EMV Global Standard Chip Card Adoption Increases Likelihood of Online Fraud
Posted May 14, 2014
ThreatMetrix Outlines Strategies for Card Providers and Online Merchants to Prevent Online Fraud Associated with the Adoption of EMV Chip Cards
San Jose, CA – May 14, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announces several strategies for card providers and online merchants to protect customers from the predicted increase in online fraud associated with the Europay-MasterCard-Visa (EMV) global standard chip cards soon to be adopted throughout the U.S.
Following recent data breaches at major retailers including Target and Neiman Marcus, U.S. merchants will soon follow in the footsteps of many other countries around the world and abandon antiquated magnetic stripes on the 1.2 billion credit and debit cards in the U.S. Instead, U.S. credit card networks and merchants are making the move to EMV chip cards, which will make it more difficult for cybercriminals to copy account numbers and security codes associated with those cards.
Credit card networks have set a deadline of October 2015 – less than 18 months away – for most U.S. merchants to adopt EMV payments systems. Following this deadline, any retailers and banks supporting magnetic stripe cards will be liable for fraud losses as a result.
“The U.S. is the final G-20 country to make the transition to EMV chip cards,” said Julie Conroy, retail banking research director, Aite Group. “While the transition will effectively address the rapidly increasing rates of counterfeit fraud, fraudsters will focus their efforts more intensely online, as they have in all other countries that have made the switch to EMV. Merchants and issuers alike need to adjust their online defenses to combat the fraud while at the same time preserving the customer experience.”
Creating a unique code for each transaction, EMV chip cards are far more difficult to hack or counterfeit. However, while in-store fraud in countries that have widely adopted EMV chip cards – such as the UK – has gone down dramatically, according to Financial Fraud Action UK, online fraud in many of those countries has increased since the introduction of EMV. In fact, online fraud increased 21 percent in Europe in 2012, in part due to the introduction of EMV cards.
While online transactions have always been a target for cybercriminals, the adoption of EMV chip cards in the U.S. will push them away from in-store fraud, and increase the likelihood of new, sophisticated strategies for fraudulent online transactions. With the current magnetic stripe technology, hackers can skim card numbers and security codes in order to use stolen credit cards, which EMV chip card technology will prevent. However, merchants likely will not see any improvements in online security due to the switch to EMV.
“Card providers and online merchants need to be aware of the likely increase in online fraud associated with the adoption of EMV chip cards,” said Andreas Baumhof, chief technology officer, ThreatMetrix. “Retailers are up against a hard deadline to make the switch to EMV payments systems, but they need to be prepared for the influx of online fraud that will go hand in hand with the transition to EMV. We have seen this in every single country that introduced EMV – and it will happen here as well.”
To help merchants and card providers protect their businesses and customers during the transition to EMV chip cards, ThreatMetrix has outlined several cybersecurity strategies. These include:
• Frictionless context-based authentication – To protect customers from the potential increase in online fraud, merchants and card providers should implement frictionless context-based authentication. This strategy enables businesses to establish trust for each account login based on a fully-anonymized user identity, device usage, geolocation, customer behavior and other factors without compromising the user’s identity or workforce efficiency.
• Real-time trust analytics – To protect cardholders from potential online fraud or identity theft, merchants, card providers and other financial institutions should use real-time trust analytics, which offer instant analysis of device, location and behavioral context for every authentication attempt. Using a consistent set of identity authentication policies comparing against global benchmarks derived from peers in their industry, the size and scale of the enterprise, geographic location and more, real-time trust analytics offer unprecedented identity authentication policies.
To effectively protect their customers, merchants and card providers must ramp up their efforts to combat online fraud prior to the widespread adoption of EMV. The ThreatMetrix® Global Trust Intelligence Network delivers real-time intelligence, providing merchants and card providers with consistent risk assessments of data and creating a digital persona of users by mapping their online behaviors and devices to protect customers from fraudulent transactions.
ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.
ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.
The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.
For more information, visit www.threatmetrix.com or call 1-408-200-5755.
© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.