The payments world has been talking about EMV adoption for years. The UK adopted EMV back in the early 2000s, and more than 60 countries have followed suit since then. The US is currently the only major Western country that hasn’t already started EMV adoption, and that won’t be the case for long – in October, 2015, EMV will officially come to the US.
There’s been some resistance to this development, but the advantage in terms of fraud prevention has been clear from the start. In every country where EMV has been or is in the process of being adopted, face-to-face fraud dropped significantly post-adoption. Magnetic stripe cards were vulnerable to ‘skimming’, because criminals could appropriate their relevant information with a single swipe. Chip cards do not have this weakness; and the physical cards are far more secure in consequence.
What effect does EMV have on card-not-present transactions?
Obviously, this benefit is not available to CNP merchants. EMV only helps where the card itself is present, and cannot increase security or prevent fraud where that is not the case. That’s unfortunate, but not a disaster – there are already a number of ways in which CNP transactions differ from card present ones, and this would simply be one more on the list.
What is more problematic is that in countries which have already adopted EMV, CNP fraud rose dramatically following EMV adoption.
Why? Because fraudsters aren’t stupid. They know the properties of EMV cards as well as anyone else; they keep an eye on factors which might affect their line of work, just like individuals employed in more reputable professions. If card present fraud becomes more difficult, they move to the CNP environment. It’s just logical.
This is why we talk about the “post-EMV fraud tsunami” – the increased level of fraud that online retailers can expect after the adoption of EMV.
So what can merchants do about it?
Fortunately, there are steps that online retailers can take to make sure that their business doesn’t disappear beneath the oncoming wave. In summary:
1) Know Your Fraudster
2) Forget Everything You (Thought You) Know
3) Smart Linking
4) Automate
5) Don’t Panic
Want to find out more? Check out our presentation from MRC Vegas: The Post-EMV Fraud Tsunami: 101 Guide for Online Retailers.
