Are You Being Outsmarted by Fraudsters When it Comes to EMV?
Organized crime rings have October 1 circled on their calendars. Do you?
If you’re a merchant or retailer, you have other days like November 27 and December 24 engrained in your mind, marked on your smart phone and on the calendar hanging in your break area. It’s time to add another date to your list, because chances are good that if you’re not using terminals capable of processing chip-enabled card payments by the EMV compliance deadline of October 1, you’re painting a big target on your back for the world’s most sophisticated data thieves to hit.1
In EMV Deadline, Data Thieves See an Opportunity
Stopping fraud has always been a game of cat and mouse, with retailers more often reacting to data thieves than nabbing them. Fraud didn’t become a $5.5 billion global industry because hackers are lucky. Fraudsters are highly intelligent. Their operations are sophisticated and they’re smart about who they target. They’ll swipe data from retailers still operating mag-stripe only terminals and then use that data to make fraudulent purchases online.
The impending EMV compliance deadline of October 1 promises to create acrimony between banks and merchants, leaving an opportunity for thieves to take advantage of merchants that haven’t yet updated their terminals, certified their software or trained their employees on how to process chip-enabled card payments. Yet, if the recent, massive data breaches experienced by high-profile retail giants taught us anything, it’s that the cost of losing the public’s trust in the safety of your shopping experience can be devastating. Those breaches stand as a warning to non EMV-compliant merchants and signal the need to invest in EMV compliance as one of the necessary protocols to put in place to guard against fraud.
What History Tells Us
Introduce a new wrinkle into the payments process to make it safer and it’s a sure bet that in a matter of time, thieves will figure out how to change their behavior to maintain their income. Such has been the case with EMV in its UK rollout. Chip-and-PIN implementation in the UK gained traction in 2004 and within two years had reached near full migration. At the end of August 2006, 99.8 percent of chip transactions were PIN-verified.
Tracked over a ten-year period from 2004 to 2014, card-not-present (CNP) fraud soared in the UK as sophisticated thieves were forced to replace their traditional domestic counterfeiting and card-present fraud activities. If past history is any indication, a similar rise in CNP fraud should be expected in the U.S. over the coming years; taken together with an ongoing growth in eCommerce transactions, it would appear that a perfect storm is shaping up to hit the payments industry in the U.S.
And it’s not just about CNP fraud. We also saw other fraud behavior here in the UK in the post EMV environment. In some cases, domestic fraudsters who didn’t target CNP fraud or engage in cross-border fraud moved instead to account takeover and online banking fraud to get access to genuine cards, enabling them to continue with their domestic spending sprees.
Not Just a Brick and Mortar Issue
EMV isn’t just a mandate which impacts the issuance of plastic cards and in-store point-of-sale systems. Although online retailers have always assumed liability for transactions given the lack of physical touchpoints, their potential for loss gets larger with EMV when the fraudsters switch tactics now that physical stores have stronger fraud prevention systems in place at the in-store terminal level. Pure play eCommerce merchants (or E-tailers) have as much to lose if not more, given the fact that all of their business comes from the CNP channel.
Smart Merchants Will Make the Safe Move
When it comes to EMV compliance and outmaneuvering data hackers and fraudsters, merchants are at the tip of the spear. They have to discern what the payment experience will be like in their stores and how they will engage customers who are frustrated by the new payment experience. Merchants will bear the brunt of customer frustration, confused employees and eager thieves. Non EMV-compliant merchants will also shoulder the liability that used to fall to payment processors and issuing banks for fraudulent transactions.
In the unending effort to stay a step ahead of fraudsters, EMV compliance and CNP fraud detection and prevention are the safest and smartest moves a merchant can make. Are you ready?
This is the fourth post in a new series on EMV. Catch up on past posts below.
1. Peterson, T., Fishman, J. EMVelocity: Outlook for POS Reterminalization and Mobile Payments. Aite Group, January 2015.
Related Blog Posts
Request for Payment and Other Real-Time Payments Trends That Will Shape 2020
In 2020, the conversation around real-time payments will increasingly be about what banks can do with real-time, as they move beyond setting up to support real-time payments schemes. New use cases will emerge – but there are a few main trends that are likely to shape the direction of real-time in the year ahead.
2020: The Year of (Near) Cashless Transactions?
Happy belated New Year and raise your hand if you make and/or follow New Year’s resolutions. I used to and then realized they were exercises in futility. But, over this past holiday, I thought I’d give the resolution game one more shot. This one was more a realistic goal than it was a resolution, but who can really tell the difference anyway!?! I decided to go cashless over the holidays, which can still be somewhat challenging for many in the US (though my friends in other countries are probably ridiculing me right now). I was traveling (to NYC and Florida) and wanted to pack as little as possible (in both my luggage and my wallet). I’m all about loyalty card points these days, hence the 2 back-to-back trips.
Three Merchant Payment Trends to Watch in 2020
In 2019, merchants everywhere were challenged by pressure from new entrants, the continued breakdown of traditional industry boundaries and growing customer preference for a digitally-led or digitally-influenced purchasing experience.
The Invisibility Cloak of Payments: What Are the Consequences?
If you could pick any superpower, what would you pick? Children often pick "invisibility.” Oh, the possibilities of being invisible! What fun! You can walk into a candy store and take all the candy you want, you can stay downstairs late with your parents and listen to what they’re saying, you can sneak out without anybody noticing… But when you think about it, there are also disadvantages that come with this superpower.
Looking Back at Money20/20 USA: Where Do We Go From Here?
Now that the dust has settled on another successful Money20/20 USA in Las Vegas, it allows for a moment of reflection on what some of the announcements and trends mean for the ever-changing financial industry. Discussions spanned a variety of topics, including the future of international and digital expansion of PSPs, how organizations developing cryptocurrency wallets plan to enter the payments space, and how challenger banks plan to revolutionize the banking experience. Inclusivity was a recurring theme throughout – and nowhere was this more evident than in the Rise Up program.
2020 Fraud Predictions: What to Expect Across the Globe as Cybercrime Evolves
Our payment experts take stock of the trends that shaped 2019 and make their predictions for where they see the industry heading in 2020.
I sat down with our own fraud experts, Marc Trepanier, principal fraud consultant for North America, and Giselle Lindley, principal fraud consultant for APAC, to get their thoughts on what we can expect in the year ahead around payments fraud.
Real-Time Payments Hits Its Stride in the U.S.
The recent announcement of FedNow in the U.S., the launch of cross-border services like SWIFT gpi, and multiple real-time payment systems including The Clearing House’s (TCH) RTP system and Zelle underline the fact that real-time payments are here to stay. The need to deliver real-time payment services to customers has never been more pressing for banks, credit unions, processors, acquirers and fintechs. However, the U.S. payments ecosystem – and its infrastructure – must keep pace with global markets to remain competitive, and interoperability between real-time payment systems will be key.
Deep Dive: Latin American Fintech Market (Part 2)
To support fintechs’ development and create a more inclusive financial system, governments across the Latin American region should adopt different regulations. Some good practices implemented in other countries, like the U.K. or Singapore, could also be adopted in Latin America, such as temporary exemptions on fintech authorizations on behalf of regulating entities, or the creation of temporary regulation sandboxes in which fintechs can operate, evaluate their business models and offer their innovative products in supervised environments.
Women in Payments: “Make Failure Your Fuel”
ACI’s Darcy Locke, new business development principal, was recently appointed Chair of the American Financial Services Association (AFSA), Business Partner Board. During her two-year term, Darcy will preside over the AFSA Business Partner Board meetings, and concurrently serve as a member of the AFSA Board of Directors and Chair of the AFSA Business Partner Task Force.