Two Javelin Analysts Argue EMV Will Not Shift Cybercriminals’ M.O.s From P.O.S. to Online
Everybody knows that when EMV becomes the American standard next October, beaten cybercriminals will drop Point of Sale theft like a hot rock and take to the hills or try their collective hands at online fraud and thievery. P.O.S. crime goes down, online crime goes up. Everybody knows that, right? Wrong.
Two Javelin Strategy & Research analysts, Nick Holland, retail payments practice lead and Al Pascual, fraud and security practice lead just don’t buy into the conventional wisdom. In his piece on digitaltransactions.net, John Stewart explains the analysts’ reasons for bucking convention. The following has been excerpted from his piece and edited to fit our format. You may find the complete, unedited article by clicking on this link.
Sticking a pin in the balloon
“The balloon-squeezing mythology [squeeze a balloon at one end and it expands at the other] needed to be revisited with a fresh set of eyes. Does this idea that EMV forces fraud to other areas still hold water? We had our doubts.”
They’re heeere (Think the classic line from Poltergeist)
The “missing” factor, argue[d] Holland and Pascual…is the explosive growth of e-commerce. In other words, rapidly rising volume in this channel has already attracted plenty of fraudsters in recent years, a trend that will only continue with or without EMV in physical stores. “They’re already there,” [said] Holland. “They already leapt online years ago.”
Half of all transaction fraud online
To buttress their point, Holland and Pascual point to current e-commerce fraud statistics. In the United States, online traffic accounts for just 8.5% of all electronic-transaction volume, yet nearly half of all transaction fraud occurs online.
Fraudsters, in their nefarious way, tend to be multitaskers, attacking all forms of payments in all channels opportunistically. EMV has proven itself effective in other countries against counterfeit-card fraud at the point of sale. But to Holland and Pascual, the idea that criminals confine themselves to just that form of fraud, and then move on to card-not-present crime only when frustrated by EMV, is naïve.
e-Commerce fraud soaring
[e-Commerce] fraud in the United States is due to soar, even if the move to EMV will have little to do with it. If volume drives fraud, and if, as predicted by Javelin, online volume grows to more than 10% of all e-payments within three years, then card-not-present fraud can only grow much worse. “Card-not-present fraud is already very big and will get bigger,” warns Holland.
Same-day delivery delivers fraud
Exacerbating this problem, he says, is the nascent trend toward same-day or even faster delivery. While this trend promises greater convenience for consumers, it opens new opportunities for fraudsters with stolen payment credentials, Holland warns.
“Increasingly, you’ve got this situation where you’re shopping locally but accessing inventory globally,” he notes. “[There’re] clearly avenues of fraud there, particularly when you’re getting the goods within hours. Certainly, the time between instigating payment and the delivery of the goods is short and rapidly truncating. The fraud-mitigation response needs to be tailored to that.”
ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.
ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.
The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.
For more information, visit www.threatmetrix.com or call 1-408-200-5755.