At a little more than a year old, the merchant EMV liability shift has had an impact, but probably not quite as much as many in the payments industry had hoped it would. Meanwhile, the process of migrating the nation’s payment systems to more secure EMV chip-and-PIN technology continues, albeit slowly.
The deadline for merchants to switch to EMV technology was October 2015, yet just 44 percent of American merchants that accept credit cards have chip-enabled card readers, according to a recent survey by The Strawhecker Group. Meanwhile, multiple reports point to EMV’s success at reducing point-of-service fraud for organizations that have implemented the technology.
However, the increased use of EMV technology has spurred fraudsters to concentrate their efforts elsewhere, including ATMs and card-enabled gas pumps.
Drained at the pump
Instead of paying at the pump, fraudsters are using an array of creative tactics to skim from credit and debit cards used for pay-at-the-pump purchases. Initially, gas stations were going to be compelled to implement EMV technology or assume liability by October 2017.
However, Visa and MasterCard — fueled by the concerns of gas station owners over the cost of device conversion — recently announced they will push back the rollout date to October 2020. The delay will increase opportunity for thieves who use skimming devices to siphon funds through pay-at-the-pump card transactions.
While EMV technology has made it more difficult to commit card fraud at points of service, chip-and-PIN can’t move the needle when it comes to e-commerce fraud. Because the card must be present for the technology to work, transactions that take place without the physical presence of the card are not protected by EMV technology.
With the number of mega data breaches that have occurred in recent years, fraudsters have no lack of data to work with. Information such as usernames and passwords stolen in a breach may reappear for sale on the dark web for years after the initial breach, extending the exposure of both consumers and companies. This data is a rich resource for thieves intent on committing e-commerce fraud.
In fact, while point-of-service card fraud declined in 2016, Experian found card-not-present fraud actually increased by 15 percent last year.
Multiple layers of protection
There’s no denying that EMV technology has worked to reduce fraud and will continue to do so in the future. However, no one should rest on that laurel. Companies must continue to adopt new technologies and tactics such as two-factor authentication to further thwart fraud, especially e-commerce fraud. Modern fraud detection tools should also be an essential part of a company’s anti-fraud arsenal. These systems use dynamic data such as IP addresses, locations and behaviors, rather than static information like birth dates and Social Security numbers, to help authenticate identity. This approach mimics the “moving target” tactic that has proven successful for EMV technology.
Legal Notice: The information you obtain herein is not, nor intended to be, legal advice. We try to provide quality information but make no claims, promises or guarantees about the accuracy, completeness or adequacy of the information contained. As legal advice must be tailored to the specific circumstances of each case and laws are constantly changing, nothing provided herein should be used as a substitute for the advice of competent legal counsel.