EMV and eCommerce: How Fraud is Transitioning Online


While Preventing Card-Present Fraud, EMV Technology Actually Drives eCommerce Fraud

EMV FraudSince EMV technology has made it nearly impossible for criminals to use counterfeit cards, it makes sense that there’s been a drastic reduction in card-present fraud perpetrated against EMV compliant businesses. It seems EMV fraud will be hard to accomplish.

It’s also understandable why online merchants are reporting a dramatic uptick in card-not-present fraud. The correlation between EMV and eCommerce fraud is obvious: criminals must still earn a living—they just need new ways to commit the same old crimes.

EMV Pushes Bulk of Fraud into eCommerce

New EMV technology makes it difficult to intercept account data or replicate it with counterfeit cards. In the same way, EMV technology also reduces the risk of mass retail data breaches, such as the now infamous 2013 Target breach.

Unfortunately, there are still plenty of dedicated fraudsters out there, and where there is a will, there is a way.

Industry observers have already noticed an increase in card-not-present fraud, as more fraudsters move from brick-and-mortar stores to the eCommerce realm.

New Account Fraud—The Path of Least Resistance

One of the favorite EMV eCommerce fraud tactics employed by these criminals is a practice known as “new account” fraud.

Although EMV prevents card data from being stolen at the point of purchase or through retail data breaches, there are still ways in which cardholder information can be compromised, such as phishing sites and malware.

New account fraud, also known as synthetic identity theft, involves using the personal information stolen through such means to open up new credit card accounts, then buying as much merchandise as possible before the fraud is discovered. Chargebacks are then initiated to undo the damage to the cardholder, leaving the merchant as the ultimate victim.

35 Simple Steps to Preventing More Chargebacks by Chargebacks911

35 Simple Steps to Preventing More Chargebacks

Download our FREE guide that outlines 35 step-by-step effective chargeback prevention techniques. Learn insider secrets that will reduce your risk of chargebacks, increase your profits and ensure your business's longevity.

According to a study released by Javelin Strategy & Research, the EMV liability shift drove a whopping 113% increase in new account fraud. This form of fraud now accounts for 20% of all fraud losses in the US.

According to that same study, card-not-present fraud in the US actually overtook card-present fraud for the first time in 2015, following a trend predicted by experts. So, what can be done?

eCommerce Solutions to the EMV Fraud Issue

As consumer advocates point out, the switch to EMV wasn’t a mistake; however, merchants, banks and consumers must all take steps to help counter this new threat.

Some experts point to digital tokenization, the card-not-present equivalent of EMV technology, as a way to combat eCommerce fraud. Programs and features such as Mastercard’s Chip Authenticated Program and Visa’s Dynamic Passcode Authentication could eventually make online criminal fraud much more difficult to pull-off.

However, the process of implementing a widespread system of digital tokenization will take a long time.  Although the liability shift happened in late 2015, the roll out of EMV technology is still in progress for many retailers. Standardizing a similar system for eCommerce is still far-off.

In addition, eCommerce tokenization does nothing to combat chargebacks, and will still leave merchants vulnerable to friendly fraud, the fastest-growing subset of payment card fraud.

Cardholders Fear EMV Fraud

It is understandable that businesses, both online and off, are worried about the increased risks associated with the EMV transition. However, a surprising recent development yields a new concern: many consumers are now quite anxious about new genres of EMV fraud.

Fighting Back Against EMV-Evading Fraud

Merchants’ best hope for averting chargebacks resulting from card-present EMV fraud prevention is to engage in business best practices:

  • Be Wary of Large Purchases Made by New Customers: Criminals committing new account fraud are likely to try and buy expensive items in large quantities in order to get the most out of their stolen account information.
  • Take Advantage of Security Tools: Verified by Visa and Mastercard SecureCode are just two tools provided by the card networks to assist in detecting fraud.
  • See if the Customer Has the Card In-Hand: Verify such details as the card expiration date and the card security code. While this isn’t foolproof, it can at least help determine that the purchaser is probably in physical possession of the card.

dlp-iconUPDATE: Mastercard Announces Changes to Testing and Certification Process to Speed-Up EMV Adoption

In a press release issued June 20, 2016, Mastercard announced, “a new EMV chip terminal testing and certification program aimed at speeding chip adoption by U.S. merchants."

No specific guidelines have been released publicly yet, but company executives say the new certification process will empower acquirers and VARs to take a greater role in the process. By offering these parties more responsibility, flexibility, and resources during the process, Mastercard hopes that the EMV terminal certification process can be conducted in hours, rather than weeks.

“Elavon has been working with Mastercard and our merchant customers for over three years to develop strategies, implement hardware and software upgrades and train employees,” says Guy Harris, president of Elavon North America. “By accelerating the testing and certification process, Mastercard and Elavon can make more terminals available to more merchants, increasing the safety of the entire payments ecosystem.”

dlp-iconUPDATE: Visa Introduces New Chargeback Policies, Effective July 2016

Visa announced plans to implement two new policies which may affect the number of chargebacks a merchant experiences. The new approach to EMV liability is intended to provide temporary relief to merchants during the ongoing transition phase.

Under the new policy, effective July 22, 2016, issuers may only file a maximum of ten chargebacks per account that result from criminal use of a counterfeit card. Beyond that threshold, issuers must accept liability for financial losses.

In addition, Visa will also no longer accept counterfeit card chargebacks for transactions under $25.

According to Visa, these two policies will lead to a 40% reduction in chargebacks resulting from counterfeit cards, as well as a net decline of 15% in the total dollar amount of chargebacks. The new rules will remain in effect until April 2018.

dlp-iconUPDATE: AMEX Introduces New Chargeback Policies, Effective August 2016

Just days after Visa unveiled its new policies regarding counterfeit card chargebacks, American Express announced plans to follow suit, releasing their own chargeback policy updates.

Much like the Visa update, claims of counterfeit card abuse involving American Express cards will be limited to ten chargebacks per account, with a minimum transaction threshold of $25. This is all in an effort to offer relief to card-present merchants during the EMV transition period.

According to the company’s statement, AMEX cardholders can expect the new rules to be in effect by the end of August, and will remain in effect until April 2018.

“We recognize the migration to EMV in the U.S. is an effort that will take time,” Mike Matan, Vice President of Global Network Business for AMEX explained. “…which is why we are making these policy changes in order to provide flexibility to those merchants that may need more time to upgrade their point-of-sale terminals to accept EMV chip cards.”

Like the other networks' adjustments, American Express intends the new rules to ease pressure on merchants and acquirers as the EMV roll out continues. However, these updates only benefit card-present merchants. eCommerce merchants will not experience decreased liability for the increased fraud that’s resulted from the EMV transition.

Professional Assistance: The Best Protection For All Types of Fraud

Fraudsters are cunning. Usually, their tactics change faster than in-house fraud detection teams can respond. Professional solutions that are specifically designed to stay one step ahead can significantly enhance a business’s bottom line, whether those solutions are the result of a fully outsourced service or simply complement in-house efforts.

For example, there are several Chargebacks911® products that can help online merchants who are struggling with avoiding chargebacks in the post-EMV environment.

  • We provide the most extensive chargeback alerts network on the market today. Our proprietary technologies, combined with those of third-party venders, provide global coverage for criminal fraud attempts. Merchants are able to refund credit card fraud victims and avoid chargebacks.
  • Our Merchant Compliance Review is a 106-point inspection which thoroughly examines every aspect of the merchant-customer relationship, from before an order is placed until after it leaves the store. Using this review, our experts are able to properly identify the root cause of a merchant’s chargebacks, identifying those policies and practices which leave the business susceptible.
  • Our Intelligent Source Detection™ technology is a revolutionary method of chargeback prevention. We have the only system available on the market today that enables merchants to definitively identify the true source of chargebacks. ISD determines the real reason behind the reason code, making it possible to target the right source with the right solution.

With EMV technology now settling in as the norm throughout the global market, card-not-present fraud rates will only continue to grow. Merchants need to take swift action in order to protect themselves.

Contact Chargebacks911 today for a free chargeback analysis to diagnose your business’s risk level.

Prevent Chargebacks.

Fight Fraud.

Recover Revenue.