EMV's working, and stragglers need to get on board
It’s been two years since EMV liability shifted in the U.S., and we’ve come a long way in the payments industry. Both card issuers and merchants continue to work hard to help with the EMV migration.
The card issuers have put in a lot of effort into rolling out EMV-enabled credit/debit cards. According to data from The Strawhecker Group, 63% of all credit cards in the U.S. are now EMV-enabled (81% of credit cards and 46% of debit cards).
Merchants have also made significant strides in enabling EMV. Based on a report by The Strawhecker Group, 52% of all U.S. merchants have enabled chip card payments, and that number is growing. At a recent Visa Technology Providers Forum, I learned that many credit and debit transactions today are EMV. 98% of credit card transactions by dollar volume, (49% of transaction count) are EMV and 86% of debit transactions by dollar volume, (33% of transaction count) are EMV.
As a result, U.S. merchants with EMV-enabled terminals have seen a drop in counterfeit fraud by 58% between April 2016 and April 2017. In addition, financial losses from fraud have dropped by 28%.
Counterfeit fraud decreased by 58% in April, 2017 at U.S. chip enabled merchants compared to April 2016, however, even as losses continue to drop, credit card fraud still poses a big challenge in the industry. According to a 2017 Debit Issuer Study, financial institutions lost an estimated $900 million in debit card fraud in 2016, which includes both chip enabled and non-enabled merchants.
Thankfully, there are many things merchants can do to combat fraud, and I’ve compiled a list of several measures. Let’s take a look:
Upgrade to EMV-Enabled Payment Solutions: It is expected that 90% of U.S. merchants will achieve EMV adoption by the end of 2020. The greatest resistance to adoption comes from micro-merchants who don’t see the value in EMV. It’s true that these smaller merchants often have lower transaction values than big box retailers, but credit card fraud can cripple any business. It’s not just damaging monetarily, but it can irreparably harm a brand’s reputation and consumers’ trust. EMV has been successful in curbing counterfeit credit card fraud and protecting businesses from these damaging effects in many countries all over the world, including the U.K., Canada and Australia. More merchants of all sizes need to start accepting EMV payments to likewise protect their business. As EMV makes stolen card data less valuable, fraudsters will look for opportunities at merchants that have not adopted EMV.
Regularly Inspect Payment Devices for Tampering: Cyber criminals have many ways to steal credit card information. One of the most common tactics is to tamper with payment devices to record credit card information as consumers use their cards with these devices. Merchants should regularly check their payment devices for any potential tampering to make sure they’re safe to use. Sometimes the tampering may involve installing overlay devices that look exactly like the payment terminals making the merchant’s regular inspection even more important.
Maintain PCI Compliance: Apart from having a secure system, merchants should make sure their payment infrastructure follows all PCI DSS compliance requirements. Failing to follow these requirements can result in heavy fines. Depending on your scale of business and complexity of your payment infrastructure, you might need to follow multiple PCI DSS compliance requirements.
Multi-Layered Security Approach: When we speak about protecting payment infrastructure with merchants, we always recommend a multi-layered security approach. This approach goes beyond EMV and adds additional security measures including point-to-point encryption (P2PE) and tokenization to help merchants safeguard themselves from potential data breaches and payment card fraud.
Keep an Eye Out for Unusual Customer Behavior: There is plenty of content available that provides tips on how merchants can keep track of unusual customer behavior. Tips like “Purchasing a large number of expensive items,” and “Telling you not to insert or swipe their card because it doesn’t work” can be helpful for merchants to keep their guard up.
Report Fraud As You Discover It: Security measures can only do so much to protect your business from payment card fraud. Merchants need to be vigilant and report fraud immediately to protect themselves and their customers.
Optional Transaction Tools: There are some additional optional tools that merchants can use to curb payment card fraud. This includes a fraud control tool that allows the clerk to enter the last four digits from the front of the card, which are compared to the data from the magstripe. This is only used in situations where merchants don’t yet support EMV. A counterfeit card is less likely to have the same number on the front of the card as it does on the magstripe.
Also, supporting PIN entry helps prevent the use of stolen cards when the card supports a PIN. Since only the original cardholder knows the card’s PIN, a card thief won’t be able to make purchases if you require it.
Finally, an address verification service is a useful tool and when supported by the Merchant Services Provider. It allows merchants to ask for a customer’s ZIP code when making a payment, and this code is then confirmed by the card issuer. A non-matched AVS may still be approved by the card issuer, but the merchant has the option of refusing the transaction if there’s a suspicion of fraud.