Will chip-and-PIN cards in the US mean more e-commerce fraud?

Posted by Pat Phelan on August 5, 2014


The US is finally getting on board with EMV cards: so-called "chip-and-PIN" credit or debit cards that use a terminal and a typed PIN code, instead of a magnetic stripe and signature. They are due to be implemented by most merchants in the US before the end of 2015.

For people in the US who haven't experienced them abroad, you pay by inserting your card with chip into a small console, then typing your PIN number. It's much more secure, in-person, than a magnetic swipe that can easily be "skimmed" by someone with nefarious intentions. EMV cards have reduced in-store fraud substantially in the countries where they've been implemented.

But "Card Not Present" (CNP) fraud -- typical for e-commerce -- is a different story. Evidence shows that CNP fraud often increases as EMV cards are introduced, presumably because fraudsters don't just give up their life of crime, but often switch to other approaches. Business Insider covered this issue in May, and the time for EMV in the US is getting closer.

A chip and PIN credit card does not add security for an online transaction (for that we of course recommend our advanced anti-fraud technology) and the pattern in other countries is that e-commerce fraud increased significantly after EMV cards launched.

As a market similar to the US in many ways, it is interesting to look at the UK, and how CNP fraud spiked almost 80% in the three years after chip-and-PIN cards were introduced. It then went down, as retailers brought in counter-measures, but still ended up higher than it had been before EMV cards came onstream. Will be interesting to see whether the same pattern occurs in the US.

Topics: Identity