EMV Chips Are a Good Idea. Right?
Posted May 22, 2015
With Wholesale Adoption Just Months Away, EMV Chips Show Downsides Cybercriminals Can Exploit to Defraud CNP Merchants
Is it the law of unintended consequences, Murphy’s Law, or some other cosmic statute that insists on a downside to just about every creation from bathtubs to beer?
Take the bathtub. Here is a device without which civilized society could not live in harmony (or at least proximity). Even this most benign and useful of objects has a downside. According to the United States Centers for Disease Control and Prevention (CDC), about two-thirds of accidental injuries happen in the bathtub or shower. (Yes, we looked it up.) Beer? Well, the Yin and Yang of beer is fairly self-evident – especially for people who’ve slipped in the bathtub after consuming too much of the stuff.
The EMV chip’s negatives
The EMV chip, which most security experts agree, will slash fraud at the register or Point-of-Sale (PoS) also has its downside. In a recent news release titled, Six Months Ahead of EMV Chip Deadline, ThreatMetrix Offers Strategies to Protect against Expected Increase in Online Fraud, Alisdair Faulkner, ThreatMetrix chief products officer observed, “From a consumer perspective, the shift to EMV is good news as it will make it harder for cybercriminals to counterfeit credit cards and conduct fraudulent purchases in stores. But from an online merchant perspective, as it becomes more difficult for cybercriminals to monetize on counterfeit cards, their goals are now going to shift to use [of] stolen credit card data through online channels. Right now – ahead of the October deadline – is the time for retailers to start implementing systems that look at cybercrime in context to combat the growing breadth and intelligence of fraud following the widespread adoption of EMV in the U.S.”
A note of caution sounded about EMV at the CardNotPresent.com Annual Conference and Expo
In his article on digitaltransactions.net, and based on interviews with key participants at the Conference and Expo, Kevin Woodward reports on types of fraud the EMV chip could foster. The following has been excerpted from his piece and edited to fit our format.
Stolen in transit
Though credit and debit issuers are staggering their chip card issuance, there remains a risk that criminals could intercept these mailings and use the cards to commit fraud, said Jackie Barwell, director of fraud product management at ACI Worldwide Inc., a … vendor of online payment security services.
One major concern of hers is that in the United States, EMV chip cards are active when mailed to cardholders, making them vulnerable to criminals who might steal them from mailboxes.
Online fraud to dramatically increase
“The challenge that comes with EMV moving forward, especially for card-not-present, is that fraud will dramatically increase,” said Terry Dooley, executive vice president and chief information officer for …Shazam Inc., a regional PIN-debit network.
Instead of criminals walking into a store to attempt to make a fraudulent transaction, they’ll go online….
Only 3 percent use 3D Secure technology to help reduce risk
Operated as Visa Inc.’s Verified by Visa and MasterCard Inc.’s SecureCode, 3D Secure systems try to replicate the point-of-sale experience by prompting cardholders to enter a secret code in a pop-up window when checking out from a retailer’s site. The measure is meant to reduce fraudulent online transactions.
“Only 3% of merchants use 3D Secure,” said Tricia Lines Hill, senior vice president of business development and marketing communications at First Atlantic Commerce, a…payment processor. “This has to change when EMV rolls out.”
Friction at the checkout hinders 3D Secure adoption
Many merchants balked at using the technology because they viewed it as disruptive to the checkout process, and not enough of their shoppers had payment cards that supported the technology.