As EMV chip migration is implemented for U.S., card-presenttransactions, fraudwill “shift to other types of card payments with weakerauthentication protocols,” according to a new EMV Migration Forumwhite paper.

|

The white paper, “Near-Term Solutions to Address the GrowingThreat of Card-Not-Present Fraud,” based its conclusion onhistorical precedence in other countries evolving to EMV. As EMVsecures face-to-face or card present transaction card-not-presentpayments—Internet, mail order and telephone order—sometimesreferred to as IMOTO become a weak link in the defenses againsttransaction fraud.

|

For example, the move to EMV payments in the U.K. left IMOTOauthentication unchanged. IMOTO fraud grew rapidly from the startof EMV deployment in 2003 until it peaked in 2008. Beginning in2008, IMOTO fraud declined for several years as merchantsimplemented more secure authentication protocols for Internettransactions and as magnetic stripe-only locations in continentalEurope decreased. Data from the U.K., France and Australia2show that CNP fraud also became a larger portion of overall fraudduring and after their EMV chip conversions.

|

“As the U.S. migrates to EMV chip technology, it's importantthat the payments industry makes a concerted effort to protectagainst the redirection of fraud from in-store to thecard-not-present channel,” Randy Vanderhoof, EMV Migration Forumdirector said. “No single security mechanism can protect againstall possible fraud scenarios. Instead, the best practice to protectagainst card-not-present fraud is to use a systematic,multi-layered approach using tools that work together to create asuccessful fraud reduction program.”

|

Techniques and best practices discussed in the white paper tosecure the CNP channel include,

  • Authentication methods: Device authentication; one-timepasswords; randomized PIN pads and biometrics;
  • Fraud tools: Proprietary and transactional data used for fraudanalysis and risk management, and validation services;
  • 3-D Secure: Messaging protocol that enables real-timecardholder authentication during an online transaction; and,
  • Tokenization: A technique, which replaces card data withsurrogate values (i.e., “tokens”) that are unusable by outsidersand have no value outside of a specific merchant or acceptancechannel.

Meanwhile, a report issued recently by analyst firm Mercatoralso suggested that the change to chip cards might not diminishfraud, but just push criminals towards different fraud.

|

“Unless the payment industry tackles other growing concerns likelost and stolen card fraud, overall fraud losses will continue tospiral up toward pre-EMV levels,” the report said.

|

While EMV migration efforts in the U.S. are taking place, fewerthan one in 10 credit cards in circulation were EMV-equipped as ofmid-January, according to a survey of 20 issuers conducted by theAuriemma Consulting Group. While this number is expected toincrease throughout 2015 — issuers are targeting 50 to60% penetration by October — projections are tied tolarge-scale advances in merchant acceptance that have yet tooccur.

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

  • Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
  • Exclusive discounts on ALM and CU Times events.
  • Access to other award-winning ALM websites including Law.com and GlobeSt.com.
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.