Now that the second holiday season has passed since the U.S. deadline for EMV migration, acquirers are taking stock of the damages that merchants incurred this year to determine the effect of the new technology.
EMV, already common in other countries, is designed to prevent counterfeiting of plastic cards. Most U.S. companies faced an October 2015 deadline to migrate to EMV or else face a shift in fraud liability. But EMV protects only the physical point of sale, leaving e-commerce vulnerable to a fresh wave of fraud.
And for the past two years, fraud and chargebacks have been more rampant on the e-commerce side than at the point of sale. And some of those chargebacks might not start showing up until this quarter.
Acquirers and merchants say the reasons for the fraud spike are twofold: Fraudsters are shifting from brick-and-mortar to online now that more merchants have EMV-enabled terminals in place. At the same time, more transactions are taking place online, and the rate of fraud is rising to keep pace.
Holiday sales are expected to have grown more than 10% compared to the previous year, says Al Pascual, senior vice president, research director and head of fraud and security for Javelin Strategy & Research.
“As fraud grows in tandem with transaction volume, we can also expect at least a 10% lift in fraud, in addition to the impact of more capable and motivated fraudsters,” he says.
A report Javelin released in October highlights the challenges merchants are facing post-EMV. E-commerce sellers surveyed for the report indicated that 49% of their chargeback losses come from the online channel, which is roughly three times the amount of in-person fraud for this group.
Several e-commerce merchants might not be aware of some of the holiday-related chargebacks until now. According to a 2015 report by e-commerce fraud detection firm Kount Inc., most merchants don’t know they are the victims of higher fraud during the holiday season until the end of the first quarter because there is a 60 to 90 day lag in chargeback reporting.
Pascual says that the card brands have introduced some measures that bring temporary relief from the liability shift for merchants that are not yet EMV-capable at the POS. But for e-commerce merchants, on the other hand, he says the impact of EMV’s rollout is completely unmitigated.
“So at the same time the fraud community is generally becoming more adept at e-commerce fraud, they are also being motivated to look beyond the POS to get paid. As a result, we can expect chargeback rates to soar, well exceeding sales growth in the online channel,” Pascual says.
Merchants can activate fraud controls and security measures to defend themselves against online fraud. Marcus Smith, senior vice president of risk management for merchant acquirer iPayment Inc., says this is the easiest way for e-commerce merchants to combat fraud.
But Smith has observed that some merchants are reluctant to activate those controls because they can trigger false positives that reject otherwise legitimate sales. As soon as merchants turn on the fraud controls, they see a decline in their sales activity and revenue.
“They’ll remove all fraud controls because they want to rake in as much cash as possible. Unfortunately, many of those transactions are unauthorized,” Smith says.
And during the holiday season when merchants offer deep discounts and daily sales, they’re also being targeted by fraudsters who want to acquire as much inexpensive merchandise as possible so they can sell it on the black market for a profit. “So before you know it, you’re experiencing excessive chargebacks and rates of fraud,” he says.
Ed Garcia, chief operating officer for Pivotal Payments, agrees that more transaction volume in the e-commerce space has caused a parallel increase in fraud.
“The holidays kind of boost that volume, and as a result we’re seeing more chargebacks,” he says. “You tend to have more fraud because there are more transactions.”