Markus Bergthaler, MRC, On the “Countdown to EMV”
Posted July 14, 2015
In three months, U.S. merchants and credit card networks will follow in the footsteps of many other countries around the world and abandon technology associated with antiquated magnetic stripe credit and debit cards. With the current magnetic stripe technology, hackers can easily skim card numbers and security codes in order to use stolen credit cards, which EMV chip card technology will prevent.
While the adoption of EMV will make it more difficult for cybercriminals to copy account numbers, security codes and magnetic stripes associated with antiquated cards, the U.S. will likely see an increase in online fraud. This has been the case elsewhere, including in Europe, which saw a 21 percent online fraud increase following EMV adoption in 2012.
In the run-up to the October 2015 deadline for EMV adoption in the U.S., ThreatMetrix has surveyed several industry thought leaders for their views and opinions. In this blog, Markus Bergthaler, global director of programs and marketing, MRC, provides his perspective. The MRC is the principal not-for-profit, global forum for e-commerce fraud and payments professionals.
Question: How can e-commerce merchants prepare now for the shift to EMV?
Answer: Hopefully they have been preparing for some time by implementing the necessary tools in order to combat a potential increase in fraud attempts. Tools such as device fingerprinting and two factor authentication are crucial in minimizing online fraud. Any rule based system should be reviewed and set up to handle a possible increase in Card-not-present fraud attempts.
Question: What should consumers do to prepare for the shift to EMV?
Answer: Consumers should educate themselves and be aware of what the EMV switch means to them. While physical purchases will be safer due to consumers not having to hand out their credit cards anymore, they should be aware that fraud is likely to shift even more towards the internet and take the necessary steps to secure their accounts, which include regularly changing their passwords, setting up two factor authentication if available and looking out for any strange activity on any of their accounts.
Question: In your opinion, will most e-commerce merchants meet the October 2015 EMV deadline? If not, what will hold them back?
Answer: While merchants with a physical presence have to switch over their point of sale terminals in order to accept EMV cards, online merchants do not have to physically alter their payment systems. It is advisable that e-commerce companies make their customers aware of updating their payment information, especially for subscription-based services or reoccurring payments in order to assure that they use their most up to date card, which will hopefully be equipped with an EMV switch and therefore, will less likely be compromised.
Question: In the EU, the shift to EMV caused an increase in online fraud. How will EMV adoption change fraud rates in the U.S.? Do you predict in-store fraud increase or decrease? How about online fraud rates?
Answer: Although the EMV switch has caused a large increase in fraud in Europe, one thing to keep in mind is that it was ten years ago. Technology has come a long way since then and the fraud prevention tools available now are far more advanced than they were in 2005. Online merchants have gathered a lot of experience and have become increasingly successful when it comes to combating fraud. While we will likely still see a slight increase in online fraud, I do not believe it will be nearly as bad as it was in Europe.
In-store fraud will most likely decrease over time as it will be much more difficult for fraudsters to reproduce cards. While coding a mag-stripe is very easy to do, faking an EMV chip is virtually impossible.