Are EMV Standards Enough to Stop In-store Fraud?

Three letters have been on the minds of U.S. retailers, banks and card issuers for the past few years: EMV.

Standing for Europay, MasterCard, Visa, EMV encompasses the shift toward chip-based payment card technology to enhance credit and debit card security. Beginning October 1, 2015, the responsibility for fraudulent payments moved from card issuers to retailers if EMV -accepting technology was in use at the time of payment, pushing many merchants to hastily make the switch.

However, nearly a year on only 47 percent of merchants told Aite Group they had completed their implementation of EMV into their point-of-sale systems. Forty-five percent said they were in the process of implementation or were planning to implement.

Part of the slow adoption process may be attributed to EMV’s inherent challenges.

Retailers View Chip Cards as Burdensome

One common complaint from consumers is that paying with EMV chip-enabled cards takes too long. This, along with troubles getting chip terminals certified or to function properly, has led to headaches for some retailers.

“This whole transition has been a challenge for merchants and for our customers,” Mallory Duncan, general counsel for the National Retail Federation, told USA Today. “It’s not one we wanted. It’s extraordinarily expensive. It’s cumbersome, and worst of all it doesn’t really protect our customers to the extent we want.”

Duncan is not the only individual to feel EMV cards do not offer comprehensive consumer protection. As Aite Group pointed out in its report “Chip Cards in the United States: The PIN, PINless, Debit, Credit Conundrum,” in addition to EMV, some in the payments industry have championed a switch to mandated chip and PIN transactions for all cards, which would mean consumers must enter their PIN numbers in addition to inserting their chip-enabled cards into POS terminals. This is typically reserved solely for debit cards, but in Europe, this is the norm.

In a survey of retail trade professionals, Aite Group found that the majority agree, with 62 percent saying chip and PIN should be implemented for all cards in the U.S. However, the minority of 31 percent is still significant.

Credit Card Issuers Also Wary

“In a highly competitive credit card market, issuers are quite concerned about the risk associated with introducing a new element of friction (i.e., a PIN) to the credit card transaction and potentially being relegated to back of wallet when the consumer forgets his or her PIN,” Aite Group’s Thad Peterson and Julie Conroy reported.

While chip technology protects consumers against counterfeit cards, it does not account for lost or stolen cards that may be used by fraudsters. A move toward chip and PIN requirements would.

However, since lost and stolen cards comprise a relatively small portion of fraudulent transactions, some believe EMV implementation is enough. Data from Aite Group showed universal chip and pin adoption would only decrease overall fraud by 9 percent at maximum. In fact, the greatest risk for retailers is now card-not-present (CNP) fraud.

 

Protecting Against CNP Fraud

In short, EMV is effective at preventing card-present fraud, but other in-store payment options could open up new avenues for fraudsters.

An increasing number of retailers are offering payment through non-card options, such as digital smartphone applications. More than 12 percent of mobile payment users reported purchasing items in-store using a mobile device, according to Statista. The amount of these payments is forecast to grow to $118 billion U.S. dollars by 2018, an astronomical increase from $3.5 billion U.S. dollars in 2014.

This is in keeping with data from the Board of Governors of the Federal Reserve System, which reported in 2015 that 28 percent of smartphone users and 22 percent of all mobile phone users took advantage of mobile payments throughout the year, with in-store purchases being the third-most popular channel.

What does this have to do with in-store fraud? A lot.

A report from Drop Labs stated digital payment apps such as Apple Pay may actually make it easier for criminals to commit fraud. Instead of having to procure a physical card or hack into payment app software, fraudsters can simply steal consumer identity information – or purchase it on the black market – and use those details to create a fake account. In a sense, non-card payment options allow criminals the chance to create false credit cards using real information, giving them the opportunity to commit in-store fraud.

Preventing In-store Fraud Through AI

To truly put a stop to in-person fraud, merchants need tailored solutions to help minimize the chance of completing fraudulent transactions.

In other words, retailers can prevent in-store fraud by scoring payment transactions in real-time, receiving instant risk scores and decisions. While a merchant may not be able to tell if a person’s credit card information has been used in far-flung geographic locations within minutes of each other, an artificial intelligence backed by big data science can. As fraudsters step away from more analog criminal methods in favor of digital deception, it becomes essential for merchants to invest in technology that can easily spot red flags and compare buyer behavior with historical patterns.

Solutions such as Feedzai provide deeper understanding of individual customer behavior, using aggregated metrics and transactional data to create hyper-granular profiles. Through machine learning, artificially intelligent algorithms automatically adapt to newer behavior patterns and progressively improve while providing clear explanations for why an in-store transaction may be flagged as a risk.

While some may feel EMV is enough to stop fraud in its tracks, as technology continues to change retail transactions, it’s clear merchants need a multi-layer fraud strategy to manage risk and prevent fraud in real-time.