EMV-pocalypse (EMV-geddon?)

Posted by Rurik Bradbury on July 8, 2015

October 2015 will be an important month for retailers. It’s the deadline for merchants to upgrade their point-of-sale terminals to EMV-compliant machines, or else they’ll be held responsible for fraudulent transactions. 

After this, merchants which don’t support payment cards with embedded chips will be liable for fraud in stores, and merchants will see fraud costs skyrocket. While the mandate has been a long time coming, it may lead to a few surprise repercussions: 

  • The merchants who are not ready will be hammered by fraud, which they are not used to dealing with in-store (it has been the bank’s problem until now)
  • In-store fraud will go down for most retailers, as cards with chips are much harder to counterfeit
  • Online fraud will rise dramatically, as fraudsters shift their approach to exploit the weakest target
world-map-fraud-after-EMV

Is this real or doom-mongering?

Sadly, it is real. Most countries have already migrated to EMV transactions, and the data shows clearly that merchants abroad saw a major spike in e-commerce fraud. By almost all estimations, the US’s move to EMV will lead to massive increases in e-commerce fraud, perhaps even more so than countries like the UK and Australia.

In the UK, between 2005 -- when EMV was adopted -- and 2008, CNP fraud rose by 79%, according to a study from the Aite Group. In Australia, CNP fraud went from $72.6 million AU in 2008 to $198.1 million AU in 2011 – a 100% rise in CNP fraud in three years. A similar spike occurred in Canada after it migrated to EMV terminals as well. 

What causes this rise?

EMV greatly reduces the impact of in-store fraud, as the new cards with embedded chips generate a unique token for each transaction – making them difficult or impossible to counterfeit. This suddenly makes the digital world, where only the card digits and CVV are used, and the chip cannot help, a much more lucrative target for fraudsters than in-store retail.

In fact, e-and-m-commerce is growing so quickly that some experts think that CNP fraud would grow even if the US wasn’t implementing EMV in October. According to a report from Javelin in December 2014, the e-commerce market is a miniscule 8.5% of total US electronic transaction, but accounts for 49% of all transaction fraud. As the volume of transactions made online grows past 10% over the next three years, Javelin thinks the CNP fraud will rise exponentially.

Whether merchants should be blaming the EMV shift for a rise in e-commerce fraud isn’t the point; the point is e-commerce and CNP fraud in the US is due to increase rapidly and the best way to combat e-commerce fraud is to start working on the problem ahead of time. As we saw with the Target breach, adding new countermeasures to prevent fraud work best when they’re added well in advance. With the EMV shift in October and the holiday season right around the corner, now is the best time to upgrade your technology to combat the impending rise of e-commerce fraud.

 

Topics: fraud, CNP fraud, EMV