Online retailers and credit card companies are anticipating a spike in e-commerce fraud in the months ahead as EMV implementation brings increased security to the brick-and-mortar point-of-sale environment.
The majority of merchants in the U.S. face an October 2015 deadline to install transaction terminals equipped to read Europay MasterCard Visa (EMV) chips. EMV is a standard used in cards issued around the world offering increased security: The small micro-chips, which can be seen on the card's face, generate a unique dynamic code for each transaction, unlike magnetic stripes whose data doesn't change. Whereas a fraudster can copy the information on a magnetic stripe and make multiple counterfeit cards, counterfeiting doesn't work with an EMV-equipped card.
After the October deadline, the financial burden could be placed on merchants, merchant acquirers, or issuing banks/financial institutions if they are not EMV-enabled. But, if all parties are EMV-enabled, the liability falls back to the card issuer.
The U.S. is behind most of the world in moving to EMV. According to EMVCo, an organization formed by major industry companies including Discover, adoption of chip cards in the U.S. was 0.12 percent in Q4 2014, compared to 27 percent in Asia; 80 percent in Africa; 85.6 percent in Canada, Latin America and the Caribbean; and 96.6 percent in Western Europe.
In the domestic U.S., less secure card systems attract more fraud. As financial technology consultancy Aité Group noted in a June 2014 report, “Cross-border counterfeit fraud was a big problem when many other countries engaged in their EMV migration, as criminals still had the opportunity to use stolen card data in the magnetic stripe-reliant United States.”
As card issuers and merchants roll out EMV ahead of the October deadline, and point-of-sale fraud becomes more difficult to execute, card security experts expect a rise in card-not-present (CNP) fraud in e-commerce, the fastest growing payments segment. If the costs of fraud are any impetus, merchants have reason to prepare their CNP channel – every dollar in fraudulent transactions costs a merchant $3.08, according to a 2013 LexisNexis study. Considering the migration to EMV, Aité Group also predicted that CNP fraud will double to $6.4 billion by 2018.
Canada’s migration to EMV from 2008 to 2013 serves as a case study for preparation. Counterfeit and lost/stolen fraud there declined by 54 percent from the inception of the migration in 2008 to 2013, but cases of CNP fraud jumped 133 percent during the same timeframe, Aité reported.
Aité estimates that 70 percent of U.S. cards will have EMV by the end of 2015, 91 percent the following year, and 98 percent in 2017. That widespread adoption is going to make CNP look like the best opportunity for fraud.
“Criminals are increasingly adept at disguising their activity as legitimate, especially in the card-not-present environment. There is no silver bullet when it comes to fraud prevention, so it is critical to take a layered approach that considers multi-factor authentication of the customer making a purchase,” said Arvind Ronta, Director of Emerging Products at Discover. “Strong fraud prevention technologies include tokenization, encryption, and 3D Secure, all of which can combine to create a suite of integrated solutions that can help mitigate fraud.”
Merchants accepting CNP payments also must balance fraud reduction with ease of purchase. If the transaction is too complicated, customers might abandon it before it's complete. Large, high-traffic businesses counter this by creating an e-commerce account that retains customer payment information — think Amazon, with their one-click checkout.
“The biggest issue in e-commerce today is abandonment,” says Nick Holland, a senior payment analyst at Javelin, referring to lack of purchase follow-through from online consumers in a 2014 interview with InformationWeek. “They [merchants] don't want to introduce extra steps [to the checkout process].”
More urgency for quick CNP transactions comes from the growing number of online purchases of immediate-delivery digital goods — e-books, music, software, electronic gift cards, electronic event tickets and games. Consumers spent $6 billion on digital gift cards in 2014 and $4.5 billion on digital music (Vesta Corp.), while online event ticket sales are estimated at $4 billion (IBISWorld). These purchases must be as secure as they are simple—through secondary markets, fraudsters can easily dispose of digital goods, especially gift cards, obtained online.
For merchants looking to bring greater security to their e-commerce environment, Discover has the unique ability to offer tailored fraud prevention solutions that allow merchants to validate their customer data against Discover cardholder data, as well as report on confirmed fraud via the issuer.
Discover's Verify+, launched just more than a year ago, provides merchants a vital layer of security for CNP transactions. Accessible to merchants through one click, it compares the customer's full name, complete billing address, up to three phone numbers and an email address with the issuer's records. Merchants will receive immediate match/no match responses from the Discover website. Merchants can also learn of confirmed fraudulent transactions and recall goods by enrolling in Discover's free fraud prevention solution, Fraud Alerts, which saved merchants millions of dollars over the last year.
Javelin Strategy & Research, a financial technology research firm, predicts online commerce, which today accounts for 8.5 percent of total U.S. electronic transaction volume but 49 percent of transaction fraud, will see an explosion of fraud as online transactions grow to more than 10 percent over the next three years.
Discover's Verify+ helps merchants fight this fraud without losing legitimate online business.
“Our fraud solutions offerings are flexible and customizable first lines of defense for validating key customer data elements without impacting the customer experience,” Ronta added. “The business can truly customize their chosen fraud prevention technique and authentication steps to help keep their e-commerce running smoothly.”
See More From Discover