With large retail chains like Target, Neiman Marcus and Michaels experiencing massive data breaches, U.S. banks and brick-and-mortar merchants face serious pressure to increase credit card security measures by implementing smart card technology.
This shift to more secure card-present transactions at physical, smart-card ready terminals will impact ecommerce sites as fraudsters are stymied at brick-and-mortar stores and turn their attentions to card-not-present (CNP) transactions online.
As smart cards become standard in the U.S., forward thinking ecommerce merchants must prepare for the coming increase in online fraud. Now is the time for software companies to ensure that their fraud prevention system is ready.
Brick-and-Mortar Merchants Face Serious Pressure
EMV smart-chip cards (named for founders EuroPay International, MasterCard and Visa) have become standard in Europe, Asia, Canada and Latin America, and will soon make their way to the U.S. EMV cards have embedded computer chips that are attached to end-users’ personal account information. The cards also have personal identification numbers (PIN) that must be used in order to process transactions. With this increased technology, EMV smart-chip cards are more difficult for hackers to clone, which makes card-present fraud a lot tougher.
As of October 1, American Express, Discover, MasterCard and Visa have all announced plans to shift liability for counterfeit fraud card-present transactions to merchants if they do not have an EMV-enabled point-of-sale device. This means that as physical stores beef up their security measures with smart card technology some fraudsters will shift their focus to the Internet.
Although the chip and PIN security measures help prevent fraud for card present transactions, they don’t provide much added security for the CNP transactions that typify ecommerce. Online merchants can expect traffic, fraud refund rates and chargebacks to increase. Further, fraud screeners will potentially have to screen more manual orders if the online merchant is not prepared.
Impact on Ecommerce
The biggest benefit of EMV is the reduction in card fraud resulting from counterfeit, lost and stolen cards for the card-present environment. When EMV is implemented, card-present chargebacks for fraud and unauthorized transactions will decrease drastically. For instance, card skimming in Canada declined by almost 40 percent in 2011 after a 2010 roll out of EMV.
So what does this mean for online merchants? Well, if fraud from card-present situations is harder to commit, we can safely assume that fraudsters will move to the online and mobile payment space and try to figure out where there are holes to exploit. Online merchants with exploitable vulnerabilities will see an increase in fraud attacks and chargebacks. An increase in chargebacks can lead to more penalties from the card schemes (VISA, MasterCard, etc.). For example, after a certain threshold of chargebacks is reached, a merchant may no longer be allowed to accept payments online through their webstore.
During the first 10 years of its transition to EMV technology, the UK saw card-not-present (online) fraud increase almost 40 percentage points – from 23 percent to 62 percent. Online merchants need to be as prepared as possible for this change. And the time is now.
Ahhhh! What is an online merchant to do?
- Get to know your fraud prevention team. Do you have a relationship with your ecommerce provider’s fraud team? If not, it’s time to call them up for a chat. Make sure your fraud tools are up to date. Ask them how they are going to handle the transition to EMV technology. Start the conversation now.
- Check your analytics. Record daily, weekly and monthly average traffic so you will notice any fluctuations when you begin the shift to EMV technology.
- Stay in the loop. Read the news. Add “EMV” to your Google News keyword search. Check out resources from EMV Connection, MasterCard and Visa.
Be as prepared and proactive as possible. This change is ultimately for the best.
Tim Russo is the Chicago fraud team leader for cleverbridge , a global full-service ecommerce provider for more than 300 international software and cloud companies including Avira, Corel, Dell, Malwarebytes and Parallels. You can connect with him on Twitter and LinkedIn.