Quote:
|
Originally Posted by Validus
Oh, interesting. Ah well, I must have read the regulations wrong then. This is what it says:
An acquirer?s fraud loss control program must meet the following minimum
requirements, and preferably will include the recommended additional
parameters. The program must automatically generate daily fraud monitoring
reports or real-time alerts. Acquirer staff trained to identify potential fraud
must analyze the data in these reports within 24 hours.
To comply with the fraud loss control Standards, acquirers also must transmit
complete and unaltered data in all card-read authorization request messages,
and also CVC 2 for all Card Not Present (formerly MO/TO), voice, and
e-commerce transactions.
Additionally, acquirers with high fraud levels must:
? Install ?read and display? terminals in areas determined to be at high risk
for fraud or counterfeit activity, or
? Install EMV chip terminals
|
No, you aren't reading it wrongly, (and notice that it applies specifically to card-not-present/MOTO transactions), however, in different areas of the VISA regulations (which are the size of a full set uf encyclopedia) there are detailed exceptions and conditions. Also associated member banks (banks, not processors) can negotiate certain conditions with VISA to allow for exceptions. Also protocols and procedures vary in each of the six VISA regions.