Even so, a bank may be able to recover some of that loss through dispute mechanisms set up by Visa and Master Card, as long as the bank can show that the fraud was the result of a breach at a specific merchant (in this case Home Depot).
Wireless network is stuck validating identity
They were all submitted through Visa and Master Card‘s networks as chip-enabled transactions, .
The most frustrating aspect of these unauthorized charges? Banks usually end up eating the cost of fraud from unauthorized transactions when scammers counterfeit and use stolen credit cards.
The bank managed to block $80,000 of those fraudulent charges, but the bank’s processor, which approves incoming transactions when the bank’s core systems are offline, let through the other $40,000.
All of the transactions were debit charges, and all came across Master Card’s network looking to Master Card like chip transactions without a PIN.
The fraud expert with the New England bank said the institution had decided against reissuing customer cards that were potentially compromised in the five-month breach at Home Depot, mainly because that would mean reissuing a sizable chunk of the bank’s overall card base and because the bank had until that point seen virtually no fraud on the accounts.
“We saw very low penetration rates on our Home Depot cards, so we didn’t do a mass reissue,” the expert said.
“The [Canadian] bank in this case would take any old cryptogram and they weren’t checking that one-time code because they didn’t have it implemented correctly,” Litan said.
“If they saw an EMV transaction and didn’t see the code, they would just authorize the transaction.” Litan said the fraudsters likely knew that the Canadian bank wasn’t checking the cryptogram and that it wasn’t looking for the dynamic counter code.
Avivah Litan, a fraud analyst with Gartner Inc., said banks in Canada saw the same EMV-spoofing attacks emanating from Brazil several months ago.
One of the banks there suffered a fairly large loss, she said, because the bank wasn’t checking the cryptograms or counters on the EMV transactions.
In addition, there are several checks that banks can use to validate the authenticity of chip card transactions.