Quantcast
Paythink

EMV's the '15%' Solution for Card Fraud

Over the past several months, Visa, MasterCard, American Express and others have replaced magnetic stripe cards in the United States with “EMV” versions.

Chip cards are already the standard in Europe and other parts of the world, where they have proven to be far more expensive and difficult to counterfeit than magnetic strip cards. Card companies say the change is needed because while just over a quarter of the world’s credit card transactions originate in the United States, the U.S. accounts for almost half of the world’s fraudulent transactions, a disparity many attribute to obsolete technology.

The change is being touted as the dawn of a new era in credit card fraud prevention. However, there are doubts it will make a significant difference.

For one thing, EMV security only addresses the issue of counterfeit cards, which account for around 10 to 15% of credit card fraud in the United States. The bigger problem, by far, is first-person fraud. Cardholders refuse to pay what they rightfully owe, which accounts for roughly half of all fraudulent transactions.

EMV also fails to address another significant source of credit card fraud: lost or stolen cards. Other countries have addressed this by pairing the counterfeit protection of EMV with the user-verification protection of a PIN. U.S. card issuers, reasoning that Americans would balk at being asked to do two new things, split the difference, opting for chip-and-signature instead of the more-secure chip-and-PIN.

Finally, it will have no effect on the third and fastest-growing type of card fraud – online and phone transactions, where the merchant never sees a physical card. By all accounts, card-not-present fraud has been rising exponentially as other fraud avenues become limited.

There is no mistaking that EMV is a positive step. It’s high time the United States join the rest of the world. Yet some retailers may be reluctant to invest in what amounts to a stop-gap solution with limited protection.

Yes, under the new rules, retailers will be liable for fraudulent card purchases, but given the credit limits on most cards and the need for a fraudster to be physically present, the actual exposure is going to be relatively small. So small that it may not justify the investment in new point-of-sale technology.

Of note, we expect there may be an initial run on fraudulent activities immediately after the deadline that will likely tail off over time.

Credit card security is a moving target. Fraudsters are resourceful and persistent, which means there is no single magic bullet that will fix this problem. Merchants and card companies both need to be constantly vigilant and use a layered security approach that combines data encryption with user verification and behavioral analytics that screen every transaction against prior purchases to flag aberrant activity.

Like it or not, that’s the price of playing the game.

Scott Laliberte is a Managing Director with Protiviti.

JOIN THE DISCUSSION

(1) Comment

SEE MORE IN

RELATED TAGS

Comments (1)
Will EMV have an impact on retail fraud? Yes. Will the cost of a new terminal justify it? Who knows? The exposure will vary by business vertical. Nobody knows individual merchant risk, but according to a September 2015 Lexis Nexis study released this month, debit card fraud surged nearly 100% this year, likely due to fraudsters are trying to use cards before it gets impossible.
Merchants that sell products that can be easily resold are surely at risk. Whether a terminal is $400 or $900, it may not take too many fraudulent transactions to recoup the cost.
As for 'friendly fraud', where the cardholder denies they made the purchase later, it's not impossible to defend, and there are tools to mitigate risk of this fraud type.
Posted by 3Dmerchant | Monday, September 21 2015 at 9:18AM ET
Add Your Comments:
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.