Let’s Examine EMV Fraud Prevention, 5 Years After the Liability Shift
October 15, 2020, marked the fifth anniversary of EMV adoption in the United States. By now, just about every American has at least one chip-enabled card sitting in their wallets. For most of us, “dipping” a payment card is just second nature now. How effective has EMV fraud prevention been, though?
It’s worth looking back to see how this process rolled out, how effective it’s been, and where we can expect things to go from here.
Chip cards are a product of EMVCo, an independent consortium drawing its name from the three-card brands—Europay, Mastercard, and Visa—that first launched the technology. Chip-enabled cards can store significantly more information than basic magnetic stripe cards.
Chip cards can hold dynamic, encrypted data. This lets them generate a unique token for each transaction, rather than transmit the cardholder’s actual information. As a result, fraudsters are unable to skim cards and steal a cardholder’s identity. Plus, it’s much more difficult to create counterfeit cards that use chips.
The same tokenization technology behind EMV cards also works for payment methods using near-field communications (NFC) technology, such as mobile wallet apps like Apple Pay. When the customer scans a mobile device across the card reader, it transmits tokenized information, just like with a chip card.
This sounds like a great development in protecting businesses against abuse. We have to look a little closer, though, and consider exactly how effective EMV fraud prevention has been.
Substantial Decline in Counterfeit Card Fraud
Although merchants were encouraged to accept chip cards as early as 2011, the October 2015 deadline marked the point at which fraud liability officially shifted in the US market. After that date, if a cardholder had an EMV chip card but swiped the magnetic stripe instead, the merchant would be held liable for any fraud.
Visa reports that, as of September 2019, the card network observed an 87% decrease in counterfeit card fraud since the introduction of EMV chip cards. That’s fantastic news; it points to the efficacy of EMV as a fraud prevention tactic.
Unfortunately, EMV implementation hasn’t resolved every problem. The implementation process itself didn’t go very smoothly. Shifting deadlines, delays in EMV certification, and a lack of clarity on certain policies created plenty of confusion for consumers and merchants alike. And, although the EMV liability shift occurred five years ago, the transition is still not complete.
Card-present transactions employing EMV technology were up 17.7% as a share of total card-present transactions between 2018 and 2019. The bad news? EMV-enabled transactions still only represented 63% of card-present sales in 2019. Until that number reaches 100%, stolen cardholder information can still be vulnerable.
The 2021 Chargeback Field Report
The 2021 Chargeback Field Report is now available. Based on a survey of over 400 US and UK merchants, the report presents a comprehensive, cross-vertical look at the current state of chargebacks and chargeback management.Free Download
Many Merchants Still Lagging
EMV adoption is still growing in the North American market, but it lags behind the rest of the world. This creates a problem, in that consumers (mostly in the US) remain more vulnerable to potential fraud if they’re not using a chip-enabled card.
Many of these non-compliant card readers are at gas pumps. One report found that nearly one-third of AFD (automated fuel dispenser) operators still have no EMV-ready gas pumps available. Among large chains (those operating more than 500 locations), two-thirds say they’ve installed EMV readers at fewer than one-quarter of their total pumps.
The deadline for AFD operators to comply with EMV standards has been pushed back numerous times over the years. The deadline is currently set for April 2021; barely six in ten respondents, however, say they’ll be 100% EMV compliant by that point.
Reasons for Delays in EMV Adoption at Gas Pumps
When asked why they haven’t yet switched their machines to EMV technology, AFD merchants gave a variety of responses, including:
Impact of COVID-19 on EMV Rollout
In addition to the complaints outlined above, 34% of respondents gave more individualized reasons for delaying conversion. For instance, many merchants cited issues related to COVID-19—and how the outbreak impacted their cash flow management—as one of the reasons for the delay. Although the survey focused on AFD merchants, we can extrapolate outward based on earlier surveys. Many of the same obstacles are causing delays among card-present merchants overall.
It’s entirely reasonable to believe that COVID-19 may have delayed merchants in their switchover to EMV technology, regardless of their product category. That said, there’s now more of an incentive than ever to make the practice of securing card-present transactions through EMV technology a priority.
Consumers want to minimize touchpoints in the wake of the pandemic. Upgrading to an EMV-compliant terminal can also allow buyers to use NFC-enabled technologies like mobile wallets, which can facilitate contactless payments. By providing this option, merchants can offer cardholders peace of mind and make them feel more confident about shopping.
Merchants who continue to push back the shift can expect to see a negative impact on their bottom line. They could be liable for more fraud attacks, while consumers might be more hesitant to make purchases if their transactions don’t offer EMV fraud protection.
And the problem isn’t isolated to card-present merchants, either: there are also implications for eCommerce, merchants. Fraudsters can get access to cardholders’ information, but it’s not as easy to perpetrate attacks in person due to EMV technology. What they can do, though, is take that stolen data and use it to make online purchases.
Seeing More Chargebacks Despite EMV Protections?
We can help you fight chargebacks on all fronts. Click below to get started.
Post-EMV Fraud Moves Online
eCommerce merchants saw a significant surge in fraud activity following EMV adoption. In fact, according to the Federal Trade Commission, card fraud activity more than doubled between the first quarter of 2019 and the first quarter of 2020, and much of that activity occurred online.
This phenomenon has a compounding effect: as card-not-present fraud becomes more rampant, cardholders grow warier of online activity. They become more prone to filing chargebacks, which causes a spike in friendly fraud activity. Criminal fraud incidents may become more common, but friendly fraud grows at an even faster rate.
Card-not-present fraud will only increase as time goes on, so it’s important for online merchants to take precautions now. This includes:
- Using Antifraud Tools: Merchants need a multilayer strategy. They should employ complementary tools like CVV verification, AVS, proxy piercing, geolocation, 3-D Secure 2.0, and more in a coordinated manner.
- Using Fraud Scoring: Fraud scoring examines each transaction based on dozens of variables, then assigns each transaction a numeric score. Merchants can set parameters to flag and automatically reject suspected fraud attempts.
- Embracing Secure Technologies: Mobile wallets like Apple Pay employ two-factor security. Accepting and encouraging these alternate payment methods can make for more secure, reliable card-not-present transactions.
- Eliminating Potential Errors: We’ve identified more than 100 simple missteps in customer service, user experience, policies, and logistics that could lead to increased chargeback issuances while offering no antifraud benefits.
- Engaging Friendly Fraud: Merchants can’t fight fraud without reliable data. Friendly fraud costs merchants time and money, while also skewing their data and making it impossible to identify genuine fraud. Merchants need to identify and respond to friendly fraud through representment.
Take Action Now
The market changed dramatically over the last five years. EMV adoption has been a net-positive, in that it’s helped protect consumers and merchants operating in the card-present space. However, it hasn’t prevented fraud, so much as it’s simply moved it.
Card-not-present merchant merchants are facing the brunt of the fraud burden. So, while chip cards are great, there’s still plenty more work to do, both online and off.
Have additional questions about EMV fraud protections? Want to learn how you can spot errors, develop a fraud strategy, and stop friendly fraud? Click below and speak to one of our experts today.