Jeremy Waxman, Verifi, Inc. On The “Countdown to EMV”
Posted July 24, 2015
In three months, U.S. merchants and credit card networks will follow in the footsteps of many other countries around the world and abandon technology associated with antiquated magnetic stripe credit and debit cards. With the current magnetic stripe technology, hackers can easily skim card numbers and security codes in order to use stolen credit cards, which EMV chip card technology will prevent.
While the adoption of EMV will make it more difficult for cybercriminals to copy account numbers, security codes and magnetic stripes associated with antiquated cards, the U.S. will likely see an increase in online fraud. This has been the case elsewhere, including in Europe, which saw a 21 percent online fraud increase following EMV adoption in 2012.
In the run-up to the October 2015 deadline for EMV adoption in the U.S., ThreatMetrix has surveyed several industry thought leaders for their views and opinions. In this blog, Jeremy Waxman, vice president product development, Verifi, Inc., provides his perspective.
Question: How can e-commerce merchants prepare now for the shift to EMV?
Answer: It’s really getting down to the wire so ideally, merchants started preparing for the shift months ago. The transition presents two main areas of focus for CNP merchants: payments system integration and fraud prevention. Payments system integration has many components, from terminal replacement and upgrades to testing and staff training. Being EMV-capable requires merchants to upgrade or replace their POS device, which can be expensive. A key thing merchants need to be aware of is that the quality, support and agility of this new hardware can potentially impact how the business will be able to adapt to future innovation. Merchants should choose wisely and consider the cost, timelines, agility and complexity of different payment systems.
Fraud prevention is also extremely important. Hopefully, most merchants have already begun to evaluate how the liability shift will impact business and have adjusted their fraud prevention strategy accordingly. If not, now is the time to do this. While chip and PIN technology will have a significant impact card-present fraud, new risks will emerge online as fraudsters focus their efforts on the more vulnerable channeland unprepared CNP merchants will quickly see a hit to their bottom line.
Question: In your opinion, will most e-commerce merchants meet the October 2015 EMV deadline? If not, what will hold them back?
Answer: Unfortunately, many merchants will not meet the EMV deadline. Some sources say more than a third of the payment ecosystem is unaware of EMV, even though the shift was first announced in the U.S. in August of 2011. Despite the generous ramp up time, many merchants have not done the necessary preparation or made the required changes to support EMV. Part of this is due to lack of awareness about the initiative. Overseas, many countries had support from the government to educate merchants and consumers, while the U.S. has had to rely solely on efforts of the acquirer/processors, payment networks and other players in the payments ecosystem to get the word out. This has left many scrambling to make the necessary adjustments to adopt the technology before October, when the change in liability will potentially impact millions of dollars to merchants’ bottom lines.
Question: In the EU, the shift to EMV caused an increase in online fraud. How will EMV adoption change fraud rates in the U.S.? Do you predict in-store fraud increase or decrease? How about online fraud rates?
Answer: Our neighbors abroad that have implemented EMV have already seen the online fraud fallout. While counterfeit card fraud significantly diminished, fraudsters infiltrated the CNP channel to a much greater degree, post-EMV where there are more vulnerabilities to exploit. Forecasts put CNP fraud losses at more than $6 billion by 2018, a staggering number that is more than double what we currently see.
Chargebacks will be especially troublesome for CNP merchants. In addition to an overall rise in CNP fraud, both true fraud and non-fraud chargebacks will be a painful thorn in the side of merchants as overall mischief on the CNP channel increases.
Question: What can CNP merchants do to prepare for this uptick in CNP fraud as a result of the liability shift?
Answer: The hard truth is that fraudsters are getting smarter. They continue to seek out and exploit vulnerabilities at a rapid pace and threats are dynamic and constantly changing. Merchants can’t afford to have a lackluster, one-dimensional fraud prevention strategy in place. Fighting the onslaught of CNP fraud that will result from the EMV liability shift will require a comprehensive and agile fraud prevention strategy that keeps merchants one step ahead of the bad guys. Using a set of tools that work together to decrease fraud in a balanced way can mean the difference between big gains and sizable losses. That said, merchants should not err on the side of over-reacting when it comes to fraud prevention. Too much front-end fraud protection means the loss of legitimate sales. Layering and balancing tools at various transaction touch points produces the greatest results. This ensures that merchants are protected from fraud and brand reputation losses without turning away legitimate sales.
Customization is absolutely necessary to avoid “false positive” fraud indications which result in the loss of legitimate sales. Merchants should also be vigilant about reducing customer friction wherever possible. Feedback loops on the backend can help boost fraud prevention awareness and operational effectiveness. Tools like post-transaction chargeback notifications offer merchants insight into their fraud prevention strategy within the context of operational goals. Key metrics like total chargebacks as a percentage of orders can offer valuable insight into trends, allowing merchants to adjust front-end fraud prevention tools as needed. Balancing front- and back-end fraud tools produce the greatest results in terms of stopping fraud and reducing false positives so that legitimate sales continue to pass through.
Overall the best strategy is to lead with a well-known provider as the base for the fraud prevention strategy and then layering solutions on top. A leading solution allows you to get a global view on transactional impact, while reducing false positives.