Decoding ATM transaction messages for EMV analytics
So you've just converted all your ATMs (or at least the ones that make the most sense) to support EMV chip capability. Good timing. But although you may have reached an "all ATM terminals go" nirvana, you are not out of the chargeback zone — yet.
Over the next few months you're going to want to keep a keen eye out for:
- an increase in fraudulent transaction attempts on ATMs that are not yet EMV capable, or using cards that are not yet EMV capable;
- device or card problems that are causing transactions that should be processed as EMV transactions to fall back to magstripe instead.
Inetco has been working with a number of our customers to tackle these issues directly. We are helping them create a set of real-time transaction alerts and fraud visualization dashboards that will make it easier to dispute ATM chip liability shift chargebacks, understand the precise details of how transactions are being processed, and resolve a range of questions related to EMV chip migration, including:
- Which of your remaining ATMs should be prioritized and migrated to EMV next?
- Until your ATMs are chip enabled, what potential fraud or use patterns should you be on the lookout for?
- How can you quickly know if the card transaction was an EMV chip transaction, or an EMV fallback to magstripe?
- If it was a magstripe transaction, was the ATM terminal EMV capable?
- If it was a magstripe transaction, was the card EMV capable?
We thought we would share a condensed version of our answers below:
1. Which of your remaining ATMs should be prioritized, and migrated to EMV next?
Although this is a pretty simple question to answer, a one-stop visual definitely helps.
We suggest that you take into account a number of data points, such as transaction volumes, terminal profitability, customer density, competitive information, and where ATM fraud at the physical point has been attempted in the past.
2. Until your ATMs are chip enabled, what potential fraud or use patterns should you be on the lookout for?
Regardless of where you are in your EMV migration, it is important to be on constant lookout for high velocity scenarios.
This means setting up real-time alerts that notify you to anomalies such as:
- excessive repeat transaction activity over a set period of time — either on ATMs you own, or ATMs you do not own;
- a high number of card swipes over a set period of time — either one card used at one device with high velocity, or multiple cards at a common ATM; and
- the occurrence of transactions of very small or abnormally large value.
3. How can you quickly know if the card transaction was an EMV chip transaction, or an EMV fallback to magstripe?
Real-time transaction alerts can be set up to notify you when a single EMV fallback occurs, or when there are consecutive magstripe transactions at an ATM.
By delving into decoded transaction message fields, you can identify what type of transaction it is, and if these transactions have originated from a specific card type.
The example alert below was set up to send out a warning notification in the event that a magstripe transaction occurs at any terminal within an EMV-enabled ATM fleet.
The first digit of the service code (2xx or 6xx) indicates the card is chip capable. In this case, the service code starts with two, meaning the card is EMV capable.
4. If it was a magstripe transaction, was the ATM terminal EMV chip capable?
It's important to know whether your ATMs are reading EMV chips for all transactions. By correlating both the ISO 8583 protocol variants and the NDC+ protocols, you start getting a full, end-to-end transaction picture that can help you isolate the root cause of issues.
For example, the transaction fields within the various ISO dialects indicate whether your ATM terminal is a magstripe or EMV chip enabled terminal. The authorization data contained within the transaction would also confirm things such as improper terminal capability or entry condition, or a fallback error due to the terminal.
5. If it was a magstripe transaction, was the card used EMV capable?
Decoded transaction messages can also be used to determine whether a card is EMV capable.
For instance, we can tell if, during the PIN verify sequence, the chip is not used. When a card is EMV capable, the fields (Field ID) will also indicate smart card data.
We realize that every ATM acquirer is at a different state in their EMV migration process, and what you care to analyze will be unique to your environment.
For more about EMV analytics and real-time transaction monitoring, check out the replay of the webinar, "5 Awesome Ways to Improve Customer Engagement," recorded earlier this month.
cover photo istock
Companies: INETCO Systems Limited