Security

10:55 AM
Paul McMeekin
Paul McMeekin
Commentary
50%
50%

Doubling Down on 'Card Not Present' Fraud

Betting that the EMV shift will push fraudsters online.

I recall a trip to Sin City earlier this year. Whilst in Vegas, I noticed some strange and quirky bets available, or prop bets as the casinos call them. It got me thinking: What would I bet on in the payments world? The Bitcoin exchange? Probably not, as I’ve missed the best part of that bubble!

I would be willing to bet on an increase in card-not-present (CNP) fraud starting in Q4 2015. Not exactly an original thought, so the odds would be ridiculously short, given the experiences of the UK and other markets following the transition to the EMV (Europay, MasterCard, Visa) standard.

[For more of our EMV migration coverage, check out: Sam’s Club Becomes First Major Retailer to Adopt EMV Cards.]

Why bring this up now? When I speak to my non-payment friends about EMV, they have no idea what I am talking about. Even though some retailers seem to be gearing up for EMV, my friends still draw a blank. In the last few months, I have seen more and more retailers with EMV-ready POS terminals. The likes of Costco, Walgreens, and Hy-Vee are all equipped.

However, when I try to use my EMV-enabled card, I get looks of confusion. The general response is, “We aren’t ready to use that,” or “We haven’t been trained yet.” So the lack of awareness amongst my friends is unsurprising.

Yet, they are aware of data breaches and card fraud in general. A recent study conducted by ACI indicated that more than a third of consumers in the US don’t think retailers do enough at physical stores to protect consumers. Conversely, nearly one in five consumers think online retailers don’t do enough to protect their card and account information. Is this differing view of physical and online retailers a result of the brick-and-mortar data breaches in the last two years? Will it change following the implementation of EMV?

The current e-commerce market is worth $430 billion in sales, with year-over-year growth hovering around 12% in the US. The opportunity is ripe and growing for fraudsters to attack the soon-to-be weakest link. After implementing EMV in 2006 (I vividly remember the “I heart Chip & PIN” slogans when I lived in England; it launched on February 14), the UK experienced significant increases in CNP fraud.

So what are the costs in the US today, and what will they be in the future? Industry experts at Aite Group estimate the US suffers from  about $2.9 billion in CNP fraud losses today and project that this will rise to $3.8 billion in 2016, the first full year after the EMV liability shift, and $6.4 billion in 2018. With this expected increase in CNP fraud, will in-store retailers be viewed in a more favorable light? Will consumers turn their anger toward… e-commerce retailers? Quite possibly. It will be interesting to see the study results in 2016.

For now, industry players can take preventive action so they avoid becoming victims of CNP fraud and can still be viewed (more) favorably by consumers than their brick-and-mortar competitors. Are retailers, and in particular e-tailers, willing to risk their brands? Does brand equity get factored into cost-benefit analysis when making preventive decisions? If so, what can they do? There are three strategies they can implement with a proper fraud management and transaction monitoring solution to combat the impending rise in CNP fraud and its associated attacks: Detect account takeover, detect new account fraud, and detect the use of stolen financial account data.

Using my proxy of non-payment friends in follow-up conversations, when I explain what EMV is and what it can and can’t do, they get excited about the added layer of security. When I talk about e-commerce and CNP fraud, they seriously consider if they will shop less online. Ultimately, e-commerce retailers will have to implement something or risk revenue loss, customer attrition, and damaged brands resulting in destruction of shareholder value.

Perhaps my wager should be on which e-commerce retailer will not implement an effective strategy and be the first major CNP victim after October 15. Anybody willing to take a bet?

Paul McMeekin is a big believer in the power of payments and how electronic payments can change the world. He currently heads up the business intelligence and market research function at ACI, a large global payment software provider. Previous roles at ACI include product ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Byurcan
50%
50%
Byurcan,
User Rank: Author
9/8/2014 | 10:24:34 AM
Re: EMV
Though many consumers want things to be both extremely convenient and secure, and don't want to sacrifice any convenience for security. They need to learn to compromise.
Kelly22
50%
50%
Kelly22,
User Rank: Author
9/5/2014 | 6:08:18 PM
Re: EMV
Agreed. It's understandable that banks don't want to inconvenience their customers, but when it comes to security, the customers should really understand that increased security measures are for their own good. 
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
9/5/2014 | 1:00:05 PM
Re: EMV
Two-factor authentication should be ubiquitous by now. I think these kinds of major hacks will help grow customer awareness about the need to opt-in for that kind of authentication to better protect themselves. Nobody wants to force their customer to do a second authentication factor because of customer experience concerns. The customers need to be convinced that it's worth it. Obviously a huge need for customer education there.
paulmcmeekinACI
50%
50%
paulmcmeekinACI,
User Rank: Apprentice
9/5/2014 | 9:03:35 AM
Re: EMV
Now that would be cool!  For banking purposes they could use the cip and give out free terminals so you have two factor authentication. Barclays does it in the UK. It'll be interesting to see what happens and which e-tailers are lagging behind.
Byurcan
50%
50%
Byurcan,
User Rank: Author
9/4/2014 | 5:02:54 PM
Re: EMV
Soon it will be via retinal scan taken by our device's camera.
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
9/4/2014 | 4:12:51 PM
Re: EMV
I woudl think that with all of the cyber fraud news happening right now that they would have to be looking into it. At the very least there has to be another way to verify customers online besides usernames and passwords.
Byurcan
50%
50%
Byurcan,
User Rank: Author
9/4/2014 | 9:38:28 AM
EMV
Thanks for the article, Paul. It is true EMV can't so anything against CNP fraud, it willbe interesting to see if, as you say, online retailers start to pursue new security initiatives. 
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology Oct. 14, 2014
Bank Systems & Technology's new Must Reads is a compendium of our best recent coverage of customer analytics. Learn what big data means for banks, meet Wells Fargo CDO Charles Thomas, find out how to connect with your Gen Y customers, and more.
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.