EMV Adoption Increases Card-Not-Present Fraud

With great fanfare the ominous October 1st deadline for the EMV liablity shift came and went.  There was lots of noise about what it means for merchants, what it means for fraudsters and what it means for consumers. By all accounts, implementation of the new liability rules is set to put a big and needed damper on fraud for card-present transactions.  However,  for all the good it does and protection it provides, experience from other nations shows one undeniable fact: Card-not-present fraud is likely going to increase.

Show Me the Numbers!

As The figure below shows.  In the United Kingdom, even as counterfeit purchases went down, card-not-present fraud skyrocketed from 30% of all fraud to 65% of all fraud.

Card Fraud in the UK_2001to12

Why will Card-Not-Present-Fraud Increase?

There are three primary reasons for this large jump in % of Fraud that is coming from card-not-present transactions.

1. Easier to commit fraud

This is the more frightening reason.  Fraudsters have decided it’s easier to scam card-not-present merchants than in-store merchants.  The main reason for this is simple: all the smart card technology in the world doesn’t matter, if there is no way to verify it.

Evidence from Australia show that 6 years after the EMV liability shift occured card-not-present fraud increased in dollar amounts from approximately $30 million dollars per years to $225 million dollars per year.  France had a similar experience.  Based on these and other countries experiences, experts predict a 20% increase in CNP fraud in the United States once the EMV technology is widely adopted. Full data are in the graphs below.

2. Ecommerce is booming

It’s estimated that global ecommerce is set to grow by 25% in 2015 alone.  Even if the percentage of CNP fraud remains the same, we can expect to see an increase in total numbers, because there will be more opportunities for scammers.

3. Less counterfeit fraud, but no decrease in card-not-present fraud

The number of incidence of counterfeit fraud decreased by 30%, which means that even if card-not-present fraud maintained the same number of incidence, the total number of fraudulent transactions went down, so the % of fraud that came from card-not-present transactions went up.

 

Change in Credit Card Fraud by Type in Australia

Change in fraud after emv liability shift in australia

Click image to view larger version

Change in Credit Card Fraud by Type in France

Change in fraud after emv liability shift in australia

Click image to view larger version

How can CNP Merchants Protect themselves?

Use the CNP Authentication Factors

Luckily there are simple and economical things that a merchant can do to reduce CNP fraud.  The most important of these would be to increase the scrutiny of these transactions and have a robust method to authenticate purchaser identity.  There are three authentication factors merchants generally use.

  1. An ownership factor: This is something the person owns and has, such as their credit card or their IP address.

  1. A knowledge factor: This is something the person knows, such as their PIN, their billing address or their security questions.

  1. An inherence factor: This is something the person is or does, such as a fingerprint or a signature.

Ideally, authentication is verified and approved when two or all three factors are provided correctly.  But in transactions where the card isn’t present, it generally means that the person isn’t present, so there is currently no realistic way to get a fingerprint of signature.  Luckily there are multiple knowledge and ownership factors that can be used instead.

CNP Authentication Methods

Organiations such as the Smart Card Alliance and EMC have been working to prepare the market for the prospect of increased fraud on CNP transactions.  In a white paper that the Smart Card Alliance recently released, the authors highlighted the need for both security and ease of implementation.  They know that merchants aren’t in the business of internet security, so solutions need to be practical.  Some methods and tools for implementing verification are to:

  • Continue PCI compliance and follow the specific rules for data security and management

  • Verify card security codes

  • Use an address verification service (AVS)

  • Analyze priority shipping requests (especially if free shipping is offered)

  • Validate unusual orders from repeat and regular customers

  • Confirm the phone number and transaction information before shipping products

  • Take advantage of fraud prevention services available from credit card companies such as Verified by Visa or MasterCard SecureCode

Putting in place a practical and sustained authentication systems will reduce your business risk and give customers the comfort of knowing that purchases are easy to make and that their sensitive financial information is well-protected.   Establishing trust and reinforcing secure experiences will go a long way in creating positive reputation for your brand that will help you grow.

Now that the deadline for EMV liability shift has come and gone, we know what lies ahead; less counterfeit fraud and identity theft, but more card-not-present fraud.  We must all do our part to create secure authentication protocols that will keep scammers and fraudsters at bay and consumers happy.

Durango Merchant Services is dedicated to delivering cutting edge technology and maintaining industry leading security standards for all our merchants. Click here to learn about the Durango difference and how we can help secure your eCommerce or MOTO business against credit card fraud.

Apply Now For a Merchant Account!