Various financial institutions around the country have experienced counterfeit activity resulting from “PINless” debit transactions, some of which have led to losses in excess of $100,000. PINless debit authorizations involve purchases under $50.00 that do not require consumers to key in a PIN or supply a signature at a point-of-sale device (POS). As EMV technology continues to be adopted by merchants, more and more of them will choose to enable PINless debit transactions, to offer consumer convenience and reduced interchange fee costs, and fraudsters are taking full advantage.
When a merchant allows PINless debit transactions, fraudsters can more easily use stolen card information, since they are not being asked to supply a PIN or any other authentication when making these types of purchases. An account holder’s card may be used multiple times prior to the fraudulent activity being detected. So, fraudsters make numerous PINless transactions and walk away with big rewards.
Here are steps you should take to help mitigate PINless debit fraud exposure:
Confirm that your card processor’s fraud monitoring system recognizes and is paying special attention to PINless debit transactions at the POS, especially recurring transactions at the same location.
Make sure you are not one of the many financial institutions that haven’t signed up for their card processor’s program to monitor PINless debit authorizations.
See if your financial institution can decline all debit authorizations that are conducted without a PIN, and consider disallowing these transactions if this option is in fact permissible.
Check that all networks used for PINless debit authorizations are in place with your card processor, so that you can monitor PINless debit authorizations.
Ensure your fraud monitoring system has strategies in place to help address any uptick in PINless debit fraud exposure.
Connect with you card processor to make sure they have velocity parameters in place for transactions requiring PINless debit authorizations.