In the wake of last week’s EMV fraud liability shift, industry experts are looking ahead to how this major payment system change will impact fraud in the U.S.
An Oct. 1 webinar from Fiserv and American Banker examined how fraudsters may respond to the introduction of chip card payment technology in the U.S. and what we can expect to happen to fraud losses as a result. The speakers, vice president of Global Market Strategy Andrew Davies and fraud industry expert Frank McKenna, shared both good and bad news.
Let’s review the good news first: The implementation of EMV in other countries has proven to reduce counterfeit fraud losses.
In fact, Europe saw a $103 million decrease in card skimming fraud losses between 2008 and 2009 after switching to chip card payment technology, according to data cited from Interac Association, a Canadian electronic payment systems network.
The United Kingdom, in particular, has seen a reduction in both counterfeit and lost/stolen card fraud expenses post-EMV migration. In 2002, counterfeit fraud costs in the U.K. decreased from approximately £39 per 1,000 card transactions to only £4 by 2012. Similarly, the cost of lost/stolen fraud decreased from £29 to only £5 per 1,000 card transactions in the same 10-year period.
In Canada, Fiserv found that EMV implementation cut both debit and credit card fraud from $142 million in 2009 to just $39 million in 2012. Canada began its shift in 2011 and is in the final stages of its changeover.
This slew of statistical evidence is reassuring that the U.S. may also experience a reduction in counterfeit fraud (see chart below for current U.S. fraud rates) as EMV payment technology becomes more commonplace.Those assurances hold even though the EMV cards being adopted in the U.S. primarily use chip-and-signature verification instead of the chip-and-PIN method used in other Western countries.
“No, a chip alone is not as effective as a chip and a PIN,” Davies said. But “I really do believe that chip card technology is the best technology currently available to combat counterfeit fraud.”
However (yes, this is where the bad news comes in), as the aforementioned countries have also experienced, migrating to EMV also causes “fraud mutations.”
Here’s what Davies and McKenna think could happen to the U.S. fraud landscape as chip card technology becomes more commonplace:
- Fraud may migrate to parties that are less protected, such as smaller merchants or banks that haven’t adopted EMV technology.
- Identity theft and card-not-present fraud will increase.
- Consumer deposit accounts (i.e. checking and savings accounts) may be targeted more often.
- Electronic payment fraud may rise.
Overall, thieves will change (or mutate, as the speakers dubbed the activity) their behavior to operate using the weakest link in the payment chain.
As chip cards make it nearly impossible for crooks to reuse in-store payment data, they will instead target less protected sources of payment data, such as e-commerce transactions where, in many cases, full card or account numbers are still present. Or, small retailers that weren’t targeted by card theft before may become targets if the majority of the store’s transaction data is not chip card-encrypted because of an EMV migration delay.
“Having a chip card only addresses part of the fraud problem,” McKenna said during the webinar.
According to data cited from the Federal Reserve Bank of Atlanta, Canada experienced a $47.7 million increase in card-not-present fraud losses between 2008 and 2010.
Counterfeit card losses in the U.K. dropped to 10 percent from 29 percent from 2003 to 2013, but card-not-present fraud losses increased from 29 percent to 67 percent during that same time, according to Fiserv.
The mutations were even worse in Australia. When EMV issuance ramped up in 2006, card fraud cost issuers a little under $100 million. Thanks to a huge increase in card-not-present fraud post-EMV introduction, card issuers lost $262.6 million to fraud in 2012.
Nope, that’s really not good news.
Thankfully, because the U.S. migration to EMV is only partial so far – and not expected to be complete for another couple of years – fraud mutations will not occur overnight. There is time to get ahead of the game.
McKenna and Davies recommended that card issuers put more resources toward identity theft and account takeover resolution, merchants do their best to upgrade their payment systems ASAP and fraud strategists prepare for the ecosystem to change. “We are just in the infancy of understanding how deeply fraud impacts us, but we do know that fraud is growing and changing and that will continue with each decade to come,” Davies said.
Consumers can also arm themselves against fraud mutations. While better fraud protections are being developed for card-not-present channels, here’s how you can keep your payment information safe:
- Change online account passwords often: Stale, easy-to-guess passwords such as “password” could give criminals easy access to your accounts and allow them to make fraudulent transactions — or worse, drain your checking account.
- Shop online with secured, trusted websites: Shop through password-protected Wi-Fi networks when possible and keep your business with e-commerce retailers that boast secured websites.
- Check accounts frequently for strange activity: The sooner you catch fraudulent activity, the easier (and maybe even cheaper) it will be to resolve.
- Check your credit report: Again, the sooner you catch fraudulent activity, the less of a headache it will be to fix and the better chance you have of protecting your credit.