The much ballyhooed arrival of EMV (Chip and PIN) credit cards is now well under way, and most, if not all, major U.S. banks have already swapped out their customers’ old credit cards for those with EMV chips. As background, the reason behind this change was pretty straight-forward: to stop rampant credit card fraud. Thomas Edison noted that “a good intention, with a bad approach, often leads to a poor result,” and as many of our European counterparts have discovered, the adoption of EMV has brought with it some unwelcome consequences. As it turns out, while EMV might have dampened Card Present (CP) fraud, instances of Card Not Present (CNP) fraud are on the rise and are expected to skyrocket in coming years.
A recent report from Juniper Research, a financial services research firm, found that global online fraud is expected to reach $25 billion (that’s right, BILLION) by 2020, thanks in part to chip-enabled cards. By comparison, that same type of fraud was only $2.9 billion in 2013, according to the Aite Group. Canada, Australia and the UK, which switched to EMV in the early 2000’s, have all experienced jumps in CNP fraud since making the switch.
So what can we expect — and do — in the coming months and years as EMV adoption continues to make its way across the globe?
Pay heed to Isaac Newton
Newton’s third law states that for every action there is an equal and opposite reaction, and fraud is no exception. As mentioned above, Card Present fraud in non-EMV countries rises as it decreases in nations who have made the switch to EMV. Ever resourceful fraudsters simply skim cards stolen from EMV countries, and then use them in non-EMV countries.
Same song, different tune
Look for fraudsters who previously stole credit card data and sold it on the Dark Web to be changing their approach. Fraud actors will still sell the data, but their focus will change from the sale of physical cards. Instead, look for them to market the data they have gleaned from compromised cards for use in CNP fraud. Regardless of how the perpetrators go about carrying out their crimes, financial institutions will need to invest in services such as multi-layered fraud prevention solutions that alert them to a compromised card.
A game of leapfrog
As more countries come onboard, instances of Card Present fraud will continue to drop but we can’t afford to rest on these laurels. Quite the opposite. In fact, as a recent Faces of Fraud survey found, while 33 percent of respondents experienced CNP fraud in 2015, that figure is expected to rise significantly in coming years. Jeremy King, international director of the PCI Security Standards Council, notes that because U.S. financial institutions will have some of the strongest security levels, CNP fraud will be pushed to other countries whose standards may be more lax: “[The] U.S. is going to leapfrog us slightly, and for reasons in Europe, their security is going to be at a higher level; therefore, we will be the target, and we’ve got to be aware — everyone’s got to be aware — that fraud will go to the card-not-present space.”
Looking towards the future
According to EMVCo, an organization dedicated to the facilitation of worldwide interoperability and acceptance of secure payment transactions, globally, 33 percent of transactions are EMV, a figure that is sure to rise now that the U.S. has made the transition. It’s no longer a question of what’s in your wallet, but where is your data. In 2016 and beyond, even greater attention must be paid to preventing CNP fraud as cybercriminals continue to search for ways to circumvent the system. Companies with goals of avoiding CNP fraud will need to add resources, improve and automate their systems to make faster decisions.
Behavioral analytics will help banks go beyond natural fraud schemes and uncover new fraud trends without having to expand resources and further automation. Solutions leveraging different algorithms and Machine Learning are able to look at good behaviors to differentiate between normal and fraudulent behaviors. This results in a more accurate assessment of which transactions need to be stopped, investigated or authenticated by the end user – helping to stop CNP fraud. Globally, financial organizations must ramp up their monitoring efforts sooner rather than later and those efforts must be multi-layered and multi-channel. In today’s complex landscape, it is increasingly important to rely on real-time transaction risk monitoring across all channels. This provides many ways of detecting fraudulent use, such as allowing organizations to define a list of non-EMV countries, making it easier to spot – and stop – fraudulent activity originating there.
If you would like to learn more about behavioral analytics, watch this video: