Now that EMV® chip cards have arrived in the U.S. and consumers are getting used to the “dip” instead of the “swipe” at the point of sale, there’s been a lot of talk about how the technology may not be as safe as we’ve been led to believe. Some commentators have even started referring to chip-and-PIN cards as chip-and-pain cards, claiming that the switch to EMV will not solve payment card fraud.
They’re right — there is no one solution to solving payment card fraud, and there never will be, not as long as there are hackers and criminals who are determined to crack the newest version of secure technology. Failing that, they will seek the path of least resistance.
This tendency for thieves to change their behavior to take advantage of the weakest link in the payment chain has been dubbed “fraud mutation”. In the case of EMV, experts predict that fraudsters will turn their sights to vulnerable card-not-present (CNP) transactions, including online commerce; small businesses and banks that haven’t adopted EMV technology; consumer deposits like checking and savings accounts; and electronic payment fraud.
CreditCards.com recently reported on this phenomenon based on a webinar on how fraudsters may respond to the introduction of chip card payment technology in the U.S. and the resulting fallout. There was both good news and bad news.
The good news is that EMV implementation in other countries has significantly reduced counterfeit fraud losses. Europe saw a $103 million decrease in card skimming fraud losses between 2008 and 2009 after switching to chip card payment technology, and Canada cut both debit and credit card fraud from $142 million in 2009 to just $39 million in 2012 after beginning its shift to EMV in 2011.
But, as CreditCard.com points out, “As chip cards make it nearly impossible for crooks to reuse in-store payment data, they will instead target less protected sources of payment data, such as e-commerce transactions where, in many cases, full card or account numbers are still present. Or, small retailers that weren’t targeted by card theft before may become targets if the majority of the store’s transaction data is not chip card-encrypted because of an EMV migration delay.”
This observation is based on CNP fraud loss statistics from the United Kingdom that increased from 29 percent to 67 percent between 2003 and 2014. Australia fared even worse, the website reports. “When EMV issuance ramped up in 2006, card fraud cost issuers a little under $100 million,” it notes. “Thanks to a huge increase in card-not-present fraud post-EMV introduction, card issuers lost $262.6 million to fraud in 2012.”
The recommendation for the U.S. market is that “card issuers put more resources toward identity theft and account takeover resolution, merchants do their best to upgrade their payment systems ASAP and fraud strategists prepare for the ecosystem to change.”
As webinar participant Andrew Davies, vice president of Global Market Strategy, explains, “We are just in the infancy of understanding how deeply fraud impacts us, but we do know that fraud is growing and changing and that will continue with each decade to come.”
Do you have questions about EMV, or do you want to know more about transitioning your business to EMV-capable payment processing? We’ve got answers for you here, here and here. When you’re ready, talk to a TransFirst® representative about the EMV options available to meet your unique requirements.
EMV is a registered trademark or trademark of EMVCo LLC in the United States and other countries. www.emvco.com