Card Scheme Compliance Policy¶
| Code | PAY-003 |
| Domain | Payments & Settlement |
| Owner | Head of Payments |
| Status | Draft |
| Applicability | Platform |
| Jurisdiction | NZ + AU |
| Business domain | BD06 |
| Review date | 2027-03-25 |
Regulations: Visa/Mastercard Rules · PCI DSS v4.0 — Payment Card Industry Data Security Standard¶
Purpose¶
Govern the platform's obligations for payment fraud prevention, including real-time fraud screening, dispute management, and chargeback handling.
Scope¶
All payment transactions processed by the platform in NZ and AU, including card payments, account-to-account transfers, and direct debit transactions.
Policy statements¶
The platform SHALL operate a real-time payment fraud screening capability that assesses all payment transactions before authorisation. Transactions assessed as high-risk SHALL be declined or subject to step-up authentication before processing.
The fraud screening system SHALL be calibrated to achieve a fraud-to-sales ratio within the platform's risk appetite. Fraud model performance SHALL be reviewed monthly and the model recalibrated if performance deviates materially from appetite.
The platform SHALL maintain a fraud case management process. All identified fraud cases SHALL be recorded, investigated, and resolved within the timeframes set in the fraud management procedures.
The platform SHALL comply with the payment scheme chargeback rules for all card schemes it participates in. Chargeback responses SHALL be submitted within scheme timeframes. Failure to respond within scheme timeframes SHALL be reported to the Head of Payments.
Customers who report unauthorised transactions SHALL be contacted within one business day of the report. Provisional credit SHALL be applied in accordance with payment scheme rules pending investigation.
The platform SHALL monitor fraud trends monthly and report to the Board Risk Committee quarterly. Emerging fraud patterns that require product or system changes SHALL be escalated to the CTO.
The platform SHALL comply with the NZ Payments NZ rules and AU New Payments Platform (NPP) framework requirements applicable to fraud prevention.
Satisfying modules¶
| Module | Name | Mode | Description |
|---|---|---|---|
| MOD-022 | Payment audit trail | LOG |
Scheme compliance evidence — every card transaction has full processing record |
| MOD-124 | Physical card issuance and bureau integration | GATE |
Physical cards are produced only after passing card scheme compliance checks — the card personalisation file conforms to Visa/Mastercard scheme specifications before submission to the bureau. |
| MOD-144 | Confirmation of payee — account name verification | AUTO |
CoP result and customer acknowledgement are recorded with the payment record for fraud liability and audit purposes. |
Part of Payments & Settlement · Governance overview
Compiled 2026-05-22 from source/entities/policies/PAY-003.yaml