business) as well as the line of credit offered by the new bank credit cards.
Merchants found that credit card customers usually spent more than if they had to pay
with cash (which is still true today – the average credit card purchase is 112 percent
more than if cash is used). Accepting bank-issued cards was safer (from internal and
external theft and error) for the merchant than dealing with cash and less expensive
than creating and maintaining a merchant-specific credit program.

The general-purpose credit card was born in 1966, when Bank of America established
the BankAmerica Service Corporation that franchised the BankAmericard brand
(later to be known as Visa) to banks nationwide. In 1966, another national credit card
system was formed when a group of credit-issuing banks joined together and created
the Interbank Card Association, which is now known as MasterCard Worldwide (it
was temporarily known as MasterCharge).

The new bank card associations were different from their predecessors in that an
“open-loop” system was now created, requiring interbank cooperation and funds
transfers. Visa and MasterCard still maintain "open-loop" systems, whereas American
Express, Diners Club and Discover Card until recently remained "closed-loop”.

As the bank card industry grew, banks interested in issuing cards became members of
either the Visa association or MasterCard association. Their members shared card
program costs, making the bank card program available to even small financial
institutions. Later, changes to the association bylaws allowed banks to belong to both
associations and issue both types of cards to their customers.

Credit Card Certification Page 7 of 65


In 2007 Federal Reserve conducted a study of the Payments industry to estimate the
number and value of payments by check, debit card (both signature and PIN), credit
card, automated clearing house (ACH), and electronic benefits transfer (EBT). This
study shows that cards (both credit and debit cards) increased their share of non-cash
payments (in terms of number of transactions) from 42% in 2003 to 50% in 2006. The
figure below provides more details.

50
45
40
Transaction (%)

35
30
2003
25
2006
20
15
10
5
0
Checks Debit Credit ACH EBT
Cards Cards
Non-Cash Payments

Fig 2-1 - Non-cash payments statistics during 2003 and 2006

Credit Card Certification Page 8 of 65


3. Types of Cards
There is a wide range of plastic cards on the market, all offering different terms and
conditions and ways to pay off your balance. Three broad categories of cards are –

3.1. Credit Cards

Credit cards allow card-holders to make purchases up to a specified limit. They offer
an interest free period for purchases (where the balance is paid in full) before the bill
has to be settled. You can repay a minimum amount each month, but you will be
charged interest on the balance. If the bill is paid in full by the date specified on the
statement, you incur no interest.

There are hundreds of providers - most cards are Visa or MasterCard issued through a
bank or a building society. The following is a brief description of the common types
of credit cards available through banks or other financial institutions.

• Revolving Cards – This is the most common form of credit card. Customer can
choose to pay only a part of the total amount due on the card and would pay
interest on balance outstanding (in case he chooses to make a partial payment).

• Charge Cards - Customer needs to pay the full balance each month. These are
typically corporate cards.

• Installment Cards - Customer agrees to repay a fixed amount of credit in equal


payments over a specified period of time. Consumer durables, automobiles,
furniture are often financed this way.

• Co-branded Cards - Banks often tie-up with other organizations / institutions


like Airlines etc to offer co-branded cards which offer additional benefits to
customers. For e.g. a Disney Co-branded card could allow customers to earn
double the reward points for every $ spent in Disney stores / facilities. Some of
the variations to Co-branded cards are –
o Affinity Card – a card which you can use to show your affinity to a group or a
cause. Every usage of the card results into a small contribution to the group /
cause. Professional Associations, University Alumni Associations, Sports
Teams, etc are the usual groups in most affinity cards.
o Private Label Card – a card operated in closed-loop by a retailer – the card is
accepted only the retailer’s outlets. These are generally designed to increase
sales and enhance loyalty, rather than focusing on the credit function as a
profit center. All large stores typically offer such cards.

Credit Card Certification Page 9 of 65


• Balance Transfer Cards - Balance Transfer Cards allow consumers to transfer a
higher interest credit card balance onto a credit card with a lower interest rate, thus
saving them money in interest charges. For example, if you transfer a balance to a
credit card with a low introductory Annual Percentage Rate (APR) of 0%, the APR
for this balance will typically stay at this 0% interest level for a specified period of
time, thus potentially saving the consumer hundreds of dollars in interest charges. The
terms of balance transfer credit cards can vary between offers, so customers should
always read the terms and conditions for each specific card. Nowadays, a number of
card issuers provide balance transfer facility on existing cards issued by them.

• Low Interest Cards - Low Interest Cards offer either a low introductory APR that
changes to a higher rate after a certain period of time or a low fixed rate APR. For
example, you may get an introductory APR credit card with an interest rate of 5% for
the first six months and 10% thereafter. Then, for the first six months, any purchases
or balances you carry will be only charged a 5% annual interest rate. However, any
new purchases or balances that carry over after the six-month period will be subject to
a 10% APR. Many people take advantage introductory APRs to make larger
purchases, so that they can take several months to pay them off. Low APR Credit
Cards can help save consumers a lot of money on interest charges.

• Credit Cards with rewards program - Credit Cards with rewards programs usually
"reward" the card-holder with incentives, rebates and even cash-back for purchases
they make on their credit card. You can get additional airline miles, cash-back
rewards or discounts on merchandise for each dollar charged on such a card. Other
typical rewards include gasoline rebates, entertainment rewards and store discounts
for specialty store cards. Reward Cards usually require better than average credit for
approval. These days most credit cards come with some sort of reward programs.
o Airline Mile Credit Cards – airline mile credit cards or frequent flyer credit
cards give you airline miles credits (or frequent flyer miles) whenever you use
your card. Typically, you as the card-holder accumulate "points" based on the
dollar amount of your credit card purchases over a period of time. Based on a
predetermined point level, you can then redeem those points for airline travel
(much like frequent flyer miles). Because airline mile reward programs can be
costly for credit card companies, many airline mile credit cards come with an
annual fee. These cards are great for people who frequently travel or for those
who want to use their cards to plan vacations, but the associated fee might
make them impractical for other types of card-holders.

o Cash Back Credit Cards - Cash back credit cards give you cash rewards for
making purchases with the card. The more the card is used, the more cash
rewards you usually get. Most cash back rates are around 1% of your total
purchases, excluding interest and finance charges. However, some cards offer
a higher cash-back percentage with increased usage while still others offer a
higher cash back percentage at select merchants or for particular types of
purchases. Since cash back programs are costly to the credit card companies,
some cash back credit cards also have an annual fee, which can vary from $50

Credit Card Certification Page 10 of 65


to $100. This type of card is particularly good for people who are faithful
about paying off their balances each month. If used appropriately a cash back
credit card can earn the card-holder a significant amount of money over time.

• Secured Credit Cards - Secured credit cards require collateral for approval. With
secured credit cards, a security deposit of a predetermined amount is needed in order
to secure the credit card. Generally, the security deposit needs to be of equal or
greater value to the credit amount. Collateral can come in the form of a bank deposit,
a car, a boat, jewelry, stocks or anything else of monetary value. Secured credit cards
are for people with either no credit or poor credit who are trying to build or rebuild
their credit history. Often, such cards come with low credit lines ($250 or so) and
additional fees may apply (application fees, etc).

• Specialty Credit Cards - Specialty credit cards are for individuals with unique and
special needs for their credit use. Examples of these types of card-holders include
business users and students. These credit card programs are designed specifically to
meet the needs of these particular groups.

• Business Credit Cards - Business credit cards are available for business owners and
executives and have many of the same features as traditional credit cards: low
introductory rates, cash-back rewards, airline rewards, etc. However, business credit
cards can also have many additional benefits in comparison to traditional credit cards.
These cards are issued to employees for meeting official expenditure for e.g. travel
and entertainment, etc. Some of these bonuses include:
o Business expenses kept separate from personal expenses
o Special business rewards and/or savings
o Expense management reports
o Higher credit limits

Using company credit or debit cards to make purchases offers businesses a number of
key benefits:
o Convenience - cards are quicker and cheaper to use than the company check
book. They're useful for everyday expenses and can be used over the phone
and Internet.
o Credit - if you use the credit or charge cards to cover business expenses, you
don't have to settle the bill immediately - you can benefit from an interest-free
period.
o Cards are globally recognized - using cards for foreign-travel purchases may
give you better exchange rates. It also reduces the need to change cash before
traveling.
o Ability to monitor expenditure - you can specify which employees receive
cards and set different credit limits for each card.
o Fast access to cash - card-holding employees can withdraw cash from cash
machines. However, credit and charge card issuers may levy a commission
each time. And, with credit cards, you will pay interest from the day the cash
is withdrawn regardless of when you settle your bill.

Credit Card Certification Page 11 of 65


o Reduction in administration - with a company credit or charge card, you pay
one bill each month, no matter how many purchases you make. Receiving
monthly statements helps with your accounting and administrative procedures.
As purchases are specified you can distinguish business from personal
expenses. Your provider may also be able to supply a report of your annual
expenditure and a breakdown of the VAT charged on purchases - far more
convenient than ploughing through piles of receipts.

• Student Cards - Students generally have little or no credit history. Because of


this, students may often find it difficult to get approved for a traditional credit
card. Student credit cards are set up to help students build up the credit history
that most of them don't already have. Student credit cards are often scaled back in
terms of rewards, features and other benefits. If used wisely, a student can take
the first step towards building a solid credit history with a student credit card.

• Premium Credit Cards - Premium cards such as Gold or Platinum Cards are
charge or credit cards that offer additional benefits such as travel upgrades,
special insurance or exclusive seating for concerts. Generally, premium cards
require a substantial income and an excellent credit history, offer a higher credit
limit, and may charge higher fees.

3.2. Debit Cards

A debit card is issued in conjunction with a saving account or a business current


account, and is a cheap substitute for cheques. Payments are deducted almost
immediately from the associated account. As a result, spending is limited by available
funds and only signatories of the account can use these cards. This offers a greater
degree of control – card-holders can only spend what's in their account - but lacks the
same degree of flexibility as other cards.

There are currently two ways that debit card transactions are processed: Online Debit
(also known as PIN Debit) and Offline Debit (also known as Signature Debit). In
some countries including the United States and Australia, they are often referred to as
"debit" and "credit" respectively, even though in either case the user's bank account is
debited and no credit is involved.

• Online Debit - Online debit cards require electronic authorization of every


transaction and the debits are reflected in the user’s account immediately. The
transaction may be additionally secured with the personal identification number
(PIN) authentication system and some online cards require such authentication for
every transaction, essentially becoming enhanced automatic teller machine
(ATM) cards. One difficulty in using online debit cards is the necessity of an
electronic authorization device at the point of sale (POS) and sometimes also a
separate pin-pad to enter the PIN, although this is becoming commonplace for all
card transactions in many countries. Overall, the online debit card is generally

Credit Card Certification Page 12 of 65


viewed as superior to the offline debit card because of its more secure
authentication system and live status, which alleviates problems with processing
lag on transactions that may have been forgotten or not authorized by the owner
of the card. Banks in some countries, such as Canada and Brazil, only issue online
debit cards.

• Offline Debit - Offline debit cards have the logos of major credit cards (e.g. Visa
or MasterCard) or major debit cards (e.g. Maestro in the United Kingdom and
other countries, but not the United States) and are used at point of sale like a
credit card. This type of debit card may be subject to a daily limit, as well as a
maximum limit equal to the amount currently deposited in the current/chequing
account from which it draws funds. Offline debit cards in the United States and
some other countries are not compatible with the PIN system, in which case they
can be used with a forged signature, since users are rarely required to present
identification. Transactions conducted with offline debit cards usually require 2-3
days to be reflected on users’ account balances.

• FSA Debit Cards - An FSA Debit Card is a special type of debit card issued in
the United States to access tax-favored spending accounts such as Flexible
Spending Accounts (FSA), Health Reimbursement Accounts (HRA), and
sometimes Health Savings Accounts (HSA) as well. All such cards to date bear
the Visa or MasterCard brand and operate through their main networks; thus all
FSA debit card transactions are of the offline variety (also known as "signature
debit" or, inaccurately but commonly, "credit").

Although the value of debit card payments is still less than half the value of credit
card payments, the number of debit card payments now exceeds that of credit cards.
Debit card payments increased 17.5 percent per year from 2003 to 2006. The growth
of debit card payments has given rise to new debit type payment products like prepaid
cards and decoupled debit cards.

3.3. Stored Value Cards

Stored-value cards look like credit cards but are actually prepaid cards. A stored-
value card has a set value which decreases as the card is used. One major difference
between stored value cards and debit cards is that debit cards are usually issued in the
name of individual account holders, while stored value cards are usually anonymous.

Stored-value cards represent money on deposit and function in much the same way as
conventional debit cards. The key difference is that funds are not stored in an account
that is directly linked to the card-holder, but are stored onto the card and held at a
remote database with a financial services provider. In this respect there is no actual
value stored on the card itself; they do not act as a substitute for cash, so lost or stolen
cards can be easily stopped and replaced.

Credit Card Certification Page 13 of 65


Prepaid cards use the Credit/Debit infrastructure and are accepted at all the places
where debit and credit cards are accepted. They have found application in both public
and private sectors. For instance, prepaid cards are used in public sector for making
benefit payments like child support and unemployment benefit payments. In private
sector, prepaid cards are used for payroll in industries where cash or checks are
predominantly used. Prepaid cards are also given to employees for expensing their
travel costs.

Prepaid cards improve the security and control over payments, reducing the potential
for errors and fraud. By replacing the check and cash, they reduce the operational cost
involved in check clearing and cash handling.

Most stored value cards are smart cards (contain an integrated microchip). Smart
cards are more flexible because they contain an integrated microchip that can be
programmed to provide information codes as well as financial information. The
prepaid value of a smart card decreases as you use the card but can be increased by
paying for additional value. Many colleges issue smart cards that give students access
to food services, vending, photocopying, laundry, telephone and other purchases as
well as access to the library, laboratories and other secured areas on campus.

Depending on the acceptability, stored-value cards can be classified as –


o Closed system cards - Closed system cards have emerged and replaced the
traditional "gift certificate" and are commonly known as "gift cards".
Purchasers buy a card for a fixed amount and can only use the card at the
merchant that issues the card. Generally, few if any laws govern these types of
cards. Card issuers or sellers are not required to obtain a license. Closed
system cards are not subject to Patriot Act, as they generally cannot identify a
customer. Traditionally, gift certificates have fallen under state abandoned
property law (APL). However, the emergence of closed system cards has
blurred the applicability of APL.

o Semi-closed system cards - These are similar to closed system cards.


However, card-holders are permitted to redeem the cards at multiple
merchants within a geographic area. These types of cards are issued by a third
party, rather than the retailer who accepts the card. Examples include
university cards and mall gift cards. Laws governing these types of cards are
unsettled.

o Open System Purchasing Cards – These are also known as "stored value credit
cards", however, they are not really credit cards, as no credit is offered by the
card issuer: the card-holder spends money which has been "stored" on the card
via his own prior deposit. The value is not physically stored on the card;
instead, the card number uniquely identifies a record in some central database,
where the balance is recorded. These cards are similar to gift cards, but are
issued with a credit card logo such as Visa or MasterCard and can, unlike gift

Credit Card Certification Page 14 of 65


cards, be used anywhere a Visa or MasterCard may be used. They are very
similar to a debit or check card except that they don't require a checking
account. However, they do not have many of the benefits of the credit card
(like product or service return/refund assistance, unauthorized purchase
protection, etc).
These cards have been marketed to consumers with poor credit, who are
unable to qualify for the line of credit that backs a mainstream credit card. The
fees associated with these cards are often very high.
A variation of this are the PaidByCash virtual cards in the United States and
the 3V cards issued in the Republic of Ireland. These consist only of a card
number plus expiry date and verification number, so can only be used for
customer-not-present transactions.

o Open System Prepaid Cards – These are the most regulated of all the stored
value cards. An example is the Payroll card. Payroll cards are used by
employers to pay employees. The employee is issued a card that permits
access to an account established by the employer. At the end of each pay
period, the employee's ability to draw money from that account is increased
by the amount of his or her wages. The card may be used at an Automated
Teller Machine (ATM) to obtain cash, and, in some instances, may be used at
a store to pay for purchases. The payroll card is particularly useful for
employees who do not have a regular checking or savings account at a
financial institution because they can access their wages conveniently. Also, if
there is no charge for using ATM, they avoid fees charged for cashing checks.
The advantage to the employer is low cost of paying wages and efficiency.

An example of stored-value card is special pre-paid Visa card for mail, telephone
and Internet use only (this segment is popularly known as MOTO segment).
These are made available by a small number of banks. They are sometimes called
"virtual Visa cards", although they usually do exist in the form of plastic. An
example is 3V. Recently, these virtual cards have been increasingly issued by
non-financial institutions such as grocery and convenience stores to consumers as
a replacement for money orders (such as PaidByCash in the United States). Such
cards can be used whenever the remote store accepts Visa cards. Before making a
transaction, the customer transfers the required amount of money from his main
account to the card's sub-account using the bank's website or telephone. Next, the
customer gives the card number and the CVV2 code (a 3 - 4-digit value associated
with a card; it is used to secure "card not present" transactions) to the merchant,
who authorizes the transaction electronically, as with a regular Visa card. If there
is enough money in the sub-account, the bank grants the authorization and locks
the adequate amount on the sub-account.

Such a card prevents fraud by a card number thief even if the card is not blocked,
because the customer normally does not store any money on the sub-account and

Credit Card Certification Page 15 of 65


fraudulent transactions do not get authorized by the bank. For extra security, the
CVV2 code is not printed on the card but rather sent separately to the customer in
a secured envelope.

The bank also rejects local transactions (ones that are not made over the Internet,
mail or telephone). However, some merchants use software incompatible with
Visa regulations and send authorization requests that wrongly tell the bank that
the transaction is not a MOTO/Internet one, in which case the bank rejects the
request. Additionally, some merchants do not use electronic authorization at all, in
which case the transaction cannot be completed as well. For these two reasons the
card is unusable with a small minority of Internet, telephone and postal stores.

Credit Card Certification Page 16 of 65


4. Key Features of a Credit Card
Let us see what a credit card looks like, what are its key features and understand
various signs, symbols numbers that appear on a card.

This is what the front-side of a typical card looks like -

Fig 4-1 - Front-side of a typical card

1) Logo of the Issuer Bank (the bank that issues the card)
2) EMV chip (commonly referred to as 'Chip And Pin') – the smart-card chip
3) Hologram
4) 16 digit card number
5) Logo of the card network (Visa, Master, Discover, Amex, etc)
6) Expiry date of the card
7) Name of the card-holder

This is what the reverse-side of a typical card looks like –

Fig 4-2 - Back-side of a typical card

(1) Magnetic stripe


(2) Signature strip
(3) CVV2 code - used to secure "card not present" transactions

Credit Card Certification Page 17 of 65


4.1. Credit-Card Numbers

Card numbers have a certain amount of internal structure, and share a common
numbering scheme.

Fig 4-3 - Numbers on a card

The first digit in credit-card number signifies the Major Industry Identifier (MII) that
represents the category of the entity that has issued the credit card. Different digits
represent the following issuer categories:
0 – ISO/TC 68 (a technical committee of International Standards Organization) and
other industry assignments
1 – Airlines
2 – Airlines and other industry assignments
3 – Travel/ Entertainment cards (such as American Express and Diners Club)
4 – Banking & Financial
5 – Banking & Financial
6 –Merchandizing and Banking
7 – Petroleum
8 – Telecommunications and other industry assignments
9 – National assignments

For example, American Express, Diner's Club, and Carte Blanche are in the travel
and entertainment category, Visa, MasterCard, and Discover are in the banking and
financial category, and Sun Oil and Exxon are in the petroleum category.

Credit Card Certification Page 18 of 65


Structure of the card number varies as per the system. E.g. American Express card
numbers start with 37; Carte Blanche and Diners Club with 38.

In general, each card number has three parts –


• Issuer Identifier Number - the set of first 6 digits
• Account Number - the next 7 to (n-1) digits. For 16-digit credit card numbers,
there are 10 possible numbers (from 0 to 9) that can be arranged in these 9 places.
This gives rise to 10^9 combinations, that is, 1 billion possible account numbers
(per Issuer Identifier).
• Check Digit - the last digit to ensure that the card number is correct; for a given
Issuer Identifier and an account number, there cannot be more than one correct
check digit.

Within each of the first two parts, each network follows different protocols –
• American Express - Digits three and four are type and currency, digits five
through 11 are the account number, and digits 12 through 14 are the card number
within the account and digit 15 is a check digit.
• Visa - Digits two through six are the bank number, digits seven through 12 or
seven through 15 are the account number and digit 13 or 16 is a check digit.
• MasterCard - Digits two and three, two through four, two through five or two
through six are the bank number (depending on whether digit two is a 1, 2, 3 or
other). The digits after the bank number up through digit 15 are the account
number, and digit 16 is a check digit.

4.2. The Stripe on a Credit Card

The stripe on the back of a credit card is a magnetic stripe or a magstripe. It is


made up of tiny iron based magnetic particles in a plastic-like film. Each particle is
a tiny bar magnet.

There are three tracks on the magstripe. Each track is about one-tenth of an inch
wide. The ISO/IEC standard 7811, used for magstripes, specifies:
• Track one is 210 bits per inch (bpi), and holds 79 6-bit plus parity bit read-only
characters.
• Track two is 75 bpi, and holds 40 4-bit plus parity bit characters.
• Track three is 210 bpi, and holds 107 4-bit plus parity bit characters.

Credit Card Certification Page 19 of 65


A card typically uses only tracks one and two. Track three is a read/write track (it
usually includes an encrypted PIN, country code, currency units and amount
authorized), but its usage is not standardized among banks.
The information on track one is contained in two parts – Part A, which is reserved
for proprietary use of the card issuer, and Part B, which includes the following:
• Start sentinel - one character
• Format code= "B" - one character (alpha only)
• Primary account number - up to 19 characters
• Separator - one character
• Country code - three characters
• Name - two to 26 characters
• Separator - one character
• Expiration date or separator - four characters or one character
• Discretionary data - enough characters to fill out maximum record length (79
characters total)
• End sentinel - one character
• Longitudinal redundancy check (LRC) - one character. LRC is a form of
computed check character.

The format for track two, developed by the banking industry, is as follows:
• Start sentinel - one character
• Primary account number - up to 19 characters
• Separator - one character
• Country code - three characters
• Expiration date or separator - four characters or one character
• Discretionary data - enough characters to fill out maximum record length (40
characters total)
• LRC - one character

To retrieve the information on the magstripe one needs a magstripe reader. If an


ATM does not accept a card, it could be because of -
• dirty or scratched magstripe
• erased magstripe

Credit Card Certification Page 20 of 65


5. Card Network Models

Cards are basically payment mechanisms. Today, typical card transactions involve
multiple participants - card-holders, merchants, banks issuing cards and processing
merchant transactions, and processing network. Over the last half century, cards have
evolved from bilateral models (involving only merchants and card-holders) to
multiple-issuer models (involving a number of parties). Let us look at these models –

5.1. Bilateral Model

Fig 5-1 - A bilateral card network model

This is the simplest form of model, wherein a merchant issues cards to its customers
in order to provide credit. In this model, the card-holder makes purchases; the
merchant presents a bill to the card-holder listing all purchases at the end of the
billing period (usually a month). After the merchant presents the card-holder with the
bill, the card-holder sends the payment to the merchant.
In this model, the information and funds flow between a merchant and a card-holding
customer when the merchant extends credit.

5.2. Single Card Issuer Model

Credit Card Certification Page 21 of 65


Fig 5-2 - A single-issuer card network model

A bilateral model evolved into the more complex Single-Issuer model (also known as
Closed-Loop Card Association model). In this system, cards are issued by an entity
that is separate from the merchants. This entity is called the Issuer; in cases where the
entity is an association of a number of entities, it is known as Card Association. The
issuer in this case has relationships with a number of merchants who extend credit to
customers who hold the cards issued by the issuer. Merchants send information about
each purchase, including the customer account number, the transaction amount, and
verification to the card issuer. The card issuer pays the merchants and sends monthly
statements to the card-holders listing all transactions which occurred during the
statement period. The customers then pay the balance due, in whole or in part, based
on the credit terms that were extended by the issuer.

The original Diners Club model and, until very recently, Discover Card and American
Express models (which have now converted to the multiple-card-issuer model) are of
this type.

5.3. Multiple Card Issuer Model

Credit Card Certification Page 22 of 65


Fig 5-3 - A multiple-issuer card network model

The most complex form of credit card network is the one with the greatest number of
participants: the multi-issuer card model (Visa and MasterCard networks are typical
examples of this model).

In this model there is one card association, many card-holders, many merchants, and
multiple banks. The card association (or network) plays an important role by
imposing rules for issuing cards, clearing and settling transactions, advertising and
promoting the brand, authorizing transactions, assessing fees, and allocating revenues
among transaction participants. Further, each participant in the credit card transaction
has an incentive for participating in the network.
The above figure shows a basic illustration of the multiple card issuer model with an
example of the flow of payments in a sample $100 credit card purchase. The card-
holder makes a purchase for $100 by presenting the card (which contains the account
information) to the merchant. The merchant transmits the card-holder's account
number and the amount of the transaction to its bank (generally called the acquiring
bank). The card association sends an authorization request to the issuing bank. The
issuing bank sends back an authorization response to the card association. If the
issuing bank approves the transaction, it will send $98.00 to the card association.
Next, the card association sends the authorization response to the acquiring bank

Credit Card Certification Page 23 of 65


along with $98.00 to the merchant's bank. The acquiring bank then sends $97.50 to
the merchant, subtracting 50 basis points for its services. At the end of the billing
cycle, the issuing bank sends a monthly statement to the card-holder and receives
payment of $100 from the card-holder.

Credit Card Certification Page 24 of 65


6. Key Players

Having understood the card network models, let us understand the role of each player.

6.1. Card-Holder

The owner of a credit card is referred to as card-holder. The card-holder or consumer


is issued a credit card after necessary verification by a credit approving authority
which s/he can use to make purchases at merchants up to a defined limit (known as
credit limit). Based on the responsibility for making the payments, a card-holder can
be –
• Primary Card-holder - the person listed on an account, who has the primary
responsibility and obligation for making payments due on the card account.
• Secondary Card-holder - The secondary card-holder is an add-on card-holder to
the primary card-holder. All transactions executed on the secondary card will
appear on Primary card-holder account. The advantage on add-on card is any
dependent on Primary card-holder can use the card independently.

6.2. Merchant

A merchant is an individual or a business establishment that accepts credits card as a


means of payment for products or services sold to the card-holder. Merchants accept
cards as this provides customers with another payment option and in most cases
increases the amount of spend.

6.3. Issuer

An issuer is a bank, organization or financial institution that issues the card to card-
holder.

An issuer is responsible for marketing (sourcing new accounts), card production,


loyalty and campaigns. It evaluates potential customers for credit risk. It is
responsible for generating the payment statements that are required to be paid back by
the card-holder and bears the risk in case of any fraud. Other functions it conducts
include collections, payment processing and customer service.

For an organization to be an issuer, it needs to tie up with a number of organizations -


- card association (Visa, Master, Discover, Amex and JCB etc), card vendors (for
card embossing, production, etc), credit bureaus and third party processors for
outsourcing.

Credit Card Certification Page 25 of 65


While there are more than 7000 card issuers in the US alone, the following top ten
issuers controlled an estimated 89.5% of the general purpose credit card market share
in 2004 –
1. JPMorgan Chase
2. Bank of America
3. Citigroup
4. Capital One
5. U.S. Bank
6. HSBC
7. Wells Fargo
8. USAA Savings
9. Washington Mutual
10. Barclays

6.4. Acquirer

An acquirer is an organization that is in the business of processing credit card


transactions for business businesses (acceptors). It is an organization that collects
credit-authentication requests from merchants and provides the merchants with a
payment guarantee.

An acquirer provides a number of services, including –


• Providing authorization services when customers present their cards -- the
acquirer processes the transaction information, coordinates and updates its
accounts, and then relays the sales data to the issuing bank for authorization. Once
the transaction is authorized, the acquirer informs the merchant that the sale has
been approved.
• Acquirer takes risk by paying to merchants upfront.
• Signing up merchants and managing relationship with them.
• Installing terminal equipment
• Keeping track of transactions and reporting the data to merchants
• Transferring funds to the merchant on a daily basis to cover card purchases, i.e.
clearing and settlement
• Responding to merchant problems with card processing

6.5. Network / Association

For a transaction to be serviced it requires an electronic network. The network allows


for movement of electronic data by acting as a medium for transmission, verification
and validation and authorization before a merchant acknowledges it in lieu for a
product or service. An association is a group of card issuing banks that set the terms
and conditions for merchants, issuers and acquirers.

Credit Card Certification Page 26 of 65


Credit card networks can be classified as two types – proprietary (also known as
single issuer model) and open (also known as multiple issuer model) networks.

Examples of open card networks are –


• Visa - Visa, Inc., commonly called VISA, is an economic joint venture of
20,000+ financial institutions that issue and market Visa products including credit
and debit cards. The company was originally named Visa International Service
Association (was born in 1966, when the Bank of America established the
BankAmerica Service Corporation that franchised the BankAmericard brand –
later to be known as Visa). The name change occurred in the fall of 2007 as a part
of VISA's restructuring and IPO plan. The company is based in San Francisco,
California, USA.
• MasterCard - In 1966, a national credit card system was formed when a group of
credit-issuing banks joined together and created the Interbank Card Association
(ICA). The ICA is now known as MasterCard Worldwide, though it was
temporarily known as MasterCharge. This organization competes directly with a
similar Visa programs.

The “open” associations are different from proprietary ones in that an 'open-loop'
system requires interbank cooperation and funds transfers. Visa and MasterCard’s
organizations both issue credit cards through member banks and set and maintain the
rules for processing. Their members share card program costs, making the bank card
program available to even small financial institutions. They are both run by board
members who are mostly high-level executives from their member banking
organizations.

Examples of proprietary card networks are –


• Discover
• American Express
• Diners Club

Till recently, bylaws of Visa and MasterCard associations allowed banks to belong to
both associations and issue both types of cards to their customers; and more
significantly prevented the member-banks from issuing cards of other networks (e.g.,
American Express, Discover, etc). However, recent court rulings have made such
bylaws illegal and hence, allowed the erstwhile closed-loop / proprietary networks to
issue cards through other financial institutions.

6.6. Processors

The back end systems that are responsible for encrypt-decrypt data, verification,
validating and authorizing transactions are called processors.

Credit Card Certification Page 27 of 65


6.7. Credit Bureaus

A credit bureau is an independent agency that provides credit information on


individual borrowers. This assists issuers in assessing the credit worthiness in terms
of one’s ability to pay back of a potential card-holder and expedites the process of
credit card issuance.

Credit bureaus collect and collate personal financial data on individuals and
businesses from data furnishers with which the bureaus have a relationship. Data
furnishers are businesses, utilities, debt collection agencies, public institutions, and
the courts (i.e. public records) that a consumer or business has had a relationship or
experience with. Data furnishers report the experience with the consumer or business
to the credit bureaus. The data provided by the data furnishers as well as collected by
the bureaus are then aggregated into the credit bureaus data repository or files. The
resulting information is made available on request to contributing companies for the
purposes of credit assessment and credit scoring. While Equifax (also called CBI),
Experian (formerly TRW), TransUnion and Innovis are the major global credit
bureaus, there are about 50 regional credit service providers and a number of local
bureaus in the US.

6.8. On-us and Off-us Merchants and Cards

Since most of the large banks are both issuers and acquirers, it is possible for a bank
to be both issuer and acquirer for a particular transaction. An issuer classifies
merchants as –
• On-us Merchants – merchants who have been acquired by the issuer bank
• Off-us merchants – merchants who have not been acquired by the issuer bank

Similarly, acquirers classify cards as –


• On-us Cards – cards issued by the acquirer bank
• Off-us Cards – cards not issued by the acquirer bank

These classifications are important because these determine what risks the bank is
taking and what the quantum of rewards from these transactions. The graph below
shows this in a pictorial form.

Credit Card Certification Page 28 of 65


Fig 6-1 - Risk-reward matrix for on-us off-us transactions

For example, if JP Morgan Chase is the acquirer for all card transactions at Wall Mart
and Bank of America is the acquirer for transactions at American Airlines, the
scenarios (from JP Morgan Chase’s perspective) would be –
• A JP Morgan Chase card-holder uses his card at Wall Mart – the transaction
would be termed as an On-us – On-us transaction. JP Morgan Chase would earn
the most revenue in this transaction (approx 1.4% - 1.9%). JP Morgan Chase
undertakes the highest risk (merchant risk as well as card-holder risk) and hence it
earns highest rewards.
• A Bank of America card-holder uses his card at Wall Mart – the transaction
would be termed as an Off-us – On-us transaction. JP Morgan Chase would earn
between 0.5% and 0.7% for this transaction -- lower risk (only merchant risk)
hence lower rewards.
• JP Morgan Chase Card-holder uses his card at American Airlines – the transaction
would be termed as On-us-Off-us transaction. JP Morgan Chase would earn
between 1.1% and 1.4% for this transaction -- higher risk (card-holder risk) and
hence higher rewards.
• If an Amex card-holder uses his card at American Airlines then the transaction
would be termed as an Off-us – Off-us transaction – these transactions would not
be visible to JP Morgan Chase and represents the market share which is lost to
competition -- no risk hence no rewards.

Credit Card Certification Page 29 of 65


7. Basic Transaction Flow
In this chapter we would look at the mechanism of a card transaction, right from the
time that a customer presents his card to pay for the good/service he is buying to the
time that he makes the payment to the card-issuing bank.

7.1. Authorization

A card transaction has three discrete steps – authorization, clearing and settlement.
Let us understand authorization process with the help of diagram below.

Fig 7-1 - Authorization Process

Authorization is a process of validating the card and checking whether there is


enough credit on the card account to pay for the transaction. After an authorization,
even though the card is not actually charged, the amount is blocked on the card and
reserved for this transaction.

• Voice Authentication - merchants with few transactions each month do voice


authentication using a touch-tone phone.
• Electronic data capture (EDC) – merchants have swipe terminals using which
they / card-holders swipe the card and enter the amount. This is the most common
way.
• Virtual terminals – this is the way that internet shopping sites use.

Authorization is made up of a request and a reply. When a reply is sent back to the
terminal, the switch may receive a completion message from the terminal which
confirms that action taken by the terminal. The switch then sends an acknowledgment
of receipt to the terminal. The steps in authorization are –

Credit Card Certification Page 30 of 65


1. Customer presents the card to a cashier (enters the card number online in case of a
card-not-present scenario)

2. The cashier swipes credit card through a reader. The EDC software at the point-
of-sale (POS) terminal dials a stored telephone number to call an acquirer.

3. The acquirer gets the credit-card authentication request and checks the transaction
for validity and the record on the magstripe for:
• Merchant ID
• Valid card number
• Expiration date
• Credit-card limit
• Card usage
• Personal Identification Number (PIN) entered by the card-holder using a
keypad (in case of online debit card). The PIN is typically not on the card -- it
is encrypted (hidden in code) in a database.
If it finds no issue with the request, acquirer forwards the request through the
network (Visa in this case to the issuer.

4. The issuing bank checks to see if the customer information is valid and if there is
enough credit in the account to cover the transaction. At the same time, it verifies
that the billing address on the order matches the billing address on file for the
credit card (this is called Address Verification Service).

5. If the account is valid and there is enough credit and the address is verified, the
issuing bank sends an authorization code back to the merchant (through the
acquirer) and puts a hold on the funds in the customer's account. If the account is
not valid or there isn't enough credit to cover the transaction or there is a problem
with the billing address, the issuing bank sends a "transaction declined" message
back to the merchant. On receipt of this message, the POS machine displays a
receipt to the cashier if the transaction was authorized, or a "problem" message if
declined.

Sometimes, an authorization request is aborted before it reaches the authorization


server (can happen at the ATM / POS terminal or at the switch). In case of an aborted
request, the payment network has the functionality to ensure reversal – ensuring that
money debited, if any, is credited back.

If the authorizer is unavailable the system may stand-in to authorize the transaction.
There are a variety of ways that stand-in can be provided. Authorization processor has
a set of pre-defined rules for stand-in.

Credit Card Certification Page 31 of 65


7.2. Clearing

Fig 7-2 - Clearing and Settlement Process

After a card transaction is authorized, payment of money to all parties involved is a


two step process where the first step is Clearing followed by Settlement.

During the clearing process the acquirer provides the issuer with information on the
sale. No money is exchange during clearing. Clearing involves the exchange of data
only. The acquirer provides data required to identify the card-holder’s account and
provide the dollar amount of the sales. When the issuing bank gets this data, the bank
posts the amount of the sale as a draw against the card-holder’s available credit and
prepares to send payment to the acquirer.

Steps involved in clearing are –


1. Merchant delivers sales draft info to acquirer (by hand or electronically)
2. Acquirer credits merchant account (less fee)
3. Acquirer batches all sales drafts info
4. Acquirer forwards sales drafts from all its merchants to the network (Visa
Interchange Center in this case)
5. The network center consolidates transactions from all acquirers and creates
interchange files for each issuer

7.3. Settlement

Settlement is the step where actual exchange of funds takes place. The issuer sends a
record of money that is being transferred from its account to that of the acquirer.
From this account the acquirer pays the merchant. Funds are settled between issuers

Credit Card Certification Page 32 of 65


and acquirers through accounts with large banks that are members of the Federal
Reserve System and have been selected for that purpose. Payments to merchants are
made usually through the Federal Reserve’s Automated Clearing House (the “ACH”)
which is an electronic funds transfer system.

Steps involved in clearing are –


6. The network center transmits interchange files electronically through the payment
network to issuers
7. Issuers post transactions to card-holder statements
8. Issuers transfer funds to the settlement bank for all acquirers
9. Issuers produce statements for card-holders

Credit Card Certification Page 33 of 65


8. Commercials of a Card Transaction

Pays n/w 7.9


Cents per
Pays n/w 6.9 transaction
Cents per
transaction VISA

4) Submit
transaction
5) Issuer pays
3) Gets paid to n/w
Acquirer 6) Issuer charges
$98.10. Discount 98.60 $.
2) Submit 100$ to the card
1.9% Discount 1.4
sales draft holder
%

7) C/H Pays
1) Purchase 100$ 100 $

Fig 8-1 - Commercials of a typical card transaction

8.1. Discount / Interchange Fees

Discount or Interchange fees (as it is known in the industry parlance) is the most
important component of a credit card transaction.

Interchange fee is one component of the Merchant Discount Rate, which is paid by
merchants to their banks when they accept credit and debit cards for purchases. The
card-issuing bank in a payment transaction deducts the interchange fee from the
amount it pays the acquiring bank that handles a credit or debit card transaction for a
merchant. The acquiring bank then pays the merchant the amount of the transaction
minus both the interchange fee and an additional, smaller fee for the acquiring bank.

In the diagram above, 1.4% is the interchange fees (the discount by issuer to the
acquirer).

Interchange fees have a complex pricing structure, which is based on the card brand,
the type of credit or debit card, the type and size of the accepting merchant, and the
type of transaction (e.g. online, in-store, phone order). Further complicating the rates
schedules, interchange fees are typically a flat fee plus a percentage of the total
purchase price (including taxes).

Credit Card Certification Page 34 of 65


Interchange rates are established at differing levels for a variety of reasons. For
example, a premium credit card that offers rewards generally will have a higher
interchange rate than do standard cards. Transactions made with credit cards
generally have higher rates than those with signature debit cards, whose rates are in
turn typically higher than PIN debit card transactions. Sales that are not conducted in
person, such as by phone or on the Internet, generally are subject to higher
interchange rates, than are transactions on cards presented in person.

Cards in a multi-issuer model represent a complex form of two-sided markets --


merchants are more willing to accept cards that have many card-holders, and card-
holders want cards that are accepted at many establishments. The payment network
benefits the merchant and the buyer jointly and entails joint costs, and it must price its
service so that it gets and keep, the two sides participating in the network. It does this
largely by setting interchange fees at levels that will maintain balance in the incentive
structures of issuing banks (banks that issue credit cards) and acquiring banks (banks
that service merchants and process their credit card transactions).

8.2. Membership / Annual Fees

Annual fee is a charge sometimes required by credit card companies for use of an
account. Annual fees range between $10-50 a year and are most common with
rewards cards or cards for subprime borrowers.

8.3. Finance Charges

Biggest revenue stream for card issuers is from finance charges – basically interest
earned from outstanding dues on credit card accounts.

Different credit card issuers calculate the outstanding amount for finance charges in
different ways. Some card companies gives a stretch during which no interest is
charged for new purchases; others start the finance charge meter running the minute a
purchase is made. It all comes down to whether or not the company includes new
purchases in the outstanding balance, which is the amount on which finance charges
are computed. Different ways in which different credit card issuers calculate the
outstanding balance include –
• average daily balance method, including new purchases
• average daily balance method, excluding new purchases
• two-cycle average daily balance method, including new purchases
• two-cycle average daily balance method, excluding new purchases
• adjusted balance method
• previous balance method

Credit Card Certification Page 35 of 65


With the average daily balance method, the outstanding balance is averaged for the
billing cycle. So, the company adds up the outstanding balance for each day during
the billing cycle, taking into account any payments you may have made or credits
received, then divides by the number of days in the billing cycle. Whether or not the
company includes new purchases in this balance can make a big difference in the
finance charge an individual pays. If the company excludes new purchases, the user
essentially gets to own those products interest-free until the beginning of the next
billing cycle.

The two-cycle average daily balance method works much the same way, except it
takes the current and the preceding billing cycle into account in computing the
outstanding balance.

The adjusted balance method is perhaps the easiest to understand. It’s simply the
outstanding balance at the beginning of the billing cycle, less any payments or credits
during that billing cycle.

Finally, the previous balance method is the outstanding balance at the beginning of
the billing cycle (ignoring any payments in the interim).

The methods that normally result in the lowest finance charges—and, therefore, work
best for the consumer—are:
• the average daily balance method, excluding new purchases
• the adjusted balance method
• the previous balance method

8.4. Cash Advance Fees

Most card issuers charge a hefty fee for a cash advance (usually 2 to 4 percent of the
amount). Many issuers charge higher interest rate on cash advances than they do on
purchases. And, on top of that, there’s usually no grace period—so the higher interest
starts piling up right away.

A point to note is that payments are allocated to the lower-interest charges first,
which means that even if the card-holder pays some part of the outstanding balance, it
is usually allocated to purchases and the interest keeps building on the cash advance
amount.

8.5. Other Fees and Charges

Late Fees - If a card-holder’s payment arrives late, the credit card company charges a
penalty, usually in the $15 to $50 range. Some card issuers trigger a penalty interest
rate on some accounts if there are multiple late fees in a specific time period (such as
two late fees within six months) -- these interest rates can be exorbitant (as high as

Credit Card Certification Page 36 of 65


23.99 percent) and can last for the life of the credit card account. Some credit card
companies monitor card-holder’s credit reports even after they’ve already issued a
card and in some instances, increase the interest rate on cards if the credit reports
indicate late payments to other accounts.

Over-Limit Fees – the fees charged by issuer for allowing card-holders transactions
that put the card account over the agreed limit. These are typically $20 - $25 and
apply for all the billing period that the card balance remains over the limit.

Credit Card Certification Page 37 of 65


9. Business Processes
Now that we have gained detailed understanding of the basic processes in a credit
card transaction, namely, Authorization, Clearing and Settlement, in this section we
would cover some of the other business processes followed in the cards department of
an Issuing bank.

9.1. Credit Evaluation

When a customer applies for a card, the bank checks credit worthiness of the
customer. The bank uses internal credit scoring models and uses credit bureaus for
this. This section would cover the details of credit rating / scoring and how banks use
them to make credit decisions.

When a customer fills out an application for credit card, the bank requests a detailed
credit report on the customer a credit bureau (sometimes the bank sends this request
to only one bureau while at other times it sends it to more than one). Credit bureau
reverts back with a detailed credit report on the customer. Such a credit report is a
record of individual’s past borrowing and repaying, including information about late
payments and bankruptcy. This information is used by the credit card company to
determine the individual's credit worthiness; that is, determining individual’s means
and willingness to repay indebtedness. This helps determine whether to extend credit,
and on what terms. With the adoption of risk-based pricing on almost all lending in
the financial services industry, this report has become even more important since it is
usually the sole element used to choose the annual percentage rate (APR).

The most important part of a credit report is the credit rating / credit score. It is an
indicator of the credit worthiness and aids lending decisions by helping the lender
understand the risks and price the credit. It is a numerical expression based on a
statistical analysis of a person's credit files, to represent the creditworthiness of that
person. Credit scoring is not limited to card issuers alone. Other organizations, such
as mobile phone companies, insurance companies, employers, and government
departments employ the same techniques.

Credit ratings are determined differently in each country, but the factors are similar,
and may include –
• Payment record - a record of bills being overdue lower the credit rating.
• Control of debt - lenders wants to see that borrowers are not living beyond their
means. Experts estimate that non-mortgage credit payments each month should
not exceed more than 15 percent of the borrower's after tax income.
• Signs of responsibility and stability - lenders perceive things such as longevity
in the borrower's home and job (at least two years) as signs of stability. Having a
respected profession can improve a credit rating.

Credit Card Certification Page 38 of 65


• Credit cards that are not used - although it is believed that having too many
credit cards can have an adverse effect on a credit score, closing these lines of
credit may not improve the score. Credit rating formulae look at the difference
between the amount of credit a person has and the amount being used – lower the
percentage of available credit, the more the credit score will drop. The credit
formulae also factor in the length of time credit accounts have been open.
• Credit inquiries – an inquiry is a notation on a credit history file. There are two
types of credit inquiries –
o Soft pulls – these don't affect the credit score and are characteristic of the
following examples: A credit bureau may sell a person's contact
information to an advertiser purchasing a list of people with similar
characteristics, like homeowners with excellent credit. A creditor can
check a person's credit periodically. Or, a credit counseling agency, with
the client's permission, can obtain a client's credit report with no adverse
action.
o Hard credit inquiries – these are typically made by lenders. Lenders, when
granted a permissible purpose by a borrower for the purposes of extending
his credit, can check his credit history. Hard inquiries from lenders
directly affect the borrower's credit score. Keeping credit inquiries to a
minimum can help a person's credit rating. A lender may perceive many
inquiries on a person's report as a signal that the person is looking for
loans and will possibly consider that person a poor credit risk.

Score can be different for the same customer from any of the three major agencies,
depending on the data sources and their logic to determine the score.

The most widely used credit model in the industry is FICO (The Fair Isaac Company)
model. It uses the following criteria to develop a numeric score called the FICO score
(which ranges between 0 – 1000) –
• Payment History – this factor carries 35% weightage. Recent late payments
lower credit score.
• Credit Utilization – has 30% weightage. Balances below 50% of the credit line
improve score.
• Credit History – has 15% weightage. Longer the account history better is the
score.
• Inquiries – has 10% weightage; includes number of enquiries / new accounts /
length since last inquiry.
• Other factors can also be added to the model but they cannot be discriminatory
(e.g., use of parameters such as race, color, nationality, sex etc is prohibited).

Customers are usually classified into the following grades based on FICO scores –
• 720 and above - AA
• 700 to 719 - A
• 680 to 699 - A- / B+
• 660 to 679 - B+/B
• and so on

Credit Card Certification Page 39 of 65


One of the important concepts in credit history is that of re-aging. Through re-aging,
a credit history is re-written and the person is given a fresh start on that particular
account. This can dramatically improve the credit score. In 2000 the Federal Financial
Institutions Examination Council (FFEIC) clarified guidelines on re-aging accounts
for delinquent borrowers.

9.2. Reward Programs

It is in the interest of all players to incentivize customers to use cards more often and
to make large purchases each time. The primary tool for this is Reward Program
managed by Issuing banks. Most credit card companies have Reward Programs to
ensure that they not only retain existing customers but also give incentive to potential
customers to use their credit cards. In other words, Reward programs enable credit
card companies to make their customers more loyal to them. Rewards programs may
be of different kinds –
• Points – each kind of transaction add to points against the customer’s account that
can be later redeemed for items like merchandise or cash.
• Gas and Retail – programs that allow redemption of points for gas and retail
purchases
• Travel / Hotel / Holiday – one of the most popular Reward programs where the
customer is rewarded with travel miles (tickets for travel), hotel accommodation
or vacation packages.
• Cash-back – these kinds of credit cards usually require an excellent credit
history. The customer gets cash back on transactions.

Reward programs are usually implemented after conducting a marketing research


analysis. The actual structure of the rewards and the quantum of the rewards depend
on the drivers for starting the reward programs; some of these drivers could be –
• Ensure loyalty of existing customers
• Attract new customers
• Motivate existing customers to maintain a good credit record so that they qualify
for Rewards programs thereby bringing down cases of fraud/delinquency
• Motivate existing customers to spend more
• Drive co branded partnerships to success stories
• Increase the spend on On-us cards / from On-us merchants

9.3. Billing

Billing cycle is the period between two statement dates; normally, a billing cycle
has 30 days. On the billing date, all the purchases made using the credit card during
the previous 30 days are added and billed to the card-holder.

Credit Card Certification Page 40 of 65


Credit card issuers calculate the account balance over one billing cycle or two (a one
cycle billing period will usually result in lower charges), and may include or exclude
new purchases in the balance (excluding new purchases is usually better for
consumers). The balance may be calculated in one of these 3 ways:
• Adjust Balance Method – The credit card issuer computes the financial charges
by taking the amount owed at the start of billing cycle and subtracting any
payments made during the cycle. New purchases are not included.
• Previous Balance Method – The issuer uses the amount owed at the beginning of
the billing cycle to compute finance charges.
• Adjusted Daily Balance Method – The issuer adds balances for each day in the
billing cycle and then divides that total by the number of days in the cycle.
Payments made during that period are subtracted to get the daily amounts owed.
New purchases may or may not be included, depending on the plan. If the issuer
uses the two-cycle average daily balance method, it uses the average daily balance
for two billing cycles. New purchases may or may not be included in the total.

9.4. Payments Processing

Customers are informed of the amount they need to pay each month by means of a
regular monthly statement. This statement comprises of a variety of charge and
payment information displaying a snapshot of the customers’ account at that point in
time. The statement is generated every month at about the same time, and is termed
as “statement date”. The time between two statement dates is called the “statement
cycle”.

The monthly statement shows –


• Statement cycle date
• Payment Due date
• Transaction history for the billed period
• The actual payment amount due till date
• The minimum payment on credit card (calculated as a percentage of current
balance). The issuer expects at least the minimum payment to be sent in by the
payment due date -- a late fee is applied if the minimum payment is not received
by the payment due date. The unpaid balances start accruing interest from the
transaction posting date.
• Any additional charges / processing fees/ late fees etc.

Traditionally paper statements were sent out for every credit card account on their
cycle day. To reduce risks of identity thefts and to reduce the possibility of the
statement falling in wrong hands, companies now offer paperless statements / e-
statements wherein the statements are available online and can be downloaded from
the site directly.

The most common method of credit card payment is dropping a check of an amount
equal to the total payment due or at least the minimum amount due in the nearest drop

Credit Card Certification Page 41 of 65


box of the credit card issuing bank or company. Modern methods allow payments
through ACH (Automated Clearing House), Wire Transfers, VRU (Voice
Recognition units) and Electronic Fund Transfers.

The amount deposited by a card-holder can be in one of the following states –


• Processed Payment – payment submitted through a certified payments
processing method (e.g. paper check, direct deposit, internet, etc.) but not yet
posted to an account
• Posted Payment – payment successfully applied to a credit card account
• Posted Returned Payment – payment returned by the issuing bank as being
invalid for various reasons.

9.5. Disputes and Chargeback

To “dispute” something is to question the validity of it. All calls into a credit card
company related to disputes begin the same way. The representative will inquire
about the nature of the dispute to determine how it will be handled by the company.

In the U.S., the Fair Credit Billing Act (FCBA) outlines the dispute settlement
procedures. The FCBA law applies to credit accounts, like credit cards and revolving
charge accounts. It does not cover installment loans or lines of credit. The law is
meant to address billing errors, such as unauthorized charges, charges with the wrong
amount or date, charges for items that were not delivered, and math errors. Common
errors include transposition (charged $213 instead of $123), multiplier (charged $200
instead of $20), and double billing (received two charges for $35 instead of just one).
It also covers failures to post credits, such as returns, and payments to an account.

There are many valid reasons why a customer may be disputing a charge. Before a
customer calls the credit card company to dispute a charge, however, a real effort
must be made to resolve the dispute directly with the merchant. The consumer must
write to the creditor so that the letter reaches the creditor within 60 days of the first
bill that contains the error. It is important that the customer sends any correspondence
to the creditor by certified mail and keeps the originals of all receipts and a copy of
the dispute letter.

The credit card company must respond to the consumer within 30 days after receiving
the letter, unless the problem has already been resolved. The problem must be
resolved within two billing cycles after receiving the letter.

While the charge is in dispute, the customer can withhold payment for that portion of
your bill; however, he must pay all the remaining charges. The creditor cannot charge
interest or late payment fees on the disputed amount. However, they can apply the
disputed amount against the overall credit limit.

Credit Card Certification Page 42 of 65


Depending on the credit card company, there are slightly different process flows that
are followed. For example, because American Express is both the issuer and
processor, the process is simplified. However, the process is similar no matter who
the creditor is.

3. Merchant
1. Customer 2. Merchant responds and 4. Creditor 5. Merchant
disputes receives the provides decides receives result
charge inquiry supporting resolution
documentation

Fig 9-1 - Dispute Resolution Process

Step 1: The customer disputes the charge. The creditor takes the relevant information
and forwards it to the merchant. The charge in question will be noted on the card-
holder’s account and the merchant will be “charged back” for the amount.

Step 2: The merchant receives the inquiry, either in hard-copy letter form or via
email.

Step 3: The merchant responds to the inquiry. The merchant can issue a full refund,
issue a partial refund or issue no refund. Depending on how the merchant responds
and the supporting documentation that is provided, the credit card company will
either close the inquiry or make a decision.

Step 4: The credit card company may go back to the card-holder to gather additional
information. Once the creditor has all the available information, a final decision will
be made. If the creditor determines that the card-holder is correct (let’s say that the
account was double-charged), the chargeback on the merchants account will stand.
However, if the merchant is found to have correctly charged the account, the
chargeback will be reversed.

Step 5: The merchant receives the result of the inquiry.

9.6. Fraud Management

Another type of credit card dispute relates to an unauthorized use of card. If someone
steals, borrows, or uses a card or the card number without the card-holder’s
permission, it is considered fraud. Credit card fraud is a wide-ranging term for theft
and fraud committed using a credit card or any similar payment mechanism as a
fraudulent source of funds in a transaction. The purpose may be to obtain goods
without paying, or to obtain unauthorized funds from an account. Credit card fraud is
also an adjunct to identity theft.

Fraud, if not recovered, negatively impacts company revenue (the cost of credit card
fraud reaches into billions of dollars annually). Fraud detection and recovery are the

Credit Card Certification Page 43 of 65


two key elements necessary to minimize losses due to fraud. In US, for any fraudulent
activity on the card, the liability lies with the issuer bank and not the customer.

It is in a company and card issuer’s interest to prevent fraud or, failing this, to detect
fraud as soon as possible. Otherwise consumer trust in both the card and the company
decreases and revenue is lost, in addition to the direct losses made through fraudulent
sales.

As soon as a consumer suspects fraud, a call should be made to the creditor to report
it. If the consumer calls before the unauthorized charges have been made, then he is
not liable for any amount that is put onto the card. Typically, the credit card company
will cancel the card and send a new one. If the card-holder calls after unauthorized
charges have been made, then his liability will be limited to $50, no matter how much
has been charged on the card. The consumer has the right to dispute the $50 charge
also. From the merchant’s standpoint, fraud cases take longer to resolve.

There are two broad categories of fraud –


• Identity fraud – occurs when the fraudster uses the identity of someone else to
commit fraud. For instance, an individual applies for an account using someone
else’s information (i.e. identity); this application is fraudulent and all activity on
the account is fraudulent. The following types of frauds can be classified as
Identity fraud –
o Application fraud – such type of fraud occurs when a family member,
roommate etc access an individual’s mail and personal information (i.e.
Social Security Number, Date of Birth, etc) and fills out a credit card
application sent to the individual and then upon receiving the card, uses it
as if he were the true card-holder.
o Account Takeover fraud – occurs when a criminal obtains enough
personal information about an individual to effectively represent the
person with the card issuing bank. For example, the fraudster used the
information to have the address changed and new plastics issued; the card-
holder still has their plastic and may be unaware of the takeover until the
account is over limit.
• Transactional fraud – occurs when fraudulent activity takes place in the form of
unrecognized transactions on the card-holder’s account. A transaction refers to the
exchange of goods or services between the card-holder and the merchant or card
acceptor, e.g. ATM, for an amount, which may be a credit or debit. The following
types of frauds can be classified as transactional fraud –
o Lost and stolen credit cards – This is the most happening fraud activity in
the credit card industry. When a credit card is lost or stolen the criminal
gains direct access to the individual’s credit card account.
o Non-receipt (mail-intercept) Fraud – Such fraud occurs when an
individual’ mail is intercepted by a criminal. To avoid such a fraud, most
issuers have card activation programs requiring customers to call and
authenticate in order to begin purchasing with their card.

Credit Card Certification Page 44 of 65


o Counterfeit cards fraud – A counterfeit card is created when a criminal
gains possession of a valid card number. This information can then be
encoded on a blank card’s magnetic stripe or manually changed on the
face of a stolen plastic. For example, the customer sees a charge on his
statement that he did not authorize; he is in possession of his card, but the
transaction indicates that the card was physically swiped.
o Mail Order/Telephone Order (MOTO) fraud – Unauthorized charges have
been made via mail order, telephone order, catalogue sales, or online. All
fraudulent transactions on this account must be MOTO for the fraud type
to be MOTO. The card-holder probably has his plastic, but someone has
gotten their account number and made unauthorized charges to the
account.
o Skimming - Skimming is the theft of card information used in an
otherwise legitimate transaction. It is typically an "inside job" by a
dishonest employee of a merchant, and can be as simple as photocopying
of receipts and noting down the 3 or 4 digits CVV2 code. In more
complex schemes, the skimmer can put a device over the card slot of an
ATM, which reads the magnetic strip as the user unknowingly passes the
card through it; and use the device in conjunction with a pinhole camera to
read the user's PIN at the same time. Detecting skimming is difficult for a
typical card-holder, but fairly easy for a bank (provided the bank has a
fairly large sample) – the bank collects a list of all the card-holders who
have complained about fraudulent transactions, and then uses data mining
techniques to discover relationships among the card-holders and the
merchants they use. For example, if many of the customers used one
particular merchant, that merchant's terminals can be directly investigated.
Sophisticated algorithms can also search for known patterns of fraud.
Merchants must ensure the physical security of their terminals, and
penalties for merchants can be severe in cases of compromise, ranging
from large fines to complete exclusion from the card processing system.
o Carding - a term used for a process to verify the validity of stolen card
data. The thief presents the card information on a website that has real
time transaction processing; if the card is processed successfully, the thief
knows that the card is still good (the specific item purchased is immaterial;
if a purchase is actually made, it is usually for a small monetary amount,
both to avoid using the card's credit-limit, and also to avoid attracting
attention. In most cases, the thief does not need to purchase an actual
product; a website subscription or charitable donation would be
sufficient). A website known to be susceptible to carding is known as a
cardable website. While in the past, carders used computer programs
called ‘generators’ to produce a sequence of credit card numbers, and then
test them to see which accounts were valid, these days, carding is typically
used to verify credit card data obtained through other means. A set of
credit card details that has been verified in this way is known as a phish. A
carder will typically sell data files of phish to other individuals who will
carry out the actual fraud; market price for a phish ranges from a dollar to

Credit Card Certification Page 45 of 65


up-to fifty dollars depending on the type of card, freshness of the data and
credit status of the victim.

The diagram below shows the flow of information for a typical fraud reporting set-up.

Help Desk

Worldwide
Card Member Processing Centres

Fraud Dept
Fig 9-2 - Fraud Reporting Set-up

Fraud detection is a proactive defense for identifying and preventing fraud. There
are third party applications containing customized rules, which are used internally to
score each authorization in real time or in batch to determine fraud risk. This is a
proactive approach to fraud detection and defense (prevent). Fraud is detected early
via patterns and contact with the card-holder. If warranted to prevent further activity,
the account may be restricted automatically. If the score indicates high risk, a case is
generated and an associate contacts the customer to determine if fraudulent activity
has occurred or is occurring. If the customer doesn’t recognize the transaction that
means a fraud has happened and recovery case is created for the account. The card-
holder is issued a new plastic and all the good transactions are transferred to the new
account. The fraud transactions are not transferred as the card-holder is not
responsible for the same. The priority of the case is based on the score. The higher
priority cases are always worked first in order to minimize the losses of the issuer
bank.

Prevention of Transaction fraud – fraud risk is determined based on authorization


score. The more the score there is more risk of fraud. Scoring is done based on
various parameters like authorization amount, the spending patterns, location of the
transaction, available credit limit etc.

Credit Card Certification Page 46 of 65


For example, if a card-holder is based in Virginia and he normally purchases
groceries and other items in one of the cities. The spending pattern is such that he
does not spend on large-ticket transactions like jewelry. At the same time if there is a
transaction of $5000 at jewelry store in California utilizing almost 90% of credit
limit, then there is a possibility of fraud on the account. A decision case is created and
if the associate decisions this case as fraud then a recovery is created.

Prevention of Identity fraud – this can be prevented at the time of credit card
application itself. When a person applies for the credit card, the issuer first verifies his
credit report. The date of birth, phone number, address, etc entered in the application
is compared with the report. If there is a mismatch, then a decision case is created.
The associate/agent calls up the customer who has applied to verify his identity to
make sure that the person who has applied is the right one. Identity frauds are also
common within a family.

For Identity fraud prevention the issuer always make sure that they issue the card to
the correct person and if in doubt, they verify all the necessary documents.

Identity fraud if not prevented can cause very big losses for the issuer bank. The
fraudster might initially pay in regularly for months and when he gets an increase in
credit he might in one go utilize the entire credit limit and never pay.

Fraud recovery is an attempt to minimize losses due to fraud that has already
occurred. To recover from fraud it is important to determine the category of fraud that
is suspected. After the fraud has occurred, there are four possible resolutions for a
fraudulent transaction –
• Charge-off – Issuer cannot recover the amount and reports it as a loss. The
transaction is considered unrecoverable.
• Chargeback – Issuer recovers the full or partial amount of the transaction by
sending the merchant a chargeback if the merchant failed to follow procedure
defined by the network. The merchant may dispute this and represent the
transaction.
• Rebill card-holder – Issuer determines that the card-holder is responsible for the
transaction; issuer rebills the card-holder for the amount of the transaction (when
the fraud was originally reported the card-holder received credit for the amount of
the transaction).

Credit Card Certification Page 47 of 65


10. Regulations in the Cards Industry
Cards Industry formed its place through Banks and Credit Card companies. Hence the
regulations for cards were gradually added to those already mentioned for Banks,
Card companies and other trades.

There are several Regulators in US which control Cards Industry. Some of these are –
• Board of Governors of the Federal Reserve (the “Fed”)
• Office of the Comptroller of the Currency (“OCC”)
• Office of Thrift Supervision (“OTS”)
• Federal Deposit Insurance Corporation (“FDIC”)
• Federal Trade Commission (“FTC”)
• Direct Marketing Association (“DMA”)
• Better Business Bureau (“BBB”)

Regulations are more or less same in entire US with minor differences as imposed by
state or local bodies.

10.1. Fair Credit Billing Act

Federal Trade Commission (FTC) has come up with Fair Credit Billing Act (FCBA)
to regulate "open end" credit accounts, such as credit cards, and revolving charge
accounts - such as department store accounts. It does not cover installment contracts -
loans or extensions of credit.

The FCBA settlement procedures apply only to disputes about "billing errors". For
example:
• Unauthorized charges. Federal law limits consumer’s responsibility for
unauthorized charges to $50;
• Charges that list the wrong date or amount or are mathematically incorrect;
• Charges for goods and services you didn't accept or weren't delivered as agreed;
• Failure to post payments and other credits, such as returns;
• Failure to send bills to consumer’s current address - provided the creditor receives
change of address, in writing, at least 20 days before the billing period ends;
• Charges for which consumer ask for an explanation or written proof of purchase
along with a claimed error or request for clarification.

Disputes about the quality of goods and services are not "billing errors", so the
dispute procedure does not apply. However, if you buy unsatisfactory goods or
services with a credit or charge card, you can take the same legal actions against the
card issuer as you can take under state law against the seller.

Reporting and resolving billing error

Credit Card Certification Page 48 of 65


In case of any billing error identified in FCBA, consumer must:
• write to the creditor at the address given for "billing inquiries" (not the address for
sending payments) and include his name, address, account number and a
description of the billing error
• send this letter so that it reaches the creditor within 60 days after the first bill
containing the error was mailed to consumer (card-holder is advised to keep a
copy of this letter, sales slips or other documents with him)

The creditor must acknowledge consumer’s complaint in writing within 30 days after
receiving it, unless the problem has been resolved. The creditor must resolve the
dispute within two billing cycles (but not more than 90 days) after receiving
consumer’s letter.

During this time, consumer may withhold payment on the disputed amount (and
related charges). Although he must pay any part of the bill not in question, including
finance charges on the undisputed amount. The creditor may not take any legal or
other action to collect the disputed amount and related charges (including finance
charges) during the investigation. While consumer’s account cannot be closed or
restricted, the disputed amount may be applied against your credit limit. The creditor
may not threaten consumer’s credit rating or report him as delinquent while his bill is
in dispute. However, the creditor may report that consumer is challenging the bill;
which, by the way, won’t affect consumer’s credit.

Other billing rights


Businesses that offer "open end" credit also must:
• Send consumer’s bill at least 14 days before the payment is due.
• Credit all payments to consumer’s account on the date they're received, unless no
extra charges would result if they failed to do so.
• Promptly credit or refund overpayments and other amounts owed to consumer’s
account.

Consumer can even sue a creditor who violates the FCBA. If consumer wins, he may
be awarded damages, plus twice the amount of any finance charge - as long as it's
between $100 and $1,000. The court also may order the creditor to pay consumer’s
attorney's fees and costs.

Similar restrictions apply for debit card transactions between consumer and issuing
banks.

10.2. Fair and Accurate Credit Transactions Act

Identity theft occurs when someone uses your personally identifying information, like
your name, Social Security number, or credit card number, without your permission,
to commit fraud or other crimes.

Credit Card Certification Page 49 of 65


Fair and Accurate Credit Transactions Act of 2003 (FACTA)’s Sections 114 and 315
provide guidelines to detect possible Identity Theft, so called “Red Flags”. It also
induces the need to reconcile address discrepancies. Red Flag, as proposed, is defined
as a pattern, practice, or specific activity that indicates the possible risk of identity
theft. Some of the events that can be considered as source to set Red Flags for the
suspected consumer account are –
• A consumer fraud alert or active duty alert
• Any account that would adversely affect a consumer’s credit standing should be
considered at risk of identity theft and thus subject to a red flag
• An address discrepancy reported by a consumer reporting agency
• A consumer’s communication with the financial institution or creditor about
attempted or actual identity theft should always be a red flag
• A company’s knowledge of a security breach within its own confines or that of an
affiliate with which the company has shared customer data
• Attempts to open a new account with altered documents
• Suspicious actions by employees such as downloading customer account
information or being added to a customer account

Additionally,
• Notice from the customer or others that a credit or debit card has been lost or
stolen
• Notice that the consumer’s information may have been lost or stolen through a
data security breach
• An address discrepancy on a credit application sent by a consumer in response to
a company’s solicitation generated by credit report prescreening or other
marketing lists
• Alerts distributed by government, trade associations, or media reports about
recent trends in identity theft
• A creditor or financial institution learns that its business identity has been
fraudulently used to obtain personal information, such as in phishing schemes

Apart from all these, preventing Identity theft is the prime responsibility of consumer
by himself.

10.3. Anti Money Laundering Regulations

Anti-money laundering (AML) is a term mainly used in the financial and legal
industries to describe the legal controls that require financial institutions and other
regulated entities to prevent or report money laundering activities

What is Money Laundering?

Credit Card Certification Page 50 of 65


Definition: Money laundering is the criminal practice of processing ill-gotten gains,
or “dirty” money, through a series of transactions; in this way the funds are “cleaned”
so they appear to be proceeds from legal activities. The objective of the launderer is
to hide the ownership and source of funds.

Stages: Money laundering can occur in 3 distinct stages: placement of cash into the
financial system, layering transactions to obscure the origin of funds and integration
to create the appearance of legitimacy through additional transactions.

Terrorist financing: AML efforts have begun to focus on terrorist financing, where
funds derived from both legitimate activities (such as charitable donations) and illegal
activities (such as credit card fraud) are used to support ideological objectives and
finance terrorism.

Role of Financial Service Industry: As gatekeepers to the financial system, financial


services industry can detect, interdict, prevent and disrupt money laundering. In
addition fighting money laundering and terrorist financing helps to preserve a
financial institution’s safety and soundness and its reputation.

The Office of Foreign Assets Control (OFAC): a part of the U.S. Treasury
Department, OFAC administers and enforces economic and trade sanctions. The
OFAC regulations require financial institutions to identify any transaction and
property subject to economic sanctions. Once identified, the transaction or asset must
be frozen or, in some cases, rejected. The financial institution is then required to
advise OFAC of the blocked asset or rejected transaction. The Canadian equivalent is
known as Office of the Superintendent of Financial Institutions (OSFI).

Anti Money Laundering Regulations


Two main regulations provide the legislative foundation for anti-money laundering
activities

10.4. Bank Secrecy Act – Financial Record Keeping

The Bank Secrecy Act of 1970 (BSA, or otherwise known as the Currency and
Foreign Transactions Reporting Act) requires U.S.A. financial institutions to assist
U.S. government agencies to detect and prevent money laundering. Specifically, the
act requires financial institutions to keep records of cash purchases of negotiable
instruments, file reports of cash transactions exceeding $10,000 (daily aggregate
amount), and to report suspicious activity that might signify money laundering, tax
evasion, or other criminal activities. It was passed by the Congress of the United
States in 1970. The BSA is sometimes referred to as an "anti-money laundering" law
("AML") or jointly as “BSA/AML”.

The BSA regulations require all financial institutions to submit the following reports
to the government –

Credit Card Certification Page 51 of 65


• Currency Transaction Report (CTR) – A report filed with the Internal Revenue
Service (IRS), which provides details of cash transactions in excess of $10,000
during the same business day (the amount over $10,000 can be either from one
transaction or a combination of cash transactions).
• Report of International Transportation of Currency or Monetary Instruments
(CMIR) - Each person (including a bank) who physically transports, mails or
ships, or causes to be physically transported, mailed, shipped or received,
currency, traveler’s checks, and certain other monetary instruments in an
aggregate amount exceeding $10,000 into or out of the United States must file a
CMIR
• Suspicious Activity Report (SAR) - Any cash transaction where the customer
seems to be trying to avoid BSA reporting requirements (e.g., CTR, MIL). A SAR
must also be filed if the customer's actions indicate that s/he is laundering money
or otherwise violating federal criminal law. The customer must not know that a
SAR is being filed. These reports are filed with the Financial Crimes Enforcement
Network ("FinCEN").

10.5. USA PATRIOT Act

The USA PATRIOT Act (commonly known as the Patriot Act) was signed into law
on October 26, 2001. The complete name is Uniting and Strengthening America by
Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of
2001.

It has ten titles, each containing numerous sections. Title III: International Money
Laundering Abatement and Financial Anti-Terrorism Act of 2001 is actually an act in
its own right as well as being a title of the USA PATRIOT Act, and is intended to
facilitate the prevention, detection and prosecution of international money laundering
and the financing of terrorism. The title's sections primarily amend portions of the
Money Laundering Control Act of 1986 and the Bank Secrecy Act of 1970.

USA PATRIOT Act requires that every financial institution collect Name, date of
birth, SSN, and physical address for each new customer. It also requires financial
institutions to verify the information they give from a third-party source.

There are several sections that establish special measures that financial institutions
must undertake –
• Section 312 – Established Enhanced Due Diligence with respect to Private Bank
Accounts and Foreign Correspondent Accounts
• Section 313 – Prohibits transactions with “Shell Banks” (financial institutions that
do not have a physical presence in any country)
• Section 314 – Facilitates information sharing between law enforcement and
financial institutions

Credit Card Certification Page 52 of 65


• Section 319 – Requires financial institutions to make records available within
specific timeframes to law enforcement and regulatory agencies.
• Section 326 – Customer Identification Requirements for all new accounts opened
after October 1, 2003
• Section 327 – Requires Regulatory Agencies to consider the effectiveness of a
financial institution’s AML compliance program when acting on an application
• Section 352 – Required financial institutions implement the 4 pillars of an
“effective anti-money laundering program” –
o Designation of a responsible person
o A system of internal controls
o An effective training program
o Independent review to test the program

10.6. Privacy Regulations

Even though by definition, most countries treat privacy as the rights of individuals
and not institutions, given that governments and other organizations collect vast
amounts of personal information for a variety of purposes, privacy laws limits how
these organizations can collect and use this information.

The Fair Information Practice Principles form the basis for many privacy laws in
countries across the world. These principles are –
• Openness - There should be a general policy of openness about the practices and
policies with respect to personal information. Generally, the publication of the
privacy policy is an outcome of this aspect.
• Collection Limitation - Personal information should be collected only for a
stated purpose by lawful and fair means and with the knowledge or consent of the
subject. The options of opt-in and opt-out are a result of such a principle.
• Purpose Specification - The purpose for collecting personal information should
be specified at the time of collection. Further uses should be limited to those
purposes. E.g., when an opt-in is provided, it has to be associated with a stated
purpose such as sharing with commerce partners or for newsletters or sending in
additional product information.
• Use Limitation - Personal information should not be used for purposes other than
those specified, except with the consent of the subject or by the authority of law.
E.g., if a personal email address is collected for sending in a newsletter, the email
address must not be used to send in additional product information, etc. without
the consent of the individual.
• Data Quality - Personal information should be accurate, complete, timely, and
relevant to the purpose for which it is to be used. This is an important principle in
areas where critical decisions such as healthcare decisions or financial decisions
about an individual are made. Only the reliable information should be used for
such purposes.

Credit Card Certification Page 53 of 65


• Individual Participation - Individuals should have the right to inspect and
correct their personal information.
• Security Safeguards - Personal information should be protected against such
risks as loss, unauthorized access, destruction, modification, or disclosure.
• Accountability - Someone in an organization should be held accountable for
compliance with the organization’s privacy policy.

10.7. Gramm-Leach-Bliley Act

Gramm-Leach-Bliley Act (GLBA) is the main privacy regulation in the US.

It defines a ‘consumer’ as "an individual who obtains, from a financial institution,


financial products or services which are to be used primarily for personal, family, or
household purposes, and also means the legal representative of such an individual".
A ‘customer’ is a consumer that has developed a relationship with privacy rights
protected under GLBA. A ‘customer’ is not someone using an automated teller
machine (ATM) or having a check cashed at a cash advance business. These are not
ongoing relationships like a ‘customer’ might have; i.e. a mortgage loan, tax advising,
or credit financing. A business is not an individual with personal nonpublic
information, so a business cannot be a customer under GLBA. A business, however,
may be liable for compliance to GLBA depending upon the type of business and the
activities utilizing individual’s personal nonpublic information.

GLBA compliance is mandatory - whether a financial institution discloses nonpublic


information or not, there must be a policy in place to protect the information from
foreseeable threats in security and data integrity. Major Components put into place to
enforce this are –
• Financial Privacy Rule - requires financial institutions to provide each consumer
with a privacy notice at the time the consumer relationship is established and
annually thereafter. The privacy notice must explain the information collected
about the consumer, where that information is shared, how that information is
used, and how that information is protected. The notice must also identify the
consumer’s right to opt-out of the information being shared with unaffiliated
parties per the Fair Credit Reporting Act. Should the privacy policy change at any
point in time, the consumer must be notified again for acceptance. Each time the
privacy notice is re-established, the consumer has the right to opt-out again. The
unaffiliated parties receiving the nonpublic information are held to the acceptance
terms of the consumer under the original relationship agreement. In summary, the
financial privacy rule provides for a privacy policy agreement between the
company and the consumer pertaining to the protection of the consumer’s
personal nonpublic information.
• Safeguards Rule - The Safeguards Rule requires financial institutions to develop
a written information security plan that describes how the company is prepared
for, and plans to continue to protect clients’ nonpublic personal information. The

Credit Card Certification Page 54 of 65


Safeguards Rule also applies to information of those no longer consumers of the
financial institution. This plan must include:
o Denoting at least one employee to manage the safeguards,
o Constructing a thorough risk management on each department handling
the nonpublic information,
o Develop, monitor, and test a program to secure the information, and
o Change the safeguards as needed with the changes in how information is
collected, stored, and used.
This rule is intended to do what most businesses should already be doing: protect
their clients. The Safeguards Rule forces financial institutions to take a closer
look at how they manage private data and to do a risk analysis on their current
processes. No process is perfect, so this has meant that every financial institution
has had to make some effort to comply with GLBA.
• Pretexting Protection - Pretexting (sometimes referred to as "social
engineering") occurs when someone tries to gain access to personal nonpublic
information without proper authority to do so. This may entail requesting private
information while impersonating the account holder, by phone, by mail, by email,
or even by "phishing" (i.e., using a "phony" website or email to collect data).
GLBA has provisions that require the financial institution to take all precautions
necessary to protect and defend the consumer and associated nonpublic
information. GLBA makes pretexting illegal and punishable.

Under GLBA, financial institutions must provide their clients a privacy notice that
explains what information the company gathers about the client, where this
information is shared, and how the company safeguards that information. This
privacy notice must be given to the client prior to entering into an agreement to do
business. There are exceptions to this when the client accepts a delayed receipt of the
notice in order to complete a transaction on a timely basis. This has been somewhat
mitigated due to online acknowledgement agreements requiring the client to read or
scroll through the notice and check a box to accept terms.

The privacy notice must also explain to the customer the opportunity to ‘opt-out’ (the
client can say "no" to allow his information to be shared with affiliated parties). The
Fair Credit Reporting Act is responsible for the ‘opt-out’ opportunity, but the privacy
notice must inform the customer of this right under GLBA. The client cannot opt-out
of –
• information shared with those providing priority service to the financial institution
• marketing of products or services for the financial institution
• when the information is deemed legally required

Violation of GLBA may result in a civil action brought by the US Attorney General.
The penalties include civil penalty of not more than $100,000 for each violation to the
financial institution as well as the officers and directors of the financial institution.

Credit Card Certification Page 55 of 65


11. Recent Trends in the Cards Industry
Cards industry is one of the most dynamic industries in the payments space. There
have been a number of recent developments which are changing the industry and
have the potential to change the industry in next few years. This section covers some
such changes which include online usage of cards and its impact on identity
protection and privacy, and new products like smart cards, contactless cards,
decoupled debit cards and payments through cellular phones.

11.1. Online Usage of Cards

Internet has revolutionized the way people and businesses interact. Today we buy
books, music and groceries, arrange travel plans, trade stocks and sign-up for e-
newsletters simply by logging on to the Internet. E-shops or virtual shops that existed
only on the internet have revolutionized the commerce with online credit card
payment-acceptance ability and real time processing.

Real time processing allows the vendor to accept credit card payments instantly and
to have the funds credited to his/her account online. For this, the vendor needs to have
a security-enabled shopping cart, an internet merchant account and a payment
gateway provider. The typical steps involved in an online shopping include –
1. The buyer goes to the vendor’s website and inputs his/her credit card information
to pay for goods and services.
2. The security-enabled shopping cart captures the information and sends it to the
payment gateway.
3. The payment gateway service sends the data to the fraud verification service to
make sure the card is not reported as stolen and to the processor to confirm funds
available.
4. Once approved, the gateway sends the information to the processor who settles
the corresponding debits and credits to the vendor and buyer.

Setting up online transactions can be expensive for small and medium enterprises –
this has given rise to third party vendors (e.g., PayPal) who can receive online credit
card payments on behalf of the merchant at an additional fee per transaction.

Identity protection in online usage


One of the pitfalls of online credit card usage is the possibility of online credit card
fraud. There are primarily two types of fraud –
• The first one is related to the company, on whose website you made online credit
card payment for purchase of goods; this company itself could be fraudulent i.e. it
could take the online credit card payment from you but not deliver the goods to

Credit Card Certification Page 56 of 65


you. Moreover, they could use the details of your credit card (received through
the filling up of online credit card payment form by you) for fraudulent purposes.
• The second type of fraud is committed by fraudsters who use various software
/devices to capture the details of online credit card payments (as you enter them
on the online credit card payment form of a website). These software are
popularly known as spyware and these fraudsters as online spies. The spyware
works by capturing keystrokes or taking screenshots of whatever you do on your
computer and then passes it on to the spy. However, there are anti-spyware
software available which can be used to counter such spyware.

With more and more transactions going the online way, card-holders are advised to
follow some basic precautions to make online usage convenient and secure --
• Shop only at Internet merchants you know and trust.
• Don't be pushed or rushed into buying an item, especially by "limited supply" or
"time limit" warnings. Use common sense - apply the same discretion online as
you would when shopping for something in a mall.
• Make sure the merchant has a secure transaction system before providing credit
card or other sensitive information.
• It may make sense to have a single credit card, with a lower credit limit, dedicated
for online purchases you might make. In doing so, losses will be kept to a
minimum if you are ever defrauded. Plus you'll also know that it was an online
purchase that led to the fraud.
• Clear the cache of your browser after visiting secure sites. This will ensure that
nobody else can view any confidential information you may have transmitted.
• If you think you've given credit card or banking information to a fraudulent site,
immediately notify your Credit Card Company and/or financial institution.

11.2. Smart Cards

Smart card is a plastic card embedded with a chip which can process information. A
regular credit card stores its data on a magnetic stripe that must be physically swiped at a
point of sale terminal. A smart card, on the other hand, stores its data on a microchip
embedded in the card's plastic; information about the card is read from the chip when the
card is inserted in a card reader.

First introduced in Europe over a decade ago, smart cards debuted as a stored value tool
for pay phones to reduce theft. In 1993, the international payment brands Europay,
MasterCard and Visa (EMV) worked together to develop the specifications for the use of
smart cards as payment cards (debit or credit card).

Smart cards are widely used in Europe and Asia in several key applications, including
healthcare, banking, entertainment and transportation.

Credit Card Certification Page 57 of 65


Fig 11-1 - A typical Smart-card and a Smart-card Reader

While smart cards suffer from higher failure rates (the embedded chip sometimes
damaged when the plastic card is roughly handled or carried in the wallet), they offer the
following advantages –
• Smart cards are more secure as compared to the ordinary credit cards having
magnetic stripe. It has helped reduce the fraud especially in counterfeit, lost and
stolen card cases.
• The chips in smart cards are same as the SIM cards (Subscriber Index Module cards
used in mobiles phones), just programmed differently. This allows the card terminals
to become smaller and cheaper. This is also expected to fulfill the vision of equipping
every home PC with a card reader and software to make internet shopping more
secure.

11.3. Contactless Cards

Fig 11-2 - Contactless Cards

Credit Card Certification Page 58 of 65


Fig 11-3 - Contactless Card Reader

Contactless cards are smart cards that employ a radio frequency (RFID) between card
and reader to transmit data without physical insertion of the card. The microchip in
the card is fitted with a radio antenna that is capable of transmitting the card's data to
a card reader. While in ordinary credit card the card needs to be swiped at the point of
sale terminal; in case of a contactless card, the card-holder needs to hold or wave the
card in front of the secure reader. Most contactless cards have a magnetic stripe as
well, so they can also be used at checkouts not yet equipped with the RFID readers.

Contactless credit cards are introduced to persuade consumers to use plastic at places
that have traditionally been cash-intensive. Contactless payments offer speedy and
convenient checkouts resulting in moving queues (Visa, MasterCard, and American
Express have all enacted rules that dispense with the requirement for a signature for
most purchases under $25.00, making the transaction even faster). To make a
purchase, the card owner just waves his card over the RFID reader, waits for the
acceptance indicator - and goes on his way. The numbers below give us an idea about
the approximate average transaction speeds using different transaction speeds –
• Contactless credit card transaction: 15 seconds
• Magnetic strip card transaction: 25 seconds
• Cash transaction: 34 second

In case of contactless cards, the card never leaves the card-holder's hand, thereby
increasing security. The account number that is transmitted by the contactless card is
only good for RFID transactions. It is different than the actual credit card number,
making it difficult for a savvy thief to go on a shopping spree with any data stolen
from an RFID transaction.

Credit Card Certification Page 59 of 65


However, contactless cards are more exposed than regular credit cards.
If you want to keep your credit card secure, you could keep it safely in an enclosed
wallet or purse; thieves would have absolutely no way to even know if you have a
credit card. However, a thief armed with a suitable reader, within a few feet of you,
would be able to interrogate all of the cards in your wallet or purse without your
knowledge. These concerns have, of course, been carefully noted by credit card
companies. The RFID chip in the contactless credit card responds to the merchant
reader with a unique number used for that transaction only; it does not simply
transmit the consumer's account number. This number is also encrypted.

Reasonable success of contactless cards at selected convenience stores, gas stations,


movie theaters, and quick service restaurants has given confidence to card
associations and issuers to expand their usage at other places. Some of the prominent
examples of contactless cards are PayWave from Visa, PayPass from MasterCard,
ExpressPay from American Express and Blinko from Chase.

11.4. Decoupled Debit Cards

Debit cards are mostly issued by the financial institutions holding the demand deposit
account (DDA) (also known as checking account). Until recently, it was nearly
impossible for any financial institution lacking the checking accounts to issue debit
cards.
Decoupled debit card (DDC) is Capital One’s new payment product that was
launched to issue MasterCard branded debit cards to customers holding checking
accounts at other financial institutions. It supports both PIN and signature transactions
and can be used at all the places including ATMs where MasterCard, Maestro and
Cirrus cards are accepted. DDC rewards are much more in value than other debit card
product rewards and are key attraction for customers. DDC business model is
supported by NACHA’s (The Electronic Payments Association) Automated Clearing
House (ACH) network. Customer’s transaction at the point of purchase is authorized
by the debit card issuer, which then creates an ACH to debit the amount from the
card-holder’s bank account.

Contrary to the traditional debit card where a transaction is only authorized if the
funds are available in the account, a DDC transaction is authorized without verifying
the available balance in the account. The payment is initiated via ACH after some
time lag thus allowing an opportunity for fraud. To reduce the risk of frauds Capital
One has set daily limit on the total transaction amount.

11.5. Mobile Payment Systems

Credit Card Certification Page 60 of 65


In countries where the cards infrastructure is not extensive, mobile payments have
evolved. These mobile payments systems are supported by the already existing
telecom infrastructure.

In rural areas of developing countries like India and China, the growing middle
class’s reliance on cash as a mode of payment has made it difficult for consumers to
spend and retailers to sell. These countries can’t afford to set up the expensive
magnetic stripe or smart card infrastructure in a short duration. However existing
mobile Short Message Service (SMS) network could be quickly and cheaply
deployed to provide an SMS-based payment system. In this system, the customer
sends an SMS message specifying the mobile phone number of the payee and the
amount to transfer, along with a personal identification number (PIN). Almost
instantaneously, the payee and payer both receive a confirmation message by SMS
and the money is moved to the designated account.

An alternative mobile payments solution which is gaining exposure around the world
is one in which a chip is inserted in the mobile phone and payment is made by
tapping the phone in front of the reader. For example, Canada has recently introduced
a system that allows a transaction to be completed using a mobile phone with Near
Field Communication (NFC) chips and a contactless reader that will enable users to
make purchases just as they would with a contactless payment card.

Credit Card Certification Page 61 of 65


Appendix 1 - Further Reading

• For guidelines from FTC to Deter, Detect and Defend Identity theft –
o http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/deter.html
o http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/detect.html
o http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/defend.html

• For details on online usage of cards –


o http://www.td.com/security/smartonline.jsp

• To find out more about the Fair Credit Billing Act (FCBA), visit the Federal
Trade Commission’s website at –
o http://www.ftc.gov/bcp/conline/pubs/credit/fcb.shtm

• Wikipedia –
o http://en.wikipedia.org

• For the US Regulators which control Cards Industry –


o Board of Governors of the Federal Reserve -
http://www.federalreserve.gov/
o Office of the Comptroller of the Currency - http://www.occ.treas.gov/
o Office of Thrift Supervision - http://www.ots.treas.gov/
o Federal Deposit Insurance Corporation - http://www.fdic.gov/
o Federal Trade Commission - http://www.ftc.gov/
o Direct Marketing Association - http://www.the-dma.org/
o Better Business Bureau - http://www.bbb.org/

Credit Card Certification Page 62 of 65


Appendix 2 - Glossary of Terms

Term Meaning
3V A Visa branded stored value card available in some
European countries (UK, Germany, Spain and Ireland)
Acquirer An acquirer is a member of MasterCard and/or Visa
which maintains merchant relationships and receives all
bankcard transactions from the merchant.
Annual Fees Fees / Charges imposed by Credit card company on
consumer for using the facility of Credit card.
Association An organized body of card companies / banks that allow
customers of mutual banks / companies use their
services to provide extended network
Authorization Process of mapping credit to consumer in order to allow
consumer for legal transactions.
Card-holder Owner of the card.
Carte Blanche card An upscale charge card from Diners’ Club
Chargeback A chargeback occurs when a consumer requests a refund
from their credit or debit card company.
Charge-off A charge-off is considered to be "written off as
uncollectible."
Clearing Clearing denotes all activities from the time a
commitment is made for a transaction until it is settled.
Credit Limit A credit limit is the maximum amount of credit that a
financial institution or other lender will extend to a
debtor for a particular line of credit.
Credit Period The length of time for which a firm's customer is
granted credit.
CVV Card Verification Value, also known as Card Security
Code, a security feature for credit cards. This is encoded
on the magnetic stripe of the card and used for
transactions in person.
CVV2 The CVV2 is a 3- or 4-digit value printed on the card or
signature strip, but not encoded on the magnetic stripe.
This is used to secure "card not present" transactions.
Discount Rate The discount rate is a financial concept based on the
future cash flow in lieu of the present value of the cash
flow.
DSA (Direct Selling Agent) DSA manufactures and distributes goods and services
directly to consumers typically through in-home or
person-to-person sales.
EMV A standard for interaction of smart cards and POS
terminals, developed by Europay, MasterCard and Visa
organizations

Credit Card Certification Page 63 of 65


Term Meaning
FICO Score It’s a credit score maintained by Fair Isaac Corporation.
It is a number that is based on a statistical analysis of a
person's credit report, and is used to represent the
creditworthiness of that person.
Grace Period A period of time after a payment due date within which
the fee can be paid without penalty.
Imprinter Small machine that allows using credit/debit card for
billing and prints the bill for shopping.
Interchange Interchange refers to the money paid from the Acquirer
to the debit or credit card issuer for every transaction.
Interchange Fee Interchange fee is the portion of a purchase’s cost that
merchants are charged by banks for processing credit
card transactions.
Issuer Company / Bank that issues the credit / debit card.
IVR Interactive Voice Response System is an alternative
method to process credit cards, check cards and checks
via any touch-tone telephone.
Maestro An international debit and pre-paid card service operated
by MasterCard
Merchant Any wholesale or retail shopkeeper who accepts credit /
debit card to charge his customer for shopping.
Minimum Due An "interest free" minimum amount consumer needs to
pay his credit card issuer.
Network The system that implements the mechanics of the
electronic transactions.
Off-us Cards Cards of mutual banks in the association.
Off-us Merchants Merchants primarily processing off-us cards.
On-us Cards Cards issued and processed by the same firm.
On-us Merchants Merchants primarily processing onus cards.
Open end Credit a consumer credit line that can be used up to a certain
limit or paid down at any time
Over the Limit Charges Charges imposed when customer exceeds the credit limit
by proposed percentage.
PaidByCash Card A stored value card mechanism available in the US that
allows customers to load cash onto an account identified
by a unique card number; once loaded, the customer can
use the card number to pay for a merchandise at any
online retailer that accepts MasterCard.
Penalty Charges Charges imposed when customer fails to pay the credit
bill before due date.
PIN Personal identity number used to authenticate debit card
transaction.
POS Terminal Point of Sale Terminals are the preferred way of
processing credit cards, debit cards, checks, smart chip
cards, electronic benefits transfer (EBT).

Credit Card Certification Page 64 of 65


Term Meaning
Processor Organization that processes the card transactions.
Re-aging The process of re-writing credit history
Receivables Amount that customer owes to the issuer.
Regulators Organization that establishes, monitors, reforms and
enforces regulations in Credit Card Industry.
Revolving charge Same as Open end Credit
Reward Points Rewards offered by issuer to the good customer.
Settlement The process of exchanging the consideration for
financial instruments once a transaction has been
executed
Smart Cards Any pocket-sized card with embedded integrated
circuits which can process information.

Credit Card Certification Page 65 of 65

You might also like