CONTINUE TO SITE »
or wait 15 seconds

News

Visa: New ISO risk standards will help prevent fraud

Visa USA wants to head ATM fraud off at the pass by asking its agent banks to keep closer tabs on the ISOs they sponsor into the Plus network. Visa introduced a set of what it calls enhanced ISO risk standards in January of 2001 and has been enforcing them since June.

February 28, 2002

In discussing Visa's enhanced ISO risk standards, Martin Elliott, Visa U.S.A.'s director of corporate risk management, characterized his company as the "good cop."

It's possible, he said, that lax enforcement of the standards, which were introduced in January of 2001, could result in the federal government becoming a "bad cop."

"I don't think anybody in this room wants Uncle Sam injecting new laws into the marketplace," he told an attentive crowd during the ATM Industry Associationconference, "ATMs Hit the Big Screen" Feb. 21 in Hollywood, Fla. "We're obviously better off if we can police ourselves."

Self-policing is what the new standards are all about, Elliott explained. Visa is requiring financial institutions that sponsor ISOs (or agents, as Visa calls them) into its Plus ATM network to provide documentation proving that the bank has performed its due diligence.

"Agent banks that underwrite, monitor and control agent relationships must determine an agent is financially responsible," Elliott said, indicating that this entails a thorough review of business and personal tax returns and other financial records as well as a background check with law enforcement officials.

Visa has always asked for this, Elliott said, but now requires a written guarantee from its agent or sponsor banks to ensure that reviews have been performed. In addition, Visa is asking them to review ISOs' records on an annual basis and provide summaries of those reports. And Visa wants a senior member of bank management to be included in the review process.

Visa's new standards are a sign of the independent ATM industry's success, said Cindy Ballard, executive vice president of marketing for the Pulse EFT Association. "This business is now higher on the radar screens of Visa and other people as well," she said.

(Sub)liminal sales

The standards have been enforceable since January 2001, Elliott said. Visa can respond to noncompliance in several ways, he said, from issuing warnings to limiting the number of ISOs that a bank can sponsor to requiring them to collect fees for unregistered agents.

The issue of unregistered agents looms large in the independent ATM world, in which most ISOs contract with independent agents or sub-ISOs, paying them a commission for each ATM they sell rather than putting them on a regular payroll.

In response to questions from the audience, Elliott said that to be considered employees – and thus eligible to work under the auspices of a larger ISO without undergoing a separate registration process – unregistered agents must carry business cards and contracts printed with the name of the registered ISO.

"If they're selling under another name, that's a red flag that they should also be registered with us," he said.

Neil Johnson, president of Euless, Texas-based ISO International Merchant Services, suggested that one way to meet this requirement and still allow smaller ISOs to maintain a separate identity would be to provide cards and contracts reading: "Company ABC, an agent of Company XYZ."

Noting that his company had suffered past losses due to disreputable agents, Johnson said it's in an ISO's best interests to perform its own due diligence. "For the past several years, we've been conducting background checks on all of our agents," he said.

Mike Stevenson, vice president of Euclid, Ohio-based ISO WRG Services, believes the business card/contract requirement may be tough to enforce. Stevenson said his company sells hardware to more than 100 smaller ISOs – not all of whom he wants promoting the WRG name.

"If a guy comes to my door with cash in his hand and wants five machines, am I going to turn him away because I don't want my name on his business card? If I do, I guarantee he'll find someone else willing to work with him," Stevenson said.

The bank view

Sandra Hartfield, executive vice president of California's Palm Desert National Bank, which has sponsorship relationships with about 30 ISOs, said her institution will require its ISOs to provide more information concerning their sub-ISOs.

"We're not willing to risk the closing of our institution, so we're going to require more documentation – including background checks and credit references – on subs," she said.

Palm Desert also will take a more active role in monitoring the activities of the ISOs it sponsors. "We'll be auditing much more than we ever have in the past. It is and will be a big job," Hartfield said, noting that Palm Desert has sent copies of Visa's audit questionnaires to all of its ISOs so they will be prepared for reviews.

According to several ISOs in attendance at the ATMIA show, ISOs pay a onetime $5,000 entry fee and an annual $1,500 renewal fee for admittance into Visa's Plus network. They also pay a transaction-based fee, which generally ranges from half a cent to two cents a pop, depending on the size of the ATM fleet.

Some ISOs are also asked to post a certificate of deposit, which varies depending on the size of the company, length of time in business and other criteria. ISOs pay separate entry fees for Star Systems, Pulse and other regional networks from which they want to accept cards.

Early intervention

Stricter regulations are necessary, Elliott said, because of several recent cases of ISO-driven losses, including the federal government's December 2000 shutdown of the National State Bank of Metropolis, Ill., after about $6 million in chargebacks from its merchant credit card portfolio virtually wiped out the bank's capital. The Office of the Comptroller of the Currency cited National State Bank for lax supervision of its merchant-acquiring business, with most of its problems centered around a single ISO and its unregistered sub-agents.

Elliott said that the National State Bank case, along with a recent instance in the New York City area in which an errant ATM service technician apparently captured PINs at an independent ATM then used them to defraud customers of Citibank and several other institutions, has put the industry on notice.

While most of the fraud problems to date have centered around credit card ISOs and merchant acquiring, Elliott said the ATM industry needs to take a pre-emptive strike if it wants to avoid attracting the attention of federal regulators. "Creative thieves will find a way to get into the ATM/debit world," he said.

"Ninety percent of the ISOs in the market do a great job, but it's the other 10 percent that present a problem," he added. "Collectively, we have to work a little bit harder at preventing losses."

Incidentally, he said, Visa encourages ISOs to look at the financials of prospective sponsor banks. "Due diligence works both ways. That's smart business."

Hands-on learning

Visa plans to beef up its outreach efforts to make ISOs aware of the new stricter standards and related issues such as PIN security, Elliott said.

The company offers educational workshops, at a cost of $495, that cover many fraud and security issues. Upcoming workshops are scheduled for June 19 in Foster City, Calif., Sept. 18 in Kansas City and Oct. 23 in Miami. While the workshops are currently voluntary, Elliott said Visa is considering requiring ISOs to attend one every other year.

For more information on workshops, interested ISOs may contact Stoddard Lambertson at 650-432-1470.

Included In This Story

ATM Industry Association (ATMIA)

The ATM Industry Association, founded in 1997, is a global non-profit trade association with over 10,500 members in 65 countries. The membership base covers the full range of this worldwide industry comprising over 2.2 million installed ATMs.

Request Info
Learn More

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf
Recent Posts
ParaScript intros verification solution for checks
Nymeo Federal Credit Union wins recognition as 1 of the best workplaces in Maryland
SEC accuses former ATM businessman Daryl Heller of funneling $185M from investors
Fifth Third named as top veteran friendly employer
DC AG sues Bitcoin ATM operator Athena Bitcoin for allegedly exploiting scam victims


©2025 Networld Media Group, LLC. All rights reserved.
b'S2-NEW'