VISA modifies the Global Compromised Account Recovery program
AML AND COMPLIANCE NEWS |
The Global Compromised Account Recovery (GCAR) program was created by VISA in 2012 to provide a more balanced and efficient cost recovery process for participants in the VISA payments system. GCAR helps card issuers recover a portion of estimated counterfeit fraud losses and operating expenses resulting from a data breach. VISA announced that it is updating GCAR. VISA expects the program revisions to address changes in the payment environment and to ensure that GCAR recoveries remain in line with the costs and risks that are created by account data compromises.
Effective immediately, GCAR will allow recovery for all eligible VISA account numbers with magnetic-stripe data that are at risk due to a data breach regardless of the network on which the transaction was processed. At the same time, VISA has increased the qualification criteria for a data breach to 30,000 accounts and $300,000 (up from 15,000 and $150,000, respectively) in total recoveries for all eligible issuers involved in the breach. VISA also indicated that it is "researching operating expenses incurred by clients of various sizes to determine the actual costs to payment system participants." It will use this information to re-evaluate the current operating expense recovery program.