(a) In general. Subject to paragraph (b) of this section, an issuer
may receive or charge an amount of no more than 1 cent per transaction
in addition to any interchange transaction fee it receives or charges
in accordance with section 235.3.
(b) Issuer standards.
(1) To be eligible to receive or charge
the fraud-prevention adjustment in paragraph (a) of this section,
an issuer must develop and implement policies and procedures reasonably
designed to take effective steps to reduce the occurrence of, and
costs to all parties from, fraudulent electronic debit transactions,
including through the development and implementation of cost-effective
fraud-prevention technology.
(2) An issuer’s policies and procedures
must address—
(i) Methods to identify and prevent
fraudulent electronic debit transactions;
(ii) Monitoring of the volume and value
of its fraudulent electronic debit transactions;
(iii) Appropriate responses to suspicious
electronic debit transactions in a manner designed to limit the costs
to all parties from and prevent the occurrence of future fraudulent
electronic debit transactions;
(iv) Methods to secure debit card and
cardholder data; and
(v) Such other factors as the issuer considers appropriate.
(3) An issuer must review,
at least annually, its fraud-prevention policies and procedures, and
their implementation and update them as necessary in light of—
(i) Their effectiveness in reducing the occurrence of, and cost to
all parties from, fraudulent electronic debit transactions involving
the issuer;
(ii)
Their cost-effectiveness; and
(iii) Changes in the types of fraud,
methods used to commit fraud, and available methods for detecting
and preventing fraudulent electronic debit transactions that the issuer
identifies from—
(A) Its own experience or information;
(B) Information provided
to the issuer by its payment card networks, law enforcement agencies,
and fraud-monitoring groups in which the issuer participates; and
(C) Applicable supervisory
guidance.
(c) Notification. To be eligible to
receive or charge a fraud-prevention adjustment, an issuer must annually
notify its payment card networks that it complies with the standards
in paragraph (b) of this section.
(d) Change in status. An issuer is not eligible
to receive or charge a fraud-prevention adjustment if the issuer is
substantially non-compliant with the standards set forth in paragraph
(b) of this section, as determined by the issuer or the appropriate
agency under section 235.9. Such an issuer must notify its payment
card networks that it is no longer eligible to receive or charge a
fraud-prevention adjustment no later than 10 days after determining
or receiving notification from the appropriate agency under section
235.9 that the issuer is substantially non-compliant with the standards
set forth in paragraph (b) of this section. The issuer must stop receiving
and charging the fraud-prevention adjustment no later than 30 days
after notifying its payment card networks.
