As EMV migration and adoption accelerate throughout 2016, an increase in Card Not Present fraud is inevitable. EMV shifts caused considerable spikes in CNP fraud in Canada and Europe more than a decade ago when mobile shopping didn’t even exist, and the ramifications for the U.S. could be enormous.
What does this mean for card issuers? For many, it’s unchartered territory in this post-EMV world, as issuers plan for more frequent reissuance. But a traditional business continuity and disaster recovery plan is unsustainable, as it’s neither cost effective nor risk mitigating to use inventory storage models to respond to fraud.
To plan for the inevitable, issuers need to consider three essential risk-management strategies including a business continuity and disaster recovery plan, a diversified partner strategy, and continued education for EMV cardholders and merchants.
Business Continuity and Disaster Recovery Plan. The traditional business continuity and disaster recovery plan requires an issuer to have back-up inventory for each card program. As markets grow and CNP fraud increases, the cost of these programs are unsustainable.
Costs include the increased per-card expense and separate EMV chips, and the sunk costs of producing, managing and ensuring secure storage of emergency card inventory, which may or may not expire before it’s needed. Traditional manufacturing means 100% sunk costs, with zero flexibility. Issuers should instead invest in virtual – or on-demand – inventory. Plan ahead, set up program elements in advance, negotiate good service level agreements and be ready to pull the trigger on replacement cards in days, not weeks.
Diversify, Diversify, Diversify.Card issuers are accustomed to using one personalization facility, which almost guarantees significant lag times to reissue cards for a sizable breach. Production facilities become backlogged as they manage reissuance and new EMV cards.
If a disaster recovery strategy is not in place, issuers are looking at a six to eight-week timeline to order and personalize new inventory, which equates to a bad cardholder experience and a major hit to card load during that timeframe.
Issuers today are in an especially risky situation because traditional manufacturers are still producing first run EMV cards. A breach significantly exacerbates the situation and issuers find themselves in a waiting game, where the biggest fish win.
By diversifying business continuity and disaster recovery plans through a second manufacturing partner, issuers mitigate the risks of card reissuance and put the cards into consumer’s hands more quickly. Selecting a producer that doesn’t require an upfront investment in physical inventory reduces costs and risk.
EMV Education is a Priority. With more merchants becoming EMV-enabled, it is more important than ever to educate everyone about EMV. Consumers are already skipping over EMV-enabled cards because they perceive the hassle to be greater than the security. Additionally, more than 70% had not received any communication about EMV from their credit union or bank at the initial transition deadline.
The first major uptick in CNP fraud this year won’t do issuers or merchants any favors in the hearts and minds of cardholders. Communication will become more important because of the misperceptions CNP fraud can create among consumers. Cardholders will likely be confused and frustrated when they experience the nasty “side effect” of a more secure card: more fraud.
Issuers can combat concerns by reissuing quickly, and providing clear, personalized materials and messaging that explains the source of the fraud, and how both issuers and cardholders can keep their account information secure.
The payments industry is evolving like never before. In the U.S., we have the benefit of global trends to navigate increasing CNP fraud. But paired with unprecedented online and mobile transactions, the U.S. market might blow those trends right out of the water. Issuers can reduce costs and risk and safely navigate EMV and CNP Fraud with a solid business continuity, diversification and communications plan.
Render Dahiya is CEO of Arroweye Solutions.