Mind the gap: Coming together to prevent card fraud
The entire payments industry has seen a substantial increase in fraud losses over the past decade. Thanks to EMV technology, we can expect to see card present fraud dramatically decrease. That’s the good news.
Now the bad news:
In order for this technology to reach its full fraud preventing potential, something significant is going to have to transpire between all members of the payments’ ecosystem – something that unfortunately isn’t happening fast enough.
In addition to highly publicized security breaches at major retailers, skimming to steal card information at swipe locations and then cloning magnetic stripe cards to use at retailers has increased over the last 10 years.
Unlike the magnetic strip on the back of the card which cannot be updated with purchase information, the EMV chip keeps track of each transaction and transmits information to the reader for processing. Whereas the traditional magnetic stripe cards were relatively easy to copy, this two-way communication makes EMV cards much more difficult to clone.
Credit unions, banks, payment processors and card issuers have invested countless dollars and other resources getting EMV technology in the hands of consumers prior to last month’s EMV liability shift deadline. For its part, PSCU has been issuing EMV cards to its credit union Member-Owners for more than four years. Our EMV deployment strategy went far beyond ordering new chip cards. We conducted EMV educational forums across the country, as well as armed our credit union members with best practices for encouraging member adoption and usage. To date, PSCU member credit unions have issued over 2.8 million EMV-enabled credit cards. More than half of all PSCU credit unions have issued EMV credit cards to their members and several hundred more are at some point in the process. And more than 200 are in the process of converting to EMV debit cards.
To date, a large percentage of retailers, smaller chains and independent stores in particular, have resisted the EMV shift because of significant upfront costs and the disruption to their operations. They’ve lagged behind despite having the same amount of time to update their payment acceptance and processing technology as all other players in the payment processing cycle.
Many retailers have either not yet replaced their credit card terminals or have not enabled the new EMV features. If consumers use their new EMV credit cards in the old terminals, the merchant will now bear the cost for any fraud that occurs as a result. An even greater concern is that fraudsters will target stores without EMV-enabled terminals since they can continue using their proven method of skimming. Upgrading and enabling these terminals is critical. Without it, little will be done in terms of reducing card present fraud and identity theft.
The deadline was intended to motivate merchants to adopt EMV. Instead, merchants opted to spend their time lobbying the government to mandate PIN transactions, which cost them less than signature transactions. So perhaps the recent outcry from merchants about needing more time to implement EMV terminals is actually more about lowering interchange costs, which mandating a PIN would likely accomplish.
The Road Ahead
Rather than spending their time on tactics that distract from the real issue, merchants would be better off investing their time and resources into making the necessary updates to payment acceptance and processing technology.
Although EMV is not a magic bullet, adopting new technology to prevent fraud requires complete participation from all parties in the payments loop. If there are any gaps in the process, it’s a safe bet that criminals will capitalize on them until they are closed. New and emerging authentication techniques such as tokenization, biometrics and other forms of encryption promise to add even more strength in the fight against fraud. But the payments ecosystem will not maximize the potential of EMV fraud mitigation technology or any other emerging technologies until all participants are equally engaged.
To truly mitigate payment card fraud, all of the players in the payment processing cycle – merchants included – need to come together and move forward with implementing EMV technology.