February 20, 2019
Six Months Ahead of EMV Chip Deadline, ThreatMetrix Offers Strategies to Protect Against Expected Increase in Online Fraud
Posted April 2, 2015
As October EMV Deadline Fast Approaches, ThreatMetrix Discusses Possibility of Increased Online Fraud for Merchants and Increased Fraudulent Account Creation for Banks
San Jose, CA – April 2, 2015 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today warns that as the October 2015 Europay-MasterCard-Visa (EMV) deadline approaches, online retail fraud and fraudulent account creation for financial institutions in the U.S. will increase drastically as the adoption of EMV chip cards creates roadblocks for fraudsters hacking point-of-sale (POS) systems in store.
In 2014, U.S. retailers lost about $32 billion to fraud, up from $23 billion just a year earlier – much of it due to the weak security of credit and debit cards. In six months, U.S. merchants and credit card networks will follow in the footsteps of many other countries globally and abandon all technology associated with antiquated magnetic stripe credit and debit cards. With the current magnetic stripe technology, hackers can skim card numbers and security codes in order to use stolen credit cards, which EMV chip card technology will prevent.
The adoption of EMV will make it more difficult for cybercriminals to copy account numbers, security codes and magnetic stripes associated with those cards. However, in the countries that have already adopted EMV, a significant increase in online fraud followed, and the U.S. is not expected to be an exception. In fact, online fraud increased 21 percent in Europe in 2012, in part due to the introduction of EMV cards.
“From a consumer perspective, the shift to EMV is good news as it will make it harder for cybercriminals to counterfeit credit cards and conduct fraudulent purchases in stores,” said Alisdair Faulkner, chief products officer at ThreatMetrix. “But from an online merchant perspective, as it becomes more difficult for cybercriminals to monetize on counterfeit cards, their goals are now going to shift to use stolen credit card data through online channels. Right now – ahead of the October deadline – is the time for retailers to start implementing systems that look at cybercrime in context to combat the growing breadth and intelligence of fraud following the widespread adoption of EMV in the U.S.”
Following the October deadline, retailers still supporting magnetic stripe card technology will be liable for any resulting fraud losses. While merchants will be held liable for any in-store fraud, the increase in online fraud can also create liability issues for banks– specifically as cybercriminals turn their attention to applying for new EMV chip credit cards online with stolen information. To combat the expected growth in fraudulent account creation online, banks will also need to increase security.
With the shift to EMV, banks must also prioritize mobile security. Across mobile and Web, 30 percent of banks’ customer acquisition happens from some kind of mobile device. This trend is continuing to grow, which creates even more of a challenge for financial institutions, as the mobile channel is easily compromised by cybercriminals.
“The vast majority of financial institutions are using very rudimentary intelligence about user behavior, Internet connections and devices to determine whether the end user is a good customer or a cybercriminal,” said Faulkner. “For example, many banks still rely on the geolocation of the user based on IP addresses and cookies for authentication – but those can be easily spoofed through proxies and by bots. With the adoption of EMV, financial institutions must have the capabilities to authenticate users by assessing their digital identities as a whole to prevent cybercriminals from opening new credit cards with a stolen identity.”
To effectively protect their customers, merchants and financial institutions must ramp up their efforts by leveraging a digital identity network to combat online fraud prior to the widespread adoption of EMV. The ThreatMetrix® Global Trust Intelligence Network delivers real-time intelligence, providing businesses with consistent risk assessments of data and creating unique digital identities for users by mapping their online behaviors and devices to protect customers from fraudulent transactions.
- Guilty Until Proven Innocent: How Incorrectly Identifying Good Customers as Cybercriminals Damages Your Bottom Line
- Press Release: EMV Global Standard Chip Adoption Increases Likelihood of Online Fraud
- eBook: ThreatMetrix Cybercrime Report: Q4 2014
ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real-time customer-driven analytics platform. These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.
ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes more than one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.
For more information, visit www.threatmetrix.com or call 1-408-200-5755.
© 2015 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.