The EMV liability shift is a big step forward in helping to solve the problem of card-present fraud and a foundation for managing overall industry risk. The reasons for moving to EMV in the U.S. are clear – rates of credit card fraud, where the EMV standard is newly implemented, are reported to be twice as high as in countries that adopted the EMV standard years ago.

Fraudsters will always attack the path of least resistance with the highest return, which makes the U.S. a perfect target for counterfeit card-present fraud. It is well-documented in post-EMV migration countries that fraudsters will shift their focus to e-commerce as EMV starts to penetrate the market. In the U.K., online fraud rose 79% in the first three years after the country switched to chip cards. In Australia and Canada, rates of online fraud more than doubled, according to Aite Group's June 2014 report, "EMV: Lessons Learned and the U.S. Outlook." The online space is attractive as there is no equivalent type of EMV protection for transactions that occur in these environments. Stolen card credentials can still be used as PINs and embedded chips are not required in online transactions. However, that doesn't mean there is nothing online merchants can do to manage their fraud risks.

While the motives for fraud are simple, the execution of fraudulent activities can be complex. Payment fraud is the act of stealing, storing or selling financial data for counterfeit use. In card-present environments, this is traditionally accomplished through a physical tampering of the payment terminal, i.e. card skimming, or by infiltrating a merchant's network with malicious software that collects card data. Once the data is collected and remotely retrieved, the cards can be physically counterfeited and used in non-EMV environments or online. Online merchants without any fraud tools can also be subject to card testing attacks in which fraudsters check zero or low-dollar amounts to ensure the stolen card is still active with the issuing bank.