New Fraud Targets: The Impacts of EMV Chip Card Migration Brings New Challenges
EMV chip card arrival to U.S. shores does not mean fraud is going away. It will most likely shift to new channels and verticals post EMV implementation. Past EMV transitions throughout the rest of the world have shown that EMV plays a big role in reducing in-store fraud. Consequently, fraud flows to other channels such as Card-Not Present (CNP) environments where cards and users are more difficult to authenticate, as well as SMB in-store merchants where hardware and software has not been installed. In this post we'll look at some of the impacts of EMV chip card migration in the U.S.
The U.S. will Most Likely See an Increase in eCommerce Fraud
The U.K. saw an increase of 62 percent in card-not-present fraud after its implementation of EMV, as criminals shifted their efforts to other channels of least resistance*. France, Canada and Australia all cite higher than 50% more instances of CNP fraud in the years following EMV implementation.
- Prepaid eGifts will become a particularly vulnerable fraud target. Online gifts require little information to send and receive, and as a result become a high-value target for fraudsters. The growing trend of electronic gifting helps satisfy consumer demand for an instant product that is sent to anyone’s inbox around the world in seconds. While physical gift card shipment usually takes a few hours or few days to process the merchant has time to verify the validity of the receiver. Most fraud decisions about eGifting have to be made in real-time.
In-store Fraud Will Flow to SMB and Mid-Market Retailers
Particularly at risk for fraud chargebacks will be many SMB and mid-market retailers who have not made the investment to EMV processing hardware and software. A majority of Tier 1 retailers were EMV capable on October 1, but many U.S. based SMB merchants have not considered what the shift means to them. Many SMBs are unprepared and unaware of the fraud liability shift. Many industry reports and studies have shown that most SMB business did not meet the October 1 deadline and significant numbers were not aware of the liability shift or the impacts of EMV chip cards.
Deploying EMV POS Software and Hardware to Millions of U.S. SMBs Will Take Time
SMB POS (ISVs) providers are just in the beginning phases of upgrading their software to accept new EMV protocols published by processors. It will take several months for POS software providers to complete all the necessary integrations. Once the integration is ready, then begins the arduous process of deploying the software and hardware on-site at merchant locations. POS resellers and installers can only do so many installs a week and therefore getting to all of their portfolios of existing merchants will take months if not years to complete. Many merchants will simply choose not to make any upgrades in the short-term due to the cost-benefit.
Take a Regimented Approach with Technology and Business Processes to Reduce Payment Risk in the Post Liability Shift Operating Environment
CNP channels must implement new fraud mitigation technologies and processes to stave off the increase fraud threat post EMV. As EMV acceptance becomes more prevalent, CNP merchants must plan ahead for an increase in CNP fraud. This begins by making an assessment of current fraud prevention tactics and areas of vulnerability. Utilize technologies that look for errant consumer behavior during the check-out process, particularly ones that utilize device identification or fingerprinting, IP geolocation, and velocity checking. Similarly, invest in products that can scan issuer networks to identify fraudulent transactions before they become costly chargebacks. Merchants should use Address Verification Services (AVS), which helps minimize fraudulent transactions by verifying the cardholder’s billing address with the card issuer. In addition, using the card security value – known as CVV2, CVC2, CMID, and CID by the brands – helps prove the card is in the possession of the owner.
In-store channels who choose to wait on EMV acceptance should implement additional card protection handling best practices. Merchants who choose to wait on implementing EMV may see increased fraud chargeback risk post liability shift. It’s critical in-store staff and managers understand fraud signals and keep their guard up. The in-store channel may not have the EMV acceptance technology, but they have the human factor that can go a long ways in preventing fraud and saving on fraud chargebacks. Train in-store staff to ask for an additional form of identification in the case of a large transaction amounts and to double check card information. Train staff to be aware of distracting or rushed behavior at checkout, which are tactics meant to disrupt the normal checkout process.
*Risk Forum 2011. Success and Challenges in Implementing Chip and PIN. https://ww.frbatlanta.org/documents/rprf/rprf_pubs/120111_wp.pdf