FCA and PRA licenses (authorisations) and ongoing compliance support, training, recruitment. Contact us 7 days a week, 8am-11pm. Free consultations. Phone / Whatsapp: +4478 3368 4449 Email: hirett.co.uk@gmail.com
TERMS & ABBREVIATIONS USED
- Compliance laws, rules and standards – HIRETT operations governing laws and other legal acts, HIRETT operations related standards defined by self-regulating institutions, professional conduct standards and codes of ethics and other standards of best practice related with HIRETT activities.
- HIRETT – HIRETT Limited. HIRETT rates – the HIRETT Risk committee approved services price list that is valid at the day the respective operation is carried out.
- HIRETT IS – a set of HIRETT data processing equipment and software
- E-shop – a customer’s – on-line merchant’s site on the Internet, where the Customer offers its goods or services.
- Account Manager – Sales department employee, who is authorised by HIRETT to carry out activities defined in the Procedure.
- AML/RD– HIRETT AML and Risk Department.
- Customer – online merchant, businessman with whom HIRETT concludes or is willing to conclude an agreement on servicing Payment cards on the Internet or person, entity to whom HIRETT is providing its services.
- Agreement – an agreement that is concluded (or to be concluded) between HIRETT and Internet merchant on servicing of Payment cards on the Internet.
- Payment card – payment instrument allowing to pay for goods, services and withdraw cash using special machines (ATM), POS terminals or to make payments on the Internet.
- Payment card user – a private person on whose name the Payment card is issued to.
- Monitoring software – a monitoring software, for example, G2 Web Services, Web Shield etc.
- Current account – a settlement account opened for a Customer in HIRETT in line with the HIRETT.
- Procedure – HIRETT Merchant’s on-boarding procedure.
- International payment organizations – international payment cards organizations VISA International, MasterCard International and others, each or any of these.
1 GOAL
Goal of the Procedure is to define and follow the process of HIRETT related to customers fraud detecting and transaction monitoring by using rules based HIRETT IS, customer educating methods and overall market best practice.
2 OVERALL
Fraud as it is and especially Credit card fraud on the Internet has reached gigantic proportions, and the merchants providing goods and services over the net are suffering tremendous losses through chargebacks from the financial institutions who serve the targeted credit card holders. Merchants who offer a product or service online have to take the risk of losing the cost of the product sold online, plus the added cost of chargeback fees, and they even face the possibility of having their merchant account terminated by the HIRETT serving them.
3 BASIC RULES AND CRITERIA OF MONITORING
The Risk Department monitors the merchant’s processing based on certain criteria and patterns (see Annex 1).
Monitoring is based on the following:
| BASIC TYPE | CRITERIA |
| Declines | The merchants hard declines ratio |
| Chargebacks | Merchants Chargeback ratio |
| Fraud Transactions | Number of transactions listed as fraud the issuing institution (whether authorized or not) |
| Refunds | Number of refunds issued by the merchants with accompanying off setting sales transactions |
| Compliance | The number of Alerts issued by G2 Super Persistent Monitoring |
| Transactional Scrubs | The number of (Ratio) that merchant transactions are being scrubbed vs authorized settled |
| ADDITIONAL TYPE | CRITERIA |
| Average Ticket Over Maximum | The average ticket in any batch exceeds the average ticket established for the merchant |
| Daily Deposit Amount Over Maximum | The amount of deposited tickets exceeds the maximum established for the merchant. |
| Weekly Deposit Amount Over Maximum | The amount of deposited tickets over a seven day processing period exceeds the weekly maximum established for the merchant |
| High Percentage/Count of Chargeback’s | The number of chargeback’s (month to date percentage) exceeds the maximum established for the merchant. |
| High Percentage/Count of Retrievals | The number of retrievals (month to date percentage) exceeds the maximum established for the merchant |
| Multiple Authorizations for the same credit card | The total number of authorization attempts for a single credit card exceeds the maximum established for the merchant. |
| Declined Daily Authorization Percentage Over Maximum | The percent of authorization declines for one day exceeds the maximum established for the merchant |
| Total Daily Authorizations Over Maximum | The total number of authorization attempts, in a day, exceeds the maximum established for the merchant. In addition to the number of authorizations, the decreasing dollar amount of authorizations and the time frame from the previous authorization will also be reviewed. |
| Credit Card Duplicated in Batch | The number of times the same credit card number appears in a batch exceeds the maximum established for the merchant. |
| Same Credit Card and Amount Duplicated in Batch | The same credit card number ran for the same amount that appears in a batch exceeds the maximum established for the merchant |
| Same Amount in Batch | The percentage of tickets with the same amount in a batch exceeds the maximum established for the merchant |
| Even Amount of Transactions | Transactions that are even amounts exceeds the maximum established for the merchant |
| Even Batch Amount | Batches that are even amounts exceeds the maximum established for the merchant. |
| Excessive Credit/Return Amount Percentage | The amount of returns (credits) exceeds the maximum established for the merchant |
| Excessive Credit/Return Count Percentage | The number of returns to sales exceeds the maximum established for the merchant. |
| First Deposit Processed | The first batch processed |
| First Deposit in over 6 months | The first batch processed after merchant has been inactive for over 6 months |
| Excessive number of Forced/TKTO’s | The number of ticket‐only’s in a batch exceeds the maximum established for the merchant. (# of no authorisations) |
| Inactive Merchant Open 3 months or more | A new merchant that has been open for 3 months or more without any processing |
| Average Ticket of $500.00 or More | Any average ticket of $500.00 or more is reviewed |
| Credits/Returns of $1,000.00 or More | Any return of $1,000.00 or more is reviewed |
| Sales of $2,500.00 or More | Any sale of $2,500.00 or more is reviewed |
| Usage of 3D Secure, AVS and CVV2 (Fraud Controls) | Merchants processing reviewed in accordance with their stated usage of 3D Secure, AVS, CVV/CVC/CID and Fraud Controls per the MOTO/E‐Commerce Form |
| Increased Average Ticket/Increased Processing Volume/Increased Number of Credits/Returns and Chargeback’s | Any increase from the previous month of the average ticket, processing volume or number of credits or chargeback’s are reviewed. |
| Negative Batches | All negative batches are reviewed to ensure that no fraudulent credits are processed. |
| $1.00 Transactions | All $1.00 transactions are review – HIRETT does not allow for sub 1.00 transactions |
| Ticket Exceeds Average Ticket and Ticket Range | Tickets that exceed the average ticket and ticket range established for the merchant are reviewed. |
| Volume Drop | All merchants with a noticeable drop in their volume from month to month or any given timeframe are to be reviewed |
| Volume Spike | All merchants with a noticeable increase in their volume from month to month or for any given timeframe are to be reviewed |
| Fraud Declines | The merchant is monitored on any declines from stolen cards. Further investigation is done to ensure they are being declined and to find out why they might be getting stolen card attempts |
| Transaction from High Risk Countries | All high risk country originating transactions are reviewed
Sanctioned countries originating transactions are declined. |
4 CUSTOMER MONITORING FREQUENCY
Monitoring frequency is defined depending on assigned customer risk rating:
- High Risk customers – monitored on daily bases
- Medium Risk customers – monitored on daily bases
- Low Risk customers – monitored on a weekly basis.
All merchant ratios will be evaluated on a monthly basis. The portfolio, as a whole, will be evaluated monthly, quarterly, and annually to ensure portfolio performance.
5 REPORTS AND TIMING
Daily Merchant Risk Review
Report consists of number of issues identified during the daily monitoring. Reported criteria includes:
- # of merchants reviewed
- # of merchants investigated
- # of merchants called
- Explanation of the issue (from the called merchants)
- Repeat problem merchants and the explanation.
Daily Merchant Tracking Report.
Report consists of the merchant investigated, from the daily monitoring, statement of the issue and the resolution. Weekly report can also be generated.
Declined authorization report
Report consists of portfolio wide declines list. All are vetted for hard declines which are then blacklisted on the portfolio level.
Weekly Chargeback Report
Portfolio wide report disseminated at the merchant level.
6 REPONSIBILITIES
The Directors
Are responsible for establishing and maintaining an effective transaction-monitoring system support and commitment as well for adequate resources to maintain and operate the system.
The AML and Risk Department
Is responsible for monitoring the merchant’s processing to guard against any fraud and loss. The monitoring not only protects the company but also protects the merchant from possible fraud and loss.
AML and Risk department in cooperation with IT department are responsible for regular review and updating of the parameters, rules and criteria used to generate monitoring reports or issue alerts, taking into account the changes in business operations and new fraud typologies.
Any enhancements made to a system should be properly documented and approved by the organization’s management.
Sales department
To prevent possible fraud, threats and violations of legislation and requirements of International Card Organisations, reduce potential fraud and to increase knowledge of e-commerce rules, Account Manager needs to provide Merchant with Educational Material (Annex 6), useful links (Annex 8) and HIRETT Limited Merchants Handsbook and keep informing Merchant in case of any changes and/or updates.
ANNEX 1 – MONITORING SYSTEM RULES AND CRITERIA
| ID | RULE NAME | CONDITIONS | ACTION | Description |
| 1 | Max amount limit in RUB | RUB amount>=200000.00 | NOTIFY | Authorizations with max amount limit in RUB |
| 2 | Max amount limit in GBP | GBP amount>=2054.00 | NOTIFY | Authorisations with max amount limit in GBP |
| 3 | Max amount limit in USD | USD amount>=3304.00 | NOTIFY | Authorizations with max amount limit in USD |
| 4 | Max amount limit in EUR | EUR amount>=2400.00 | NOTIFY | Authorisations with max amount limit in EUR |
| 5 | Max amount limit in PLN | PLN amount>=4000.00 | NOTIFY | Authorizations with max amount limit in PLN |
| 6 | Distinct card Number count for 1D per email | DistinctCardNumberCountFor1DPerEmail>3 | NOTIFY | Authorisations with different cards per email per 1 Day |
| 7 | Sanctioned countries (BIN) | Sanctioned countries (BIN) | DECLINE and NOTIFY | Sanctioned countries (BIN) IRN,IRQ,COK,CUB,LBY,LBR,MMR,SDN,SYR,ROK,COD,CIV,SOM,ERI,GIN,SLE,AFG |
| 8 | Auth. count per cardNumber for 5Min | AuthCountFor5MinPerDepAndCardNum>4 | DECLINE and NOTIFY | 5 authorisations for 5 minutes per card |
| 9 | Auth. count per IP, cardNumber, not 3D for 1D | AuthCountFor1DPerIPAndCardNumberAndDStatus>7 | NOTIFY | Authorisation Count For 1Day Per IP And CardNumber,not 3D>7 |
| 10 | Distinct cardNumber count for 1D per IP | DistinctCardNumberCountFor1DperIP>=3 | NOTIFY | Authorisations with different cards per IP per 1 Day |
| 11 | Sanctioned countries (IP) | Sanctioned countries (IP) | NOTIFY | Sanctioned countries (IP) IRN,IRQ,COK,CUB,LBY,LBR,MMR,SDN,SYR,ROK,COD,CIV,SOM,ERI,GIN,SLE,AFG |
| 12 | Auth. count per Department, Bin, Not 3D for 10Min | AuthCountPerDepartmentBinNot3DFor10Min>5 | NOTIFY | Authorisation Count for 10min Per BIN, not 3D >7 |
| 13 | MCC 7995 departments ISS USA | MCC_7995 and issCountry=USA | DECLINE and NOTIFY | Decline USA BIN authorisations for MCC 7995 |
| 14 | Auth. count per IP, cardNumber, full 3D for 1D | Auth. count per IP, cardNumber, full 3D for 1D>7 | NOTIFY | Authorisation Count per IP and card, full 3D >7 |
| 15 | Auth. count per Department, Bin, Full 3D for 10Min | AuthCountPerDepartmentBinNot3DFor10Min>5 | NOTIFY | Authorisation Count for 10min Per BIN, full 3D >7 |
| 16 | Scoring rules : ISSCountry not equal IPCountry | Scoring rules : ISSCountry not equal IPCountry | SCORING(50) | |
| 17 | Scoring rules : IPCountry in sanctioned countries list | Scoring rules : IPCountry in sanctioned countries list | SCORING(20) | |
| 18 | Scoring rules : ISSCountry not equal BillingCountry | Scoring rules : ISSCountry not equal BillingCountry | SCORING(5) | |
| 19 | Scoring rules : ISS Country not equal Delivery Country | Scoring rules : ISS Country not equal DeliveryCountry | SCORING(5) | |
| 20 | Scoring rules : IP Country in grey countries list | Scoring rules : IP Country in grey countries list | SCORING(10) | |
| 21 | Notify VISA card ECI 7 / 3D Unable to authenticate | Transactions with ECI 7 status | NOTIFY | Notify VISA card ECI 7 / 3D Unable to authenticate |
| 22 | Distinct card numbers with same order description | Distinct card numbers with same order description per1 Day>3 | NOTIFY | Different cards with same order description per 1 Day |
| 23 | Allowed nominals for departments | Allowed nominals for departments | NOTIFY | This rule notify about authorisations with not allowed nominal amounts for merchant |