Datacap Logo

With EMV in place, merchants should look to online security

 EMV Card sitting on keyboard

As of Oct.1, 2015, the liability for transactions via counterfeited EMV cards shifted from the card issuer to the acquirer/merchant. This has spurred many enterprises to make the switch to EMV-enabled POS solutions, with a lot of merchants still working toward EMV implementation as the industry catches up to the standard.

The implementation of EMV will go a long way toward eliminating one common type of fraud – in-store counterfeit cards. Citing a report from Aite Group, CreditCards.com was quick to note that counterfeit cards account for 37 percent of all U.S. credit card fraud. Skimming operations were often a windfall for criminals, allowing them to target unsecured POS terminals and retailers that haven’t yet made the move to EMV. This strategy is isn’t viable long-term, with the widespread integration of EMV-enabled solutions and continuing distributrion of smartcards to consumers – just under 70 percent of payment cards are expected to be smartcards by the end of 2015.

Shoring up other security gaps
With counterfeit cards presenting less of an opportunity, many fraudsters will turn to other means. Even with EMV in place, cards can still be stolen and used for online fraudulent activity.

“Card not present fraud in the U.S. accounted for 45 percent of total fraud in 2014.”

However, card not present fraud may soon be the biggest source of fraud that for which enterprises must account. Criminals can still acquire card numbers and sensitive information and use this data to make fraudulent online transactions. With counterfeit cards no longer being the attractive target they were in years past, criminals will likely turn their sights to online retailers and customers.

“There is a little bit more sophistication that is needed to commit fraud online, but people went ahead and learned it,” Justin McDonald, of The Fraud Practice, told CreditCards.com. “When it comes to committing online credit card fraud, you can buy the card details on the black market and go use them.”

The same Aite Group survey noted that card not present fraud in the U.S. accounted for 45 percent of total fraud in 2014, illustrating that it was already on the rise. In other countries where EMV has already been implemented, online fraud raised drastically. In the United Kingdom, for example, card not present fraud grew 79 percent in the first three years after the implementation of EMV.

 Security Banner

Turning the focus online
With the Oct. 1 EMV liability shift in place, most businesses are currently focusing on their in-store payments – they want to ensure they’re working toward EMV-enabled solutions to avoid potential liability. But the holiday season is fast approaching, and enterprises must ensure their online presence is also secure.

As Forensic Strategic Solutions noted, the holidays tend to be ripe with fraud – more people are spending money, so there are more opportunities for criminals to take advantage. If history is any indication, online fraud will see a significant bump now that the US is in the process of implementing EMV. Merchants need to be aware of this growing threat and act accordingly to mitigate their card-not-present risk.