E-Commerce Fraud Could Get Really Bad Post-EMV
The good news is that EMV is very effective at preventing the use of counterfeit credit/debit cards at the point of sale (POS), commonly referred to as card-present (CP) fraud.
The bad news is that EMV is so effective at preventing fraud at the POS that it has historically been shown in other countries to actively push fraud attacks to other channels, namely card-not-present (CNP).
In some cases, there have been dramatic triple digital spikes in CNP fraud in just a short time.
In France, for example, payment card-present fraud dropped by 35% between 2004 and 2009 after the implementation of EMV, but domestic card-not-present fraud losses increased more than 360% in that same time span.
Similarly, while the United Kingdom saw a 58% decrease in CP fraud, their CNP fraud increased 100% in the five years following EMV adoption, as heightened security at the POS forced criminals to look for new places to use stolen cards. Other countries, including Australia and Canada, experienced comparable spikes in online fraud as well.
If that history can tell us anything about the future, it is that U.S. e-commerce (card-not-present) businesses need to drastically reassess their fraud forecasts for the coming few years.
The key to survival in a post-EMV world lies in developing a multi-pronged strategy to avoid payments risk. While it is important to understand what the U.S. application of EMV solves for, it is more important to know what it doesnt solve for when implementing a risk mitigation strategy.
While EMV could potentially solve CNP fraud with in-home card readers that either directly authenticates credit and debit cards or generates a unique one-time passcode to verify each transaction, this technology is still many years off from widespread adoption.
In its current form, EMV will not solve for the protection of card data in transit or at rest, so employing encryption and/or tokenization to protect sensitive data will be necessary to lessen the effects of a possible breach. EMV will also not solve for stolen card data being used on e-commerce websites, so using fraud screening software to highlight errant customer behavior will continue to be invaluable in weeding out fraudulent transactions from the true ones.
Only by combining multiple, sophisticated fraud-prevention tools can CNP merchants in the U.S. expect to effectively minimize risk in the rapidly coming post-EMV payments environment.
Ned Canning is an e-commerce Product Manager at Vantiv.