Visa, MasterCard take new steps to stop credit card fraud

By Jeremy M. Simon

In their latest attempt to prevent credit card fraud, Visa and MasterCard have begun imposing fines on merchants that have not met the associations' requirements for keeping card transactions secure.  In recent weeks, MasterCard has fined merchants that have failed to meet its rules, while beginning at the end of September 2006, Visa will levy fines of $10,000 to $100,000 a month against the largest U.S. merchants who remain non compliant.

Such fines represent the latest attempt by the credit card and debit card industry to lessen both financial exposure and negative publicity from a series of well-publicized security breaches.  While cardholders generally are not responsible for unauthorized credit card charges, merchants and stores involved with both retail store and online transaction fraud can be held liable.

Rather than fining the merchants directly, Visa and MasterCard penalize those that process the transactions on behalf of merchants -- and who often pass the fines on to their merchant customers.  Visa and MasterCard impose fines for failing to comply with the rules, as well as charging separate fines for non compliant merchants that experience a security breach.     

The two massive card network operators have set comprehensive security rules for merchants, banks, and others who process, store, or transmit cardholder information.  For example, rules state that merchants cannot store data that is contained on a credit card's magnetic stripe, they must take precautions with individuals who have access to computer systems, and they must limit access to cardholder information.

MasterCard noted that the decision to charge fines is taken as a last resort.  According to the card network's chief risk officer, MasterCard is issuing penalties for noncooperation, not for noncompliance.  While MasterCard has been handing down fines for over a year, several industry members commented that the fines appear to have accelerated recently.  These industry members estimate the fines as ranging from $5,000 to $15,000.   

Currently, Visa is focusing its efforts on fining the largest merchants for noncompliance.  Visa counts 334 merchants as its largest, representing almost 50 percent of annual Visa transactions. The card association reported that 20 of them were in violation as of Sept. 22, 2006, and could get hit with fines it they don't comp by month's end. 

Visa says it plans to concentrate on the issue as it relates to certain smaller merchants starting in 2007.  Small merchants may find the security rules somewhat daunting, as they may not be sophisticated about security issues or may not want to spend the funds needed for required computer system upgrades.

Published: November 27, 2006

	Three most recent Legal, regulatory, privacy issues stories: Late on your credit card bill? Your auto could be seized – Credit unions are especially fond of a clause that lets an financial institution seize cars or deposits if loans at the same institution go bad ... Refund anticipation loans coming to an end – After years of soaking consumers with high fees for tax refund anticipation loans, tax preparers are finally closing them down ... Debit card fraud can leave you in the lurch – While consumer protections exist in case your debit card's been hijacked, you can still end up on the hook for fraudulent purchases ...

	CreditCards.com's newsletter Did you like this story? Then sign up for CreditCards.com’s weekly e-newsletter for the latest news, advice, articles and tips. It's FREE. Once a week you will receive the top credit card industry news in your inbox. Sign up now!