CONTINUE TO SITE »
or wait 15 seconds

Blog

Debit card reissuing part I: To reissue or not to reissue?

October 16, 2013 by Kevin Christensen — Vice President, Audit, SHAZAM

The longer a card is present in the marketplace, the more likely it is to become compromised. Research indicates that the least amount of fraud losses occurs within the first 12 months of a debit card's activation.

As a general rule, debit card issuers should send their cardholders new plastic at a minimum every 24 months — both to protect against fraud and to preserve the physical usefulness of the card.

Of course, there are times when an issuer might decide to accelerate the typical 24-month cycle. This is usually true in the case of a data breach, which puts an account or a group of accounts at risk.

While reissuing (instead of simply blocking transactions for a limited time) might be the right decision, it does not come without a cost.

Cardholders are inconvenienced — sometimes for days. And for the issuer, there are expenses associated with ordering and mailing new plastic; not to mention the lost interchange income from a cardholder's downtime.

The decision whether to reissue ideally should be based on an institution's appetite for risk — combined with a business analysis of lost interchange income and cardholder inconvenience weighed against expected fraud losses (based on historical data) and reissue costs.

Some institutions are willing to roll the dice based on their analysis, while others want to reissue for fear of the big loss.

Generally speaking, reissues are necessary if track data has been compromised. Track data is the information contained on up to three different tracks on the magnetic stripe of a debit card. This includes things such as a cardholder's name, the primary account number, expiration date, and card verification value (as well as information for processors, such as service codes).

Once a fraudster has his hands on this information, creating a counterfeit card is a breeze. Therefore, putting an end to this card's life is most likely necessary to save both the issuing financial institution and the cardholder from big losses and headaches.

If the card's track data has not been compromised, a reissue might not be necessary. In this case, adding the card to a compromised card list (which can decline transactions through a fraud detection system) might suffice.

This fraud protection, plus the fact that in many cases the issuing FI will have chargeback rights, might be enough to avoid a reissue. That said, it will be important to continue to monitor the account for red flags — and to encourage the accountholder to do the same. Setting up account alerts — perhaps via a mobile service — is a good idea in these situations.

Read part II of this debit card series: "4 tips for safe debit card reissue."

Read more about security.

About Kevin Christensen

None

Connect with Kevin:

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf
Recent Posts
Eurasian Bank selects Diebold Nixdorf's self-service software
Romanian man arrested for alleged cash trapping ATM scheme
First National Bank to open 30 branches
Replacing the ATM: Pros and cons of new vs. remanufactured
U.S. Bank resumes crypto custody services


©2025 Networld Media Group, LLC. All rights reserved.
b'S2-NEW'