Are You Being Outsmarted by Fraudsters When it Comes to EMV?
Organized crime rings have October 1 circled on their calendars. Do you?
If you’re a merchant or retailer, you have other days like November 27 and December 24 engrained in your mind, marked on your smart phone and on the calendar hanging in your break area. It’s time to add another date to your list, because chances are good that if you’re not using terminals capable of processing chip-enabled card payments by the EMV compliance deadline of October 1, you’re painting a big target on your back for the world’s most sophisticated data thieves to hit.1
In EMV Deadline, Data Thieves See an Opportunity
Stopping fraud has always been a game of cat and mouse, with retailers more often reacting to data thieves than nabbing them. Fraud didn’t become a $5.5 billion global industry because hackers are lucky. Fraudsters are highly intelligent. Their operations are sophisticated and they’re smart about who they target. They’ll swipe data from retailers still operating mag-stripe only terminals and then use that data to make fraudulent purchases online.
The impending EMV compliance deadline of October 1 promises to create acrimony between banks and merchants, leaving an opportunity for thieves to take advantage of merchants that haven’t yet updated their terminals, certified their software or trained their employees on how to process chip-enabled card payments. Yet, if the recent, massive data breaches experienced by high-profile retail giants taught us anything, it’s that the cost of losing the public’s trust in the safety of your shopping experience can be devastating. Those breaches stand as a warning to non EMV-compliant merchants and signal the need to invest in EMV compliance as one of the necessary protocols to put in place to guard against fraud.
What History Tells Us
Introduce a new wrinkle into the payments process to make it safer and it’s a sure bet that in a matter of time, thieves will figure out how to change their behavior to maintain their income. Such has been the case with EMV in its UK rollout. Chip-and-PIN implementation in the UK gained traction in 2004 and within two years had reached near full migration. At the end of August 2006, 99.8 percent of chip transactions were PIN-verified.
Tracked over a ten-year period from 2004 to 2014, card-not-present (CNP) fraud soared in the UK as sophisticated thieves were forced to replace their traditional domestic counterfeiting and card-present fraud activities. If past history is any indication, a similar rise in CNP fraud should be expected in the U.S. over the coming years; taken together with an ongoing growth in eCommerce transactions, it would appear that a perfect storm is shaping up to hit the payments industry in the U.S.
And it’s not just about CNP fraud. We also saw other fraud behavior here in the UK in the post EMV environment. In some cases, domestic fraudsters who didn’t target CNP fraud or engage in cross-border fraud moved instead to account takeover and online banking fraud to get access to genuine cards, enabling them to continue with their domestic spending sprees.
Not Just a Brick and Mortar Issue
EMV isn’t just a mandate which impacts the issuance of plastic cards and in-store point-of-sale systems. Although online retailers have always assumed liability for transactions given the lack of physical touchpoints, their potential for loss gets larger with EMV when the fraudsters switch tactics now that physical stores have stronger fraud prevention systems in place at the in-store terminal level. Pure play eCommerce merchants (or E-tailers) have as much to lose if not more, given the fact that all of their business comes from the CNP channel.
Smart Merchants Will Make the Safe Move
When it comes to EMV compliance and outmaneuvering data hackers and fraudsters, merchants are at the tip of the spear. They have to discern what the payment experience will be like in their stores and how they will engage customers who are frustrated by the new payment experience. Merchants will bear the brunt of customer frustration, confused employees and eager thieves. Non EMV-compliant merchants will also shoulder the liability that used to fall to payment processors and issuing banks for fraudulent transactions.
In the unending effort to stay a step ahead of fraudsters, EMV compliance and CNP fraud detection and prevention are the safest and smartest moves a merchant can make. Are you ready?
This is the fourth post in a new series on EMV. Catch up on past posts below.
1. Peterson, T., Fishman, J. EMVelocity: Outlook for POS Reterminalization and Mobile Payments. Aite Group, January 2015.
Related Blog Posts
Payments and Fraud: The Paradox Twins
Digital commerce through web and mobile is where merchants predominantly experience shopper growth today. This has become a hugely important domain for their focus. It offers a means for international growth, new market penetration and a way to engage with shopper-hungry Millennials in their culture. Merchants frequently adopt a Digital-First, eCommerce-First or Mobile-First strategy to ensure full corporate buy-in to this strategy.
Open Payments Systems for Merchants: Don't Close Down Your Options
Remember “Open Systems”?
It was a big industry nom du jour in the 80s and 90s. Every IT system had to be open and therefore flexible and future-proof. Nobody can argue with the logic behind this; making systems easy to integrate with other systems, ensuring vendors could cooperate with one another; creating agility to improve time to market and drive down costs.
Why It’s Time for Women to Rise UP
As a senior software engineer at ACI Worldwide, Rawan Shawar helps to guide her team’s priorities and enhance processes at both the team and organizational level. Recently, Rawan was selected by the organizers of Money20/20 Asia to be part the Rise Up Class of 2019.
Can Digital Payments Be Kind?
There is no doubt that the era of less (or minimal) cash is truly upon us. According to the Access to Cash Review, cash could fall to just 10 percent of all payments in the UK within the next 15 years.
Other countries, such as Sweden, have already seen significant changes – cashless payments have grown so quickly that only 10 percent of the 20 SEB banks in Stockholm now hold cash. Beyond Europe, China is leading the way with USD$12.8 trillion in mobile payment transactions in 2018.
Keeping Up With Fraudsters: A Month Isn’t Enough
As the Government of Canada campaigns for improved fraud prevention and awareness this month, I’d like to do my part as a fellow Canadian, and shed some light on why payments need to stay a step (or more) ahead of fraudsters, today more than ever.
Local Perspectives: Real-Time Realities Across Asia-Pacific in 2019
Money20/20 Asia returns to Singapore this week, attracting payments professionals from around the vast APAC region – and beyond. The real-time and open imperative is one of the reasons why all eyes are on Asia-Pacific when it comes to payments, so I caught up with ACI payments experts representing three of the key countries within the region, to take the pulse of real-time schemes that are in varying stages of maturity.
What it Takes to be an ‘Influential Woman in Payments’ [Q&A]
Coming off the back of International Women’s Day this past weekend, PaymentsSource has recognized the Most Influential Women in Payments, spanning multiple industries including financial services, retail, investment and technology. Among the honorees is ACI’s very own Carolyn Homberger, group president, global sales. Part of the executive leadership team at ACI, Carolyn leads a team of payments professionals operating across all global regions, and plays a critical role in setting business strategy. As an advocate for the leadership and growth of women in the payments industry, Carolyn is also responsible for launching ACI’s own Women’s Initiative.
What We Talk About When We Talk About Digital Transformation
The recent headline grabbing announcement that Banco Santander has signed a USD $700M contract with IBM got me thinking… what’s up with ‘Digital Transformation’ these days? Santander’s announcement was all about digital transformation… and they are a forward-thinking bank. The new global technology agreement is designed to increase efficiencies in the bank’s operations, enable it to be more innovative and deliver new products, faster. But not every bank can pony up $700M and not every bank has suitable technology in place. It got me thinking, what is actually needed for digital transformation?
Putting Malaysia on the Path to Payments Innovation
The public launch of the DuitNow instant credit transfer service, in December 2018, provides just a taste of what lies ahead as Malaysia’s Real-time Retail Payments Platform (RPP) is progressively rolled out. Fueled by Bank Negara’s (BNM) increasing support for e-payment platform development, there has been a steady increase in mobile wallet and digital payment usage, setting the stage for 2019 to be a year of transformation for the payments industry in Malaysia.
What Can the Re-Regulation of Other Industries Tell Us About Open Banking One Year On?
UK Open Banking just reached its first birthday milestone (on January 13 to be precise) and given my own commentary – including in the ACI blog – on this topic, the first anniversary of Open Banking in the UK certainly won’t pass without a debrief on the progress that’s been made and what challenges lie ahead.