Product Update: Securing your Citi Commercial Card – How you can help fight fraud, misuse, & abuse

No doubt you are aware of the sharp increase in  data and account breaches in recent years.  In 2014, more than 1 billion1 records were compromised, resulting in approximately $9B2 in total financial impact. (Insert Footnote: 1 Verizon 2015 Data Breach Investigations Report, IBM X-Force 2014 Report, 2 Forbes.com)  According to a recent MasterCard fraud study, fraud differs by region and is categorized as follows: card not present, counterfeit, lost/stolen, & other means. [Please see chart below.]

Citi has an extensive strategy to help fight against fraud.

Citi's products can help fight against four different types of fraud:

  1. Card Not Present – Citi deployed the 3D Secure technology for both MasterCard and Visa-based programs.
    1. 3D Secure is an online fraud prevention tool which shares data between merchants and issuers to help improve fraud detection
    2. Provides an additional layer of security and utilizes cardholder-specific behavior models to evaluate transactions for fraud
    3. 3D Secure, also known as MasterCard Secure CodeTM or Verified by VisaTM, is used at the point-of-sale when making online purchases
    4. In a small percentage of cases where we have reason to suspect fraud, U.S. cardholders may be prompted to enter a one-time password to complete the transaction
    5. One-time passwords are sent via email or text message or through a series of questions and answers
    6. One-time passwords impact <1% of online transactions, so it is easy to use and only impacts a small portion of Citi's cardholders.
  2. Counterfeit Cards - Citi deployed EMV technology with Chip cards and PIN technology.  This form of card issuance is the most secure and usable product for those who travel overseas.
  3. Lost/Stolen – Citi deployed Chip & PIN cards to all commercial cardholders to provide greater protection against lost/stolen situations (helping to drive down the potential for disputes) while protecting cardholders in "friendly fraud" situations where a family member may be tempted to utilize the Government Card to make a purchase that is not allowed.
  4. Other – Knowing that fraudsters constantly evolve their tactics, there is no one product that can stop fraud and misuse.  This is where Citi needs your help to continue fighting the fight against fraud.

Citi has deployed communication tactics that take advantage of tools, designed for those cardholders who want to stay connected.  Being connected and reviewing transactions and messaging is the last stop against fighting fraud.

Citi's suite of informational and fraud alerts can be sent via SMS/Mobile messages or by e-mail.  There are also agents who will call cardholders when required for expedited resolution.

Citi provides the ability for cardholders to access account-related information online, adding another layer of security and convenience including the ability to dispute transactions online.

This is how you can help:

  1. Ensure Citi has current cardholder contact information (cell, phone, and email)
  2. b. Validate that your company's email filters are configured to accept Citi e-mails: :
    1. Primary measure: Clients should lower the spam score on mail from .citi.com, .citibank.com and .citigroup.com domains which pass DMARC. DMARC means the mail passes SPF, DKIM and has a matching visible sender and envelope sender
    2. Secondary measure: Clients can whitelist the following IP Addresses within their email servers
    3. 207.45.164.79 207.45.164.24 8.7.43.214
  3. Review accounts tagged as fraud for employee misuse (liability waivers)
  4. Provide cardholder education covering how to review transactions online, etc.
  5. Communicate with Citi to ensure card accounts with fraud are shut down immediately
  6. Regularly review MCC's and credit limits and adjust velocity, credit and single purchase limits, as required

Additional tips for cardholders:

  1. Never leave cards in an unlocked desk and cabinet
  2. Be careful when providing card information to another person
  3. Review account activity regularly
  4. Contact Citi Customer Service immediately if there is suspicious activity on an account
  5. Only use card for authorized purchases
  6. Keep account information current (i.e. email address, cell phone, phone number, mailing address, etc.)
  7. Do not keep the card and its associated PIN together
  8. Never write down your PIN
  9. Do not open suspicious emails, links or attachments

If your agency would like to learn more regarding any of the products mentioned above, please reach out to your account manager.