12 CFR § 235.4 - Fraud-prevention adjustment.
(a) In general. Subject to paragraph (b) of this section, an issuer may receive or charge an amount of no more than 1 cent per transaction in addition to any interchange transaction fee it receives or charges in accordance with § 235.3.
(b) Issuer standards.
(1) To be eligible to receive or charge the fraud-prevention adjustment in paragraph (a) of this section, an issuer must develop and implement policies and procedures reasonably designed to take effective steps to reduce the occurrence of, and costs to all parties from, fraudulent electronic debit transactions, including through the development and implementation of cost-effective fraud-prevention technology.
(2) An issuer's policies and procedures must address -
(i) Methods to identify and prevent fraudulent electronic debit transactions;
(ii) Monitoring of the volume and value of its fraudulent electronic debit transactions;
(iii) Appropriate responses to suspicious electronic debit transactions in a manner designed to limit the costs to all parties from and prevent the occurrence of future fraudulent electronic debit transactions;
(iv) Methods to secure debit card and cardholder data; and
(v) Such other factors as the issuer considers appropriate.
(3) An issuer must review, at least annually, its fraud-prevention policies and procedures, and their implementation and update them as necessary in light of -
(ii) Their cost-effectiveness; and
(A) Its own experience or information;
(C) Applicable supervisory guidance.
(c) Notification. To be eligible to receive or charge a fraud-prevention adjustment, an issuer must annually notify its payment card networks that it complies with the standards in paragraph (b) of this section.
(d) Change in status. An issuer is not eligible to receive or charge a fraud-prevention adjustment if the issuer is substantially non-compliant with the standards set forth in paragraph (b) of this section, as determined by the issuer or the appropriate agency under § 235.9. Such an issuer must notify its payment card networks that it is no longer eligible to receive or charge a fraud-prevention adjustment no later than 10 days after determining or receiving notification from the appropriate agency under § 235.9 that the issuer is substantially non-compliant with the standards set forth in paragraph (b) of this section. The issuer must stop receiving and charging the fraud-prevention adjustment no later than 30 days after notifying its payment card networks.
The following state regulations pages link to this page.