Credit card operation and the recent CardSystems incident - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

Credit card operation and the recent CardSystems incident

Description:

CREDIT CARD SYSTEM OVERVIEW ... About 12,000 credit cards issued by AIs in Hong Kong ... Requesting credit card companies, consumer credit bureau and debit card ... – PowerPoint PPT presentation

Number of Views:44
Avg rating:3.0/5.0
Slides: 14
Provided by: msp6
Category:

less

Transcript and Presenter's Notes

Title: Credit card operation and the recent CardSystems incident


1
Credit card operation and the recent CardSystems
incident
HONG KONG MONETARY AUTHORITY
4 July 2005
2
CONTENT
  • Credit card system overview
  • The CardSystems incident
  • Impact on credit cardholders in Hong Kong
  • Liability for financial loss
  • Follow-up actions by the HKMA
  • Impact assessment
  • Risk evaluation

3
CREDIT CARD SYSTEM OVERVIEW
  • Network operators (Visa, MasterCard, American
    Express, Diners, JCB, China UnionPay)
  • Card issuers (mainly banks)
  • Merchant acquirers (mainly banks)
  • Merchants
  • Cardholders
  • Third party service providers
  • Third-party processors
  • IT processors

4
AUTHORISATION FLOW
Third-partys network
Merchant
Third- party processor
Cardholder
(2) Seek authorisation
(1) Transaction
(9)Authorisation
(10) Completes purchase
(3) Transaction information
(8)Authorisation
(5) Requests authorisation for purchase
Merchant acquirer
(4) Transaction information
Network operator
Card issuer
(6) Authorisation for purchase
(7) Authorisation
Network operators network
5
CLEARING AND SETTLEMENT FLOW
Clearing (usually within 1 day)
Network operators network
Network operator
Merchant acquirer
(1)Transaction details
(2) Net Obligation Settlement report
Settlement bank of network operator
Card issuer
(3) Settlement notification
Settlement (usually within 3 days)
Settlement bank of network operator
Card issuer
(1) Payment via local RTGS
(3) Credit to merchant account
(2) Payment via local RTGS
Merchant acquirer
Merchant
Bill cardholder
6
THE CARDSYSTEMS INCIDENT
  • CardSystems is a third-party processor providing
    authorisation and validation processes on behalf
    of the merchant/merchant acquirer
  • Cardholder information stored after completion of
    authorisation and system hacked
  • Compromised data could be used for fraudulent
    transactions

7
THE CARDSYSTEMS INCIDENT
  • CardSystems reportedly breached the security
    standards set by the network operators
  • NOT to retain sensitive cardholder information
    after completion of authorisation process
  • to encrypt the information should such
    information be retained for special business,
    legal or regulatory purposes

8
IMPACT ON CARDHOLERS IN HK
  • Cardholders in HK may be affected if
  • purchase retail outlets in the US (at the
    point-of-sale or through Internet) and
  • retail outlets in the US submit transaction
    information to merchant acquirer through
    CardSystems
  • About 12,000 credit cards issued by AIs in Hong
    Kong potentially affected
  • No financial loss to cardholders in this case

9
LIABILITY FOR FINANCIAL LOSS
  • Card issuers will bear the full loss incurred
  • when faults have occurred in the terminals, or
    other systems used, which cause cardholders to
    suffer direct loss (section 30.1(c) of the Code
    of Banking Practice) and
  • when transactions are made through the use of
    counterfeit cards (section 30.1(d)).

10
FOLLOW-UP ACTIONS OF THE HKMA - IMPACT ASSESSMENT
  • AIs contacted most of the potentially affected
    cardholders for card replacement
  • For cardholders who cannot be contacted,
    transactions conducted through their cards are
    monitored closely

11
FOLLOW-UP ACTIONS OF THE HKMA - EVALUATION OF RISK
  • Risk of occurrence of similar incident in Hong
    Kong is relatively low
  • Comprehensive guidance issued to AIs, including
  • Outsourcing
  • Technology risk management
  • Supervision of Internet banking
  • Prior approval from the HKMA before entering into
    an outsourcing contract
  • Submission of annual IT controls self-assessment
    reports to the HKMA by all major AIs
  • HKMAs specialist IT on-site examinations cover
    the review of IT controls of AIs and their
    service providers

12
FOLLOW-UP ACTIONS OF THE HKMA - EVALUATION OF
RISK AND STRENGTHENING OF SECURITY SYSTEM
  • Letters issued to AIs and credit card companies,
    and other companies handling credit card/debit
    card data
  • Requesting AIs to re-assess the adequacy and
    effectiveness of controls over customer data
    security, retention and confidentiality
    (including AIs and their service providers)
  • Requesting credit card companies, consumer credit
    bureau and debit card operators to assess the
    security controls over internal and outsourced
    processing of consumer and transaction data and
    to strengthen their companies security system
    where necessary
  • Liaising with Privacy Commissioners Office

13
End of Presentation
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Credit card operation and the recent CardSystems incident" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!