CCAP outlines card fraud strategies

MANILA, Philippines - The Credit Card Association of the Philippines (CCAP), along with international payment organizations, has intensified its efforts to further raise the awareness of business owners on how to process their credit card transactions securely.

MasterCard Fraud Management Solutions expert Tony Pereira identified several fraud reduction initiatives, which include EMV, Triple Data Encryption Standard (3DES) for POS terminals, PAN truncation and 3D Secure for online transactions.

EMV stands for Europay, MasterCard and Visa, a global standard for inter-operation of integrated circuit cards (IC cards or chip cards) and IC card capable point of sale (POS) terminals and automated teller machines (ATMs), for authenticating credit and debit card transactions.

Pereira said that 3DES mitigates the risk of wire tapping, while PAN truncation reduces the risk of dumpster diving for sensitive card information, and 3D Secure facilitates authentication when transacting online.

He also shared ways for merchants to be compliant with PCI DSS, by checking the level of compliance requirements with their bank credit card issuers as well as doing an end-to-end review of the flow of information to identify where their data are stored.

Merchants must know where their customers’ credit card data are securely stored whether online or offline. 

“You must ensure that your network is well protected by firewalls, Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS). Install good anti-virus software, at a minimum, and scan your external facing IP address every quarter,” the MasterCard expert said at a recent CCAP-sponsored forum.

Visa director for Risk Services Cheng Yew Kuann reminded merchants that they are required to protect cardholder information during a card transaction, information of which would include names, addresses, and account numbers as defined in the country’s data privacy and protection law.

“In using any third parties to handle transaction data, you must ensure those third parties handle that data in compliance with existing laws as well as provisions of your merchant agreement. You’re responsible for the transaction data handling actions of your third party suppliers.” Kuann said in the same forum.

Alex Ilagan, CCAP executive director and spokesperson, said that CCAP as an industry association has the responsibility to educate not only consumers but also merchants on how to properly process credit card transactions.

“The forum is part of the many CCAP initiatives to educate our merchants about their responsibility and how to ensure their customers are safe from any potential fraud or data compromise,” Ilagan said.