When One Door Closes, Fraudsters Find a Window
July 4, 2016
The introduction of EMV credit cards in October 2015 substantially decreased the amount of in-person, card-present credit card fraud in our economy. Along with the EMV upgrades to merchant point-of-sale systems and consumer cards, new rules about the liability of credit card fraud were also integrated.
Credit card liability rules now mandate fraud liability falls on whichever party is not using EMV technology. If the consumer card was not chipped, the liability falls on the card issuer. If the merchant does not have an EMV reader, the liability rests on the merchant.
Despite these updates, fraudsters have found a way around EMV chips. Criminals are even better at capturing the PIN numbers associated with credit cards allowing them to exploit the main vulnerability with EMV tech—through card-not-present, or online, transactions.
Similar to traditional magnetic strip credit cards, the only information required from an EMV card during online purchases is the credit card number. If a thief is able to obtain your number, through online hacking or “shoulder spying,” it can still be used for web or phone-based transactions.
Even though merchants are enjoying a decrease in card-present credit card fraud, we are witnessing a significant increase in the amount of card-not-present credit card fraud via online purchases. Fraudsters saw their window of opportunity for perpetuating fraudulent credit card activity and took it.
Online fraud attacks increased by more than 200 percent during 2015. From the beginning of the year (pre EMV) to the end of the year (post EMV), the incidents of fraud during online transactions tripled.
Merchants offering luxury and digital goods saw the highest spike in fraudulent online attacks. For online luxury goods merchants—fraudulent activity doubled; for online digital goods merchants—fraud quadrupled.
The problem with EMV credit cards is they don’t offer a definitive end to the issue of credit card fraud. Instead, criminal activity has just shifted to e-commerce.
The liability rules for fraudulent card-present transactions does not extend to online retailers. Web-based merchants, not the card issuers, are still responsible for paying the majority of fees associated with card-not-present fraud transactions.
With criminals overcoming security measures as quickly as we develop them, is it possible to outsmart fraudsters? Will we ever see the end of credit card fraud?
Mark Horwedel, the CEO of the Merchant Advisory Group, doesn’t think so. Even if additional safeguards, such as CVV number prompts, are implemented during online transactions, thieves will find a way to hack this information as well.
Horwedel points to economies in Europe where EMV cards have been present for several years. Despite efforts to curb fraudulent activity via CVV codes or PIN numbers—online fraud attacks remain a persistent issue for merchants.
EMV technology has provided store-front retailers with a solution for card-present credit card fraud. However, a solution has yet to be discovered for online credit card fraud.
Unfortunately for merchants, financial institutions and consumers, the area of e-commerce is increasingly vulnerable to fraudulent activity. Regardless of the tech advancements or security measures in place, as long as consumers prefer transacting with credit cards and criminals remain persistent, we will continue being susceptible to fraud.
Business & Finance Articles on Business 2 Community
(17)