ThreatMetrix, a context-based security and fraud prevention solutions provider, warns that as the October 2015 Europay-MasterCard-Visa (EMV) deadline approaches, online retail fraud and fraudulent account creation for financial institutions in the U.S. will increase drastically with the adoption of EMV chip cards, according to a press release.
The EMV chip cards are expected to create roadblocks for fraudsters hacking point-of-sale systems in-store.
In 2014, U.S. retailers lost about $32 billion to fraud up from $23 billion just a year earlier. Much of it was due the weak security of credit and debit cards. In six months, U.S. merchants and credit card networks will follow in the footsteps of other countries globally and abandon all technology associated with antiquated magnetic stripe credit and debit cards.
With the current magnetic stripe technology, hackers can skim card numbers and security codes in order to use stolen credit cards, which EMV chip card technology will prevent.
The adoption of EMV will make it difficult for cybercriminals to copy account numbers, security codes and magnetic stripes associated with those cards. However, in those countries that have already adopted EMV, a significant increase in online fraud followed, and the U.S. is not expected to be an exception. In fact, online fraud increased 21% in Europe in 2012, in part due to the introduction of EMV cards.
“From a consumer perspective, the shift to EMV is good news at it will make it harder for cybercriminals to counterfeit credit cards and conduct fraudulent purchases in stores,” said Alisdair Falkner, chief products officer at ThreatMetrix. “But from an online merchant perspective, as it becomes more difficult for cybercriminals to monetize on counterfeit cards, their goals are now going to shift to use stolen credit card data through online channels. Right now – ahead of the October deadline – is the time for retailers to start implementing systems that look at cybercrime in context to combat the growing breadth and intelligence of fraud following the widespread adoption of EMV in the U.S.”
After the October deadline, retailers still supporting magnetic stripe card technology will be liable for any resulting fraud losses. While merchants will be held liable for any in-store fraud, the increase in online fraud can also create liability issues for banks – specifically as cybercriminals turn their attention to applying for the new EMV chip credit cards online with stolen information. To combat the expected growth in fraudulent account creation online, banks will also need to increase security.
With the shift to EMV, banks must also prioritize mobile security. Across mobile and web, 30% of banks’ customer acquisition happens from some kind of mobile device. This trend is continuing the growth, which creates even more of a challenge for financial institutions, as the mobile channel is easily compromised by cybercriminals.
“The vast majority of financial institutions are using very rudimentary intelligence about user behavior, Internet connections and devices to determine whether the end user is a good customer or a cybercriminal,” said Falkner. “For example, many banks will rely on the geo-location of the user based on IP addresses and cookies for authentication – but those can be easily spoofed through proxies and by bots. With the adoption of EMV, financial institutions must have the capabilities to authenticate users by assessing their digital identities as a whole to prevent cyber criminals from opening new credit cards with a stolen identity.”