The EMV liability shift is a big step forward in helping to solve the problem of card-present fraud and a foundation for managing overall industry risk. The reasons for moving to EMV in the U.S. are clear – rates of credit card fraud, where the EMV standard is newly implemented, are reported to be twice as high as in countries that adopted the EMV standard years ago.
Fraudsters will always attack the path of least resistance with the highest return, which makes the U.S. a perfect target for counterfeit card-present fraud. It is well-documented in post-EMV migration countries that fraudsters will shift their focus to e-commerce as EMV starts to penetrate the market. In the U.K., online fraud rose 79% in the first three years after the country switched to chip cards. In Australia and Canada, rates of online fraud more than doubled, according to Aite Group's June 2014 report, "EMV: Lessons Learned and the U.S. Outlook." The online space is attractive as there is no equivalent type of EMV protection for transactions that occur in these environments. Stolen card credentials can still be used as PINs and embedded chips are not required in online transactions. However, that doesn't mean there is nothing online merchants can do to manage their fraud risks.
While the motives for fraud are simple, the execution of fraudulent activities can be complex. Payment fraud is the act of stealing, storing or selling financial data for counterfeit use. In card-present environments, this is traditionally accomplished through a physical tampering of the payment terminal, i.e. card skimming, or by infiltrating a merchant's network with malicious software that collects card data. Once the data is collected and remotely retrieved, the cards can be physically counterfeited and used in non-EMV environments or online. Online merchants without any fraud tools can also be subject to card testing attacks in which fraudsters check zero or low-dollar amounts to ensure the stolen card is still active with the issuing bank.
Recommended For You
Merchants do have options when it comes to selecting tools to help manage the growing problem of online fraud. At the most basic level, all online merchants should adopt Card Verification Data, otherwise known as the three secret digits on the back of credit cards. This offers a basic level of protection and is low friction during the checkout process. The card brands also offer variations on 3D Secure, a consumer authentication process that involves static or dynamic passwords. Although the card brands are evolving their fraud tools to remove as much friction from the checkout process as possible, adoption is still low.
The highest levels of fraud tools or transaction risk scoring is provided today by third parties, either embedded in the acquirer, processor or independent online gateways, or integrated directly with the merchant. These are highly sophisticated tools that include everything from geography, Internet Protocol address, velocity, and email and social verification, and can be further fine-tuned to meet merchants' individual needs. A great deal of flexibility can be offered depending on the size and sophistication of the merchants' fraud department, or lack thereof. There truly is a size for every merchant.
In this game of attack and defense between fraudsters and the payments industry, both sides have evolved, both sides have advanced and both sides continue the battle. The growth of mobile payments is also evolving those fraud tools – new rules and scores are needed when transacting in mobile, such as behavioral biometrics and multi-device fingerprinting. While we know it is impossible to eliminate fraud altogether, it can be properly managed.
Join us at Credit Union Times' Fraud: Don't Let It Happen To Your Credit Union Conference, where you will find the latest tools and techniques for preventing fraud and data breaches; strategies for responding in the immediate aftermath and best practices for restoring reputation, financial stability and information security. This two-day conference is designed for credit union executives, boards of directors and those responsible for your credit union's cybersecurity policy. Register to attend and save $150.
Karen Cox is vice president, product for Moneris. She can be reached at 416-734-1000 or [email protected].
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
