Thus, the SBS modified the regulations of said cards in order to specify the scope of the operations monitoring systems applied by financial entities, to differentiate them from the cardholding authentication process.
The regulator aims to strengthen safety measures by identifying fraud patterns and the application of controls in the risk management of the financial system companies in transactions with plastic money.
Also read credit card: When will the bank be responsible for operations not recognized by customers?
The modification maintains the requirement of having a monitoring system to detect atypical operations (which differ from the usual user consumption behavior), but adds that this must be different from the authentication mechanisms of operations with cards, María del Carmen Yuta, Vodanovic partner, told Management.
Challenge
Table of Contents
Delimits concepts, clarifies that operating monitoring is part of the risk management of financial companies card stations of credit and debit, and that should not be confused with the authentication factors applicable to customer operations, he stressed.
“In practice, INDECOPI has demanded, in certain cases, that additional controls are activated before unusual operations, which in fact resembles reinforced authentication. The challenge for entities will be to demonstrate that their monitoring systems are not passive, but allow to identify atypical operations and activate proportional security measures,” he said.
Warning
In the banking system, there are 6.6 million credit cards and 39 million debit – raised to a savings account.
In addition, the modification requires that the procedures to manage the alerts generated by the operating monitoring system, at least include the scope of said scheme, the type of information considered as fraud patterns and .
With the same objective, the Superintendency provides that financial institutions must incorporate the application of amount limits according to operation, and additional authentication methods for those high -risk transactions with plastics.
Álvaro Castro, partner of Damma Legal Advisors, coincides with the lawyer in which the procedure to generate alerts for atypical operations is being reinforced.
Considered adequate that it covers particular information, as patterns of use of the cardlimit of additional amounts and methods of user validation.
Read also takes off from 100% digital bank cards, is it the end of plastics?
Effective monitoring
“The same alert mechanism cannot be applied to an operation that is performed at noon as at dawn. If it is an elevated amount, confirmation with a call should be requested, unlike the messages that the client receives when he makes a low amount payment, ”he said.
“All mechanisms must be incorporated so that alert management monitoring is more effective,” he added.
Financial institutions operating cards must establish limits and controls in the various service channels, which allow mitigating the risk of fraud losses.
Credit cards.
Measures are part of risk management
The resolution establishes that the security measures implemented by the financial entities for the monitoring of operations with Credit cards and debit are part of their risk management, and clarifies that the aforementioned monitoring is not part of the authentication process or determines in itself the validity of an operation with plastic money.
In 2013, through resolution, the SBS approved the card regulations, which has just been modified as regards security measures regarding the monitoring of operations with these means of payment.
Also read from today would rise cost of consumer loans and cards, what is the breakdown?
