In October 2006, Visa started their ADCR (Account Data Compromised Recovery) process. This process allows issuers to recover a portion of their magnetic stripe (POS 90) counterfeit fraud losses and some operating expenses related to qualifying compromised events.
Not all compromised events will qualify for the ADCR program. The event must meet the following criteria to qualify for issuer reimbursement:
Case Qualifications
- A CAMS alert was issued
- Account compromise event is confirmed
- Payment Card Industry Data Security (PCI DSS) violation could have allowed compromise of full magnetic stripe data
- More than 10,000 accounts involved in the compromise event
- A combined total of $100,000 (US) or more in recovery for all issuers involved in the event.
Fraud Eligibility Requirements
- Reported as Counterfeit fraud with a POS 90-full mag-stripe read
- A Visa signature based transaction, properly reported to Visa
- Occurred during the fraud window (up to 13 months)
Account Eligibility Requirements
- Issuer is registered to receive CAMS alerts
- Account number was not involved in an ADCR qualified event in the prior 12 months.
- Account was involved in at least on signature-based, full mag-stripe authorization at the merchant.
- Issuer is ADCR re-enrolled at the time of the alert (Operating Expenses only)
