Increase in card not present fraud after adoption of EMV

Who is liable, and how are credit unions impacted?

by Dustin H. DeVore and Erin Deal Johnson, CU Management

The utilization of chip technology in credit cards was introduced to combat credit card fraud and increase information security. Credit cards are embedded with microprocessor chips, commonly known as “EMV technology”—named after the original developers, Europay, MasterCard and Visa. Unlike traditional magnetic stripe cards, chip-enabled cards support dynamic authentication, which includes unique data in each transaction and makes stored data significantly more difficult for would-be thieves to copy. To encourage the adoption of this technology, there was a fraud liability shift in October 2015: Now, if merchants choose not to provide EMV payment terminals, but the card the consumer used is chip-enabled, the liability for any counterfeit card purchases will fall to the merchant rather than the card issuer. In the case of a “technology tie”—where both the card issuer and the merchant, or neither the card issuer nor the merchant, adopt EMV technology—the liability remains with the issuer. The transition to EMV technology has generally been successful.

While initial evidence suggests that the introduction of EMV technology has reduced fraud where the credit card is physically present, there has been an increase in “card not present” fraud—fraudulent transactions in situations where the customer is not required to physically present the card to the merchant, such as online or over the phone. One study estimates that, as a result of the EMV liability shift and the increase in e-commerce, CNP fraud in the U.S. is expected to increase from $3.1 billion in 2015 to $6.4 billion in 2018. This increase in CNP fraud is not surprising. As credit card information has become harder to steal through in-person transactions, it is only logical that identity thieves would look for an easier target: the enormous and still rapidly growing online sales market. Additionally, the U.S. was one of the last major economies to shift to EMV technology; data collected after other countries transitioned to EMV demonstrated that there would likely be an increase in CNP fraud after the shift. For example, one year after “chip-on-chip rates hit a breaking point of … 50 percent” in Canada, CNP fraud increased by 30.1 percent. In Australia, the increase was a staggering 126.1 percent. A November 2016 report from ACI Worldwide estimated that CNP fraud attempt rates in the U.S. would increase 12 percent by volume.


continue reading »