EMV (Europay, Mastercard and Visa), a global standard for chip card technology, has been at the heart of payments news over the past few months. The October 1 liability shift date signified that merchants nationwide will assume liability for fraud if they lack point-of-sale tools that can accept the new chip cards. While there is still a long way to go before EMV becomes America’s new normal, the process of merchant conversion is well under way. Consumers and merchants alike are adapting to the EMV learning curve as the rollout continues. As we wait to achieve ubiquity in the EMV marketplace, let’s look at a few things that have already changed since October 1:
A Growing Awareness Of EMV And Mobile Payment Preferences.
While current EMV adoption rates are low, the media frenzy around the October 1 liability shift put the spotlight on EMV’s foundational role in data security. Merchants are realizing that the cost of upgrading their payment processing technology is trivial compared to the cost of a data breach, which averages at $3.8 million, according to the Ponemon Institute. Being EMV-ready can also help improve a business’s overall reputation, demonstrating that they care about the safety of consumers’ data and driving customer loyalty and brand trust. A breach could have potentially devastating effects on smaller merchants as they are now required to assume the full financial burden of any payment fraud and don’t want to be viewed as lagging in adopting higher security protocols.
As merchants upgrade their systems to accept EMV, many of the new terminals will also accept mobile wallets like Apple Pay, Samsung Pay, and Google Wallet, as long as the contactless featured is turned on. Virtually all terminals come with this ability, and merchants should be asking their providers to enable contactless capabilities. With 2016 being hailed as “The Year of Mobile Payments,” and major chains including Starbucks, KFC and Chili’s signed on to accept Apple Pay in the New Year, it is in merchants’ best interests to upgrade their terminals to accept the full range of secure payment methods available.
Fraud Shifts To E-Commerce Transactions.
As the rollout of EMV makes it increasingly difficult for fraudsters to use stolen customer financial data at the point-of-sale, criminals are turning to card-not-present transactions as the point of least resistance. The online retail space is a popular target for fraudsters, with the cost of online fraud exceeding $3.5 billion annually, according to CyberSource Corp. Protection against the growing rate of ecommerce fraud requires a combination of consumer diligence, retailer education and use of transactional risk scoring tools.
According to a study by the Aite Group, in Australia, online fraud increased from $72.6 million AU in 2008 to $198.1 million AU in 2011 — a 100 percent increase in card-not-present fraud in the three years following the EMV upgrade. A similar spike occurred in Canada and the UK after each country migrated to EMV terminals, signifying a pattern in fraud migration to the Internet. While a similar rise is forecasted to occur in the U.S. in the wake of the ongoing EMV transition, merchants can, and should, put systems in place to mitigate these risks. Transaction risk scoring tools provided by cards brands, acquirers and/or third-party providers should all be incorporated into the online shopping cart.
Decision-Makers Are Making Security A Priority.
Government officials and agencies such as the FBI have taken a firm stance on the need for chip-and-PIN authentication at the point of sale. The U.S. government is increasingly recognizing the importance of financial data security as it relates to the well-being of businesses. Washington is taking steps to enforce data protection initiatives because of the growing scope and scale of attacks. In today’s digital world, where a single instance of crime can affect millions, lawmakers are making data security a top priority in future legislative actions.
Fraudsters Are Beginning To Target Non-EMV Businesses More Than Ever
As more and more merchants turn to chip readers for their point-of-sale needs, fraudsters will shift their focus to the market that makes it easy for them to use stolen data. Chip cards cannot be cloned in the same way magnetic stripe cards are cloned, and if a cloned magnetic stripe from an EMV card is used at an EMV terminal, it simply won’t work. Criminals will target businesses that haven’t updated their systems and no merchant wants to become a target due to ease of use for the fraudsters.
EMV is a significant milestone in payments security in the U.S.; however, it is just one step toward a more secure future. Merchants must take a layered approach to data protection and reinforce EMV with additional technologies. End-to-end encryption, a method of secure communication that prevents third-parties from accessing sensitive cardholder data while in flight, and tokenization, which substitutes sensitive information with non-sensitive data for data at rest, are other effective measures for protecting data. Merchants should embrace all available security tools when upgrading to a chip-enabled terminal for maximum protection of themselves and their customers.