The Burst of the EMV Bubble: 3 reasons why we still have a problem and one answer why it’s only temporary
So, here we are, living in the “future”…many of us now finally have chip cards; the G20 nations are all in the post “liability-shift” world; we’re all expecting to be living in the new paradigm.
But it is fairly clear that not all is right in the world. There are still breaches, skimming and fraud, and in fact, they are just as bad as they have ever been…seemingly nothing has changed and depending on whom you listen to, it’s worse.
To some degree, and depending on your perspective, this is pretty much the truth. With that, here are three reasons why the new playing field isn’t any better than the old one:
- If you’re a merchant, now the pain is in your world: Merchants woke up on October 1st and now everything is pushed off on them. Worse, the hacking didn’t slow, so now the merchants are targeted on one side by hackers and moreover, the fraud losses fall on them as well. Seems that this EMV thing has been the wrong move…you have to pay for the new technology and terminals, and you’re at even greater risk than you were before.
- If you’re a brick and mortar merchant, you still hear that POS systems are increasingly hacked, especially at restaurants and hotels. If you’re an eCommerce merchant, you’re hearing that fraud has migrated to your channel, and there is no fix yet. Both of these scenarios may appear to be materializing and perhaps as an indirect result, around a third of POS machines have been updated to EMV. It appears that there is no real incentive, as this is a lose-lose scenario.
- If you’re a US card issuer, you’re working as hard as ever and volumes are spiking: ATM fraud is worse than ever, fuel pumps are getting skimmed like it’s going out of style, pretty much because, well, it very well might be. New fraud types are popping up in volumes that keep teams fighting fires.
- It appears that while we scale our businesses, the fraudsters are scaling theirs just as fast, if not faster, and that it’s accelerating faster on their side. Compound that with the fact that the merchant EMV acceptance rate is fairly low, and it may appear to be that we’re stuck in neutral. All the re-issues of the mag stripes in the world won’t change that.
- If you’re a consumer or other industry watcher, you don’t know what’s happening or what might be the truthYou might be hearing that fraud is shifting, you might be hearing that there is more insecurity in the payments ecosystem, you might be perceiving that there is more friction or you are actually getting more alerts and/or unauthorized transactions passing by your radar.
Either way, it appears that there is little good coming out of this and that we’re more or less under-realizing much in the way of any benefit of this conversion. Fraud has not slowed and all stakeholders are unhappy.
The end result is that from wherever you sit, you may hear, see and perceive that there is more fraud. That all these new technologies haven’t solved the problem. That EMV is not going to improve anything or it’s just redistributing the problem.
There is also a darker, more sinister fact at play here: that the hackers, fraudsters and foot soldiers on the dark side of this battle have grown in numbers as we’ve slowly moved to increase our dependency on electronic payments.
And I’m sorry to burst the bubble, but this is all true. There is a ton of fraud right now, it’s still growing, and the criminal entities who have created, scaled and maintain these dark economies are presently undeterred.
Here’s why all of that is shortsighted…
There is glimmer of hope and that glimmer is not that far in the distance: we’re just in the infancy of the adoption of new technologies that will significantly reduce the impact.
EMV has worked in the countries where it has been implemented, it has dramatically reduced counterfeit card fraud.
To really put this in perspective, in the USA, we’re only seeing about a quarter to a third of all POS transactions going through the EMV mode right now. So, we have a ways to go before the benefits really take hold.
Tokenization is showing us that we will further protect the ecosystem with dynamic data that will inevitably be a stronger and more widely supported standard.
Authentication is improving and being deployed with less friction using our mobile devices.
Fraud alerts are more precisely applied than they have ever been, and are more directly fed to us. This is a transitional period, and unfortunately, the transition is going to be long… perhaps another 2-5 years until we have a real ring around counterfeit card fraud once we take into consideration all possible manifestations of the mag stripe in our ecosystem.
Seriously. And as we have to be accepting that it’s not going to all fall into place overnight.
It’s a period of change where a shuffling of security elements between merchants, terminals and issuers will be exploited by an increasingly target-sensitive fraudster and hacker.
With every new technology, in payments or in any consumer goods, there are typically teething problems… and this is a very complex, global problem where no simple answers exist.
The investments in security we are making today can and do pay dividends. In every new breach, it becomes increasingly clear that the business that was compromised may not have put security first, or didn’t adequately prepare for environmental shifts.
It is right now that we are in the transition period, and if investments in security have not been made, it is now time to make them, or find oneself in the position of being left behind when the hacker, fraudster or ne'er-do-well sets their site on your organization.
It’s said that luck favors the prepared, and while it may appear that our newest preparations aren’t immediately realizing their desired result, it will certainly be realized that the organizations that didn’t adequately prepare for this transitional environment are the same as those that are actually impacted.
Further, EMV is in fact already working for those who moved forward with it. The merchants who already adopted EMV are far less susceptible to suffering from hacking and fraud, and won’t be in the news as the victim of the latest event.
The issuers who issue EMV chip cards already have less counterfeit fraud liabilities even when their customers shop at merchants that didn’t transition to the new standard. That’s how it appears from the inside looking out—right now.
That’s why EMV is going to work, and why we need and will get more technologies like it. So, let’s not say this is a burst of the EMV bubble, this is just a bit of chop in the EMV froth.
Related Blog Posts
The EMV Deadline Has Been Extended for U.S. Fuel Merchants – Now What?
U.S. fuel stations were originally supposed to be EMV-compliant by October 2017, but due to complications and costs at the time, the deadline for EMV at the pump was extended for three years – and it has now been pushed out further to April 2021 due to the COVID-19 pandemic.
Merchant Fraud in the Age of COVID-19: We Need to Prepare Ourselves for a “Tidal Wave” of Attacks
With millions of consumers around the world self-quarantining at home, online shopping for goods, services and entertainment has become the new normal for many. A recent analysis of our own data has shown that average transaction volumes in the retail sector in March rose 74 percent compared to the same period last year.
Are Chargebacks Making a Comeback for U.S. Fuel Merchants?
With the planned EMV implementation date looming for U.S. fuel merchants, we’ll be spending some time ahead of the October 2020 deadline looking at the fraud issues affecting fuel merchants and how these might change through the final quarter of this year.
Rebirth of The High Street: An Unintended Consequence of COVID-19?
You don’t know what you’ve got until it’s gone. How true that is right now for the U.K.’s High Street (or for that matter local retailers in communities around the world) and our desire to shop.
Merchant Considerations for Protecting Payments During the COVID-19 Crisis
As the spread of COVID-19 continues to impact businesses of all shapes and sizes in unprecedented ways, the power of payments has never been clearer. Drastic increases in online transaction volume and the need for essential in-store payment processing create new challenges for online and brick-and-mortar retailers alike. Here are a few ways that merchants can protect their business – from the perspective of payment processing and fraud mitigation – during this uncertain time.
Positioning PSPs for Success in 2020: Scalability, Flexibility and Globality
We used to say that NFRs (non-functional requirements) such as scalability and availability didn’t really make for attention-grabbing headlines, but in fact, 2019 has shown us that these NFRs are often not far away from the biggest stories. A major outage or downtime – be it for bank or merchant – makes headlines in its own right, but we’re increasingly seeing a clear link between NFRs and a company’s growth trajectory. Those companies that are generating positive awareness from their ambitious global expansion plans, innovative customer experiences, or unique approach to fighting fraud – they are achieving this off the back of technology solutions that deliver world-class non-functional requirements. Scalability, flexibility and globality underpin these growth stories – and this message comes out clearly in speaking with some of our leading payment service providers (PSPs), which are supporting the growth of thousands of merchants around the world.
Three Merchant Payment Trends to Watch in 2020
In 2019, merchants everywhere were challenged by pressure from new entrants, the continued breakdown of traditional industry boundaries and growing customer preference for a digitally-led or digitally-influenced purchasing experience.
Learn How to Claim a Greater Slice of the Mobile Payments Pie
U.S. Wireless Players: $14.3B is at stake – are you in?
Mobile commerce is thriving as consumers seek out convenient, quick and secure shopping experiences. And transaction growth on mobile devices is outpacing traditional desktop and in-store channels, aided by click and collect and one-click purchasing trends. For U.S. telcos, the message is clear: proactively add value to the payments process, or risk missing out on increasing your portion of the growing mobile payments market.
How to Survive Black Friday and Cyber Monday… and Provide a Great Consumer Experience
As Black Friday and Cyber Monday approach, shoppers and merchants alike await amazing deals and a welcome boost in sales, respectively. I took a moment to speak with two of ACI’s merchant payments and fraud experts, Andrew Marshman (merchant payments lead, Europe) and Erika Dietrich (VP, Global Fraud Prevention Risk Services) about what merchants need to know as they head forth into one of the biggest shopping seasons of the year.
Strong Customer Authentication in Australia: Reducing CNP Fraud and Streamlining eCommerce Payments
Minimizing fraud without harming the customer experience can be done – using the right tools
In 2017-18, card-not-present (CNP) fraud cost Australian eCommerce AUD $478 million and accounted for some 85 percent of all fraud on Australian-issued cards1. In 2016, CNP fraud in Europe represented 70% of all card fraud2. Seriously uncomfortable numbers.