(1).jpg "Merchant Services Payment Processing Education")
.jpg?width=544&name=116137226_s%20(1).jpg)
Why should businesses meet EMV standards? And why should consumers adopt it with open arms?
- Because credit card fraud still runs rampant in both brick and mortar and eCommerce stores.
- Because customers who experience fraud lose trust in your business and your brand.
- Because credit card fraud and identity theft are consumer’s number one concern.
- Because fraudulent transactions lead to increased chargeback filings.
- Because chargebacks cost businesses time and money.
- And because there is something we can do about it, and that’s being dedicated to security in payment transactions.
It's been almost six years since the new EMV payments rules went into effect. The new rule shifts fraud liability from card issuing banks to merchants that are not EMV compatible. While adoption is growing among merchants and consumers, saturation is still not where it should be.
In 2019, more than 97% of transactions in Europe were EMV chip transactions per EMVCo. While in the U.S. over the same 12-month period, EMV payments only accounted for less than 63% of transactions.
It's time for more merchants and consumers to embrace EMV technology as the standard for security. It's one of the first lines of defence in the fight against credit card fraud. If we are going to be successful at protecting sensitive data, we're all going to have to do our part.
A brief history on EMV technology.
EMV technology is a global security standard that makes in-person credit card transactions more secure.
EMV is the common term that refers to the set of standardized security specifications that govern secure card-based payment transactions. A cooperative of the major card networks, EMVCo LLC, created the security specifications.
EMV is technically an acronym that stands for EuroPay, MasterCard, and Visa, who originally formed the organization. Later, once the other three major card brands joined the coalition, they became EMVCo. EMVCo is now co-owned and managed by MasterCard, Visa, American Express, JCB, Discover, and UnionPay.
Contact card-present chip transactions are more secure than transactions initiated through the old mag stripe technology. This is because of the cryptographic functionality in EMV chips embedded on credit cards. The EMV chip creates a unique, one time use code for each transaction. Unlike the old mag stripe, where actual cardholder information and card number were communicated. And subsequently, easily hacked and intercepted.
Globally, more than 80% of credit and debit card transactions are EMV chip transactions. But in the U.S., EMV chip transactions make up just under 63% of all transactions per EMVCo.
Fraud liability shifts to merchants under EMV Compliance rules.
What does it mean for liability to “shift” to merchants?
Prior to Oct. 1, 2015, all liability for counterfeit card fraud fell on the card issuing banks. Card brands and card issuing banks are developing newer ways to secure sensitive data. But it will only work if all merchants adopt the technology.
In an effort to push adoption of the new EMV standards, banks transferred some liability for fraud to the merchants.
Beginning Oct. 1, 2015, any liability for counterfeit fraud landed with the entity with the least security standards in place. This means that any merchant who has not upgraded to EMV compliant payment terminals would be liable for fraud.
Card issuing banks want to protect themselves from the financial burden of fraud. By moving a portion of the liability to merchants who don’t comply, they're able to offset their own costs.
In short, if a merchant could process a transaction with an EMV chip but instead process it using a mag stripe, they are liable if fraud results.
This is a problem considering only 63% of transactions were EMV transactions in the U.S. in 2019.
Every Card-Present merchant should want to comply with EMV standards.
The 2020 Federal Trade Commission report revealed credit card fraud as the most common type of identity theft in America. The more fraudsters get away with it, the more types of fraud they commit.
The number 1 reason businesses should adopt EMV compliance is to protect their customers and themselves from fraud.
Fraud is very costly and has many ramifications for both businesses and their customers:
Businesses lose their products and the revenue that would’ve come from them.
They incur chargeback disputes that not only cost them in fines and fees, but cost time and money to investigate. Recent statistics from LexisNexis show that U.S. businesses pay $3.13 for every $1 of fraud they incur.
But, just as important, chargebacks have negative impacts on businesses that go beyond the cost to revenue. Acquiring banks set thresholds for the allowable amount of chargebacks a business can incur. Businesses with a high incidence of chargebacks are high risk, and pay more for their payment processing.
If a business’s chargeback ratio breaks the threshold, the bank could close their merchant account altogether. Not only does this leave the merchant with no way to accept payments, it makes getting approved for a new account difficult.
Fraud also costs businesses their customer confidence. Consumers who have been a victim of fraud lose trust in that business's security measures. And, they often take their businesses to a more trustworthy company.
2020 brought on a rapid digital shift.
Over the last 5 years, EMV compliance has taken a big bite out of card-present credit card fraud. And that is a win. But fraudsters tend to go where the money goes.
Fraudsters turned to eCommerce to commit credit card theft and fraud. By nature, eCommerce is less secure than in-person transactions. There are more ways for fraudsters to hack the system and get the valuable information they need.
So not surprisingly, eCommerce fraud increased substantially since the implementation of EMV standards.
Then we entered a pandemic.
Both the eCommerce and digital sectors experienced a massive surge as a direct result of the COVID-19 pandemic. Fraudsters were elated.
The massive shift to E-commerce by consumers gave fraudsters even more opportunity to commit fraud. After already experiencing more fraud due to EMV, eCommerce endures a second surge due to the pandemic.
It doesn't seem like it's going to slow down anytime soon. Juniper Research reports that ecommerce fraud losses will reach $20 billion in 2021, up from $17.5B in 2020.
How can we help make card-not-present transactions more secure?
EMV compliant chip readers help make card present transactions more secure. But how can we make card-not-present transactions more secure when there’s no chip to dip?
In eCommerce, the customer isn't standing there, card-in-hand with a chip to dip. This means E-commerce merchants must take a few extra steps to authenticate transactions. It's the only way to mitigate fraud attempts.
What can eCommerce can do to help reduce fraud attempts?
Merchants must make sure they’re collecting enough information to validate the purchaser. Or, more importantly, enough to make it difficult for the fraudster.
Yes, this may cause a bit more friction at the checkout, but it's necessary to combat fraud. Especially since eCommerce fraud has been increasing substantially. First with the adoption of EMV, and then with the huge shift to eCommerce due to the pandemic.
When collecting customer information, ask for the billing address associated with the card being used. Also make sure to employ the Address Verification Value (AVV). AVV compares the address given with the address on file with the customer’s card issuer.
The shipping address can differ from the billing address. And a criminal with a stolen card or card number may not have gotten that much information.
For high-value purchases, merchants should go a step further and require additional contact information such as email and phone number. There’s a lot more at stake when a merchant gets scammed out of a product that is expensive.
On the payment screen, the card information form should request the name “as it appears on card”. And require the purchaser to enter both the expiration date and the CVV code. You would be surprised how many gateways are not programmed to ask for the CVV code. Fraudsters may hack card numbers but not have the CVV. Or they may not know the cardholder uses their middle initial on their card.
Another way to make sure you have the latest security standards and patches is to always maintain PCI Compliance. PCI compliance will reveal any outdated software and weak spots in your security. Therefore, it helps secure many of the ways hackers exploit payment pathways.
These are all simple steps that help protect you and your customers' sensitive data. Once consumers understand this, they realize it is well worth the slight inconvenience.
Consumers should embrace EMV and 3D Secure technology.
Americans are acutely aware of the risks of fraud in our daily activities. And the consensus seems to be that the risk is increasing, according to 92% of American consumers.
We know consumers are already pretty picky about who they support with their hard-earned dollars. But regarding a risk of fraud, more than half of American consumers would take their business elsewhere if a business didn't monitor for fraudulent activity.
Identity theft is the biggest fear of U.S. consumers today. And as we’ve already pointed out, credit card fraud is the most prevalent type of identity theft. People always think of the financial ramifications of identity theft. But we rarely stop to think of the permeating effects on a victim's life.
A study sponsored by LifeLock dove into the emotional ramifications of fraud and identity theft on individuals. It's clear that identity theft has much greater consequences than mere financial issues.
Being a victim of identity theft or fraud has a ripple effect on the victim's life. In addition to financial hardships, it can also have a negative impact on family life and emotions. After the obvious first reactions of annoyance and anger, people went through a myriad of emotions and ongoing troubles.
Victims experience fear for their personal financial security which invokes feelings of “helplessness or powerlessness”. And it's not just emotional, some of these emotions manifest themselves physically. Victims (74%) reported feelings of stress and anxiety, and many experienced heart palpitations and loss of sleep.
American consumers need to embrace new security technologies aimed at protecting their sensitive data. Even if it means a little extra effort on their part. They need to understand that to be protected from criminals, they may have to accept a little more friction.
Are there EMV chip card scams?
Yes, of course there are. Payment card fraudsters are sophisticated criminals.
One 2018 scam involved criminals who stole physical chips from real credit cards. They were able to remove the chips and replace them with dummy chips before sending the card on to the recipients. So it wasn't so much that they copied the card information or stole sensitive data. They stole the actual chip.
Data security standards are a moving target. For every advancement we make, fraudsters have a new challenge to meet. But we can thwart the majority of fraud attempts by putting these security measures in place.
Moving forward with EMV compliance.
EMV technology has been in use for decades. The rest of the world already accepts EMV specifications as the standard of payment processing. Consumers are beginning to venture out and visit store fronts again. And they want to be sure they’re safe in more ways than one.
Consumers want secure payments, but they also want to stay safe. Contactless payment options and mobile wallet use enjoyed widespread adoption as a direct result of the COVID-19 pandemic. Newer, EMV compliant terminals are already equipped with NFC technology to accept contactless payments and digital wallets.
EMV and contactless payments are technologies that will continue to evolve and progress and shape the future of payment processing.
EMV compliance can help merchants detect and prevent fraudulent transactions in real time. By processing transactions following the recommended EMV procedures, merchants help to fight fraud.
Increased use of contactless payment methods has taken a significant bite out of successful credit card fraud attempts.
Additionally, cutting down on fraudulent transactions lowers the chargeback disputes that ultimately follow fraud.
And finally, by complying with the EMV framework, merchants help keep the liability for fraud off of them and on the bank’s end.
And the statistics prove it:
3.7 million U.S. EMV ready merchants as of September 2019.
75% of storefronts in the U.S. accept EMV cards as of March 2019.
87% decrease in counterfeit fraud losses achieved by EMV compliant merchants.
Processors, merchants, card issuers, and consumers are all responsible for doing their part. There are many ways for merchants to upgrade to EMV affordably. Strong authentication can give consumers confidence for minimal inconvenience. There is no more room for excuses. We all have to participate in the fight against fraud.
Are you ready to upgrade to EMV compliant payment terminals? Ready to begin accepting contactless payments and mobile wallets? There’s no better time than the present, and it couldn't be easier.
MonerePay's ETA-Certified Payment Professionals are well prepared to advise you on the best solutions for your particular business’s needs. Call us today!
