Please note: the below FAQ outlines a particular scenario, this should NOT be taken as a global answer for all topics relating to Stolen Credit Cards.
Question
In a scenario where
- a customer informs a Data Holder their credit card was lost or stolen,
- asks for a card reissue,
- Data Holder issues new card number for the customer.
If the original card card (which was stolen/lost) was already a part of a sharing arrangement with an Accredited Data Recipient:
Would the new card number be treated essentially as "the same card", i.e. would the sharing arrangement continue seamlessly?
If yes - would this mean that the accountId
for this new card number would be the same as for the "old" card number?
Finally, if current digital experience in the lost/stolen scenario is that a card which is reported as lost/stolen is removed from online banking for a day until a new card is issued, should this behaviour be mirrored in the context of Open Banking?
Answer
It is the understanding of the DSB that most institutions have a clear distinction between a Credit Card Account and an issued card associated with that account. Many institutions offer the ability to have secondary cards, for instance, associated with the same account or to attach scheme debit cards to other account types such as transaction accounts.
Also, the concept of data sharing is fundamentally distinct from the use of a card (in physical or tokenised form) for making purchases. The blocking of a card for making purchases is not understood to be a reason for removing the associated card account from data sharing. This may actually be a detrimental response for the consumer as the data sharing may be for a fraud analysis or Personal Financial Management service that assists the consumer in identifying fraudulent transactions.
In some cases, however, the account number for the account may be the PAN for the primary card so a card reissue may result in the changing of this number. If this action technically results in one account being closed and a new account being opened then the DH should treat it as such. In this case the old account should still be shared but as a closed account and the option for sharing the new account should be offered to the customer according to the CDR rules.
If, however, this event is treated as a change to the account number but the account is still considered to be the same account (ie. other authorisations and transaction history is maintained) then the account should be considered the same account for the purposes of the standards. This is one of the advantages of the account ID concept in that it disconnects the identification of an account for CDR sharing purposes from any underlying identification idiosyncrasies arising from institution specific implementations or policies.
Comments
0 comments
Please sign in to leave a comment.