With Wholesale Adoption Just Months Away, EMV Chips Show Downsides Cybercriminals Can Exploit to Defraud CNP Merchants
Is it the law of unintended consequences, Murphy’s Law, or some other cosmic statute that insists on a downside to just about every creation from bathtubs to beer?
Take the bathtub. Here is a device without which civilized society could not live in harmony (or at least proximity). Even this most benign and useful of objects has a downside. According to the United States Centers for Disease Control and Prevention (CDC), about two-thirds of accidental injuries happen in the bathtub or shower. (Yes, we looked it up.) Beer? Well, the Yin and Yang of beer is fairly self-evident – especially for people who’ve slipped in the bathtub after consuming too much of the stuff.
The EMV chip’s negatives
The EMV chip, which most security experts agree, will slash fraud at the register or Point-of-Sale (PoS) also has its downside. In a recent news release titled, Six Months Ahead of EMV Chip Deadline, ThreatMetrix Offers Strategies to Protect against Expected Increase in Online Fraud, Alisdair Faulkner, ThreatMetrix chief products officer observed, “From a consumer perspective, the shift to EMV is good news as it will make it harder for cybercriminals to counterfeit credit cards and conduct fraudulent purchases in stores. But from an online merchant perspective, as it becomes more difficult for cybercriminals to monetize on counterfeit cards, their goals are now going to shift to use [of] stolen credit card data through online channels. Right now – ahead of the October deadline – is the time for retailers to start implementing systems that look at cybercrime in context to combat the growing breadth and intelligence of fraud following the widespread adoption of EMV in the U.S.”
A note of caution sounded about EMV at the CardNotPresent.com Annual Conference and Expo
In his article on digitaltransactions.net, and based on interviews with key participants at the Conference and Expo, Kevin Woodward reports on types of fraud the EMV chip could foster. The following has been excerpted from his piece and edited to fit our format. You may find the full article by clicking on this link.
Stolen in transit
Though credit and debit issuers are staggering their chip card issuance, there remains a risk that criminals could intercept these mailings and use the cards to commit fraud, said Jackie Barwell, director of fraud product management at ACI Worldwide Inc., a … vendor of online payment security services.
One major concern of hers is that in the United States, EMV chip cards are active when mailed to cardholders, making them vulnerable to criminals who might steal them from mailboxes.
Online fraud to dramatically increase
“The challenge that comes with EMV moving forward, especially for card-not-present, is that fraud will dramatically increase,” said Terry Dooley, executive vice president and chief information officer for …Shazam Inc., a regional PIN-debit network.
Instead of criminals walking into a store to attempt to make a fraudulent transaction, they’ll go online….
Only 3 percent use 3D Secure technology to help reduce risk
Operated as Visa Inc.’s Verified by Visa and MasterCard Inc.’s SecureCode, 3D Secure systems try to replicate the point-of-sale experience by prompting cardholders to enter a secret code in a pop-up window when checking out from a retailer’s site. The measure is meant to reduce fraudulent online transactions.
“Only 3% of merchants use 3D Secure,” said Tricia Lines Hill, senior vice president of business development and marketing communications at First Atlantic Commerce, a…payment processor. “This has to change when EMV rolls out.”
Friction at the checkout hinders 3D Secure adoption
Many merchants balked at using the technology because they viewed it as disruptive to the checkout process, and not enough of their shoppers had payment cards that supported the technology.
ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform. These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.
ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.
For more information, visit www.threatmetrix.com or call 1-408-200-5755.