Avoiding fraud in a post-EMV world
By Tamara E. Holmes | Published: September 14, 2015
EMV technology has been heralded as a way to combat credit card fraud. But while many are looking at Oct. 1, 2015, as a key date in the nationwide shift to EMV, the deadline is unlikely to usher in a safer payment environment, experts say, and the risk of fraud will continue to rise over time.
"There are probably some misconceptions about what October means," says Randy Vanderhoof, executive director of the Smart Card Alliance. Oct. 1 is a deadline set by MasterCard, Visa, Discover and American Express to shift liability for some types of fraud to merchants and card issuers that do not support EMV. In other words, if fraud occurs, banks that haven't issued EMV cards and merchants who are unable to process EMV transactions could be left holding the bill.
For the consumer, the move to EMV -- short for Europay, MasterCard and Visa -- will usher in different types of threats from scammers. "We will continue to have card fraud. It will just be shifting and adjusting," says Julie Conroy, research director for The Aite Group. Here's how experts expect fraud to look in a post-EMV world, and what you can do about it.
We will continue to have card fraud. It will just be shifting and adjusting.
The Aite Group
Counterfeit card fraud will still exist. EMV addresses one aspect of payment fraud, which is counterfeit card use in retail stores. EMV cards have computer chips armed with technology that authenticates transactions. They are more difficult to counterfeit than cards that rely on a magnetic stripe, which stores data that fraudsters can steal.
However, not all card issuers and merchants are rushing to upgrade. "A lot of merchants are waiting to see what happens after Oct. 1 and how much in fraud losses they really incur," says Scott Laliberte, managing director with global consulting firm Protiviti, which helps organizations manage risk. Sixty-three percent of U.S. cards are expected to be chip cards by the end of the year, says Visa spokeswoman Sandra Chu. Approximately 47 percent of retailers are expected to be EMV-ready by the end of 2015, according to the Payment Security Taskforce, a working group made up of U.S. banks.
That means "all of the same security risks involving counterfeit card fraud are going to exist until the majority of retail locations have enabled their stores for EMV," Vanderhoof says.
Counterfeit card fraud may temporarily rise. Fraudsters are just as aware of EMV's potential to cut down on counterfeit card fraud as everyone else. As a result, "bad guys whose specialty is creating fraudulent cards are moving to take advantage of this closing window," says Laliberte. The result could be a temporary increase in counterfeit card fraud until the majority of card issuers and merchants have switched to EMV.
Video: FAQ #3 - Will EMV credit cards protect my online purchases?
Some regions may be hit harder. The largest retail chains are likely to upgrade their equipment the fastest and large chains often focus on high population areas, Vanderhoof points out. National retailers may also stagger the implementation of EMV and focus first on upgrading stores in areas that have seen higher fraud activity in the past. As scammers look for new targets, the regions that adapt more slowly may become more vulnerable.
Fraudsters will change tactics. Countries that have already implemented EMV technology have witnessed a spike in card-not-present fraud. In the U.S., the value of fraudulent CNP transactions is expected to grow from $9 billion in 2013 to nearly $19 billion in 2018, according to a Javelin Strategy and Research June 2015 report. One threat to those who shop online or conduct online banking is malware installed on PCs that records keystrokes, allowing fraudsters to see passwords and PINs. Once login credentials are compromised, scammers can simply infiltrate people's accounts and make transactions, effectively committing account takeover fraud, Aite Group's Conroy says.
Another type of fraud that rose sharply in other countries after EMV migration is application fraud, in which scammers use your personal information to apply for a credit card in your name, Conroy says.
Mobile fraud is also expected to spike. "We're seeing a significant uptick in malware targeting phones," says Laliberte. To make matters worse, consumers are often complacent when it comes to the security of their mobile devices. "Most people have up-to-date firewall or malware protection on their laptop, but maybe they haven't thought about it for their mobile device," says Matt Cullina, chief executive officer of identity theft protection company IDT911.
Other threats include check fraud and remote deposit-capture fraud, which targets mobile bank deposits.
Most people have up-to-date firewall or malware protection on their laptop, but maybe they haven't thought about it for their mobile device.
While financial institutions and merchants must do their part to create a secure environment, there are ways you can be proactive about the new threats, experts say.
- Check your banking and credit card statements online at least once a week for fraudulent transactions, Conroy suggests. Also sign up to have text messages or emails sent to you when large transactions occur.
- Limit the number of credit cards you use for online shopping to reduce the number of potential cards being exposed to fraud.
- Stick with larger online retailers who are more likely to have invested in advanced security measures, Vanderhoof says.
- Have anti-virus and firewall protection installed on computers, smartphones and tablets.
- Avoid conducting financial transactions when connected to public Wi-Fi networks. Also use sophisticated password combinations of letters, numbers and symbols.
- Ask retailers who haven't upgraded to EMV when they plan to do so. Customer pressure may get them on board sooner, says Cullina.
Fraudsters are "not going to hang up their shingles and go away," says Conroy. "But I think we will see them shift to some extent from the credit card focus over time and then move on to other areas that are a little bit easier to compromise."
- Debt relief firm that claimed ties to US government sued by CFPB – The Consumer Financial Protection Bureau sued two companies both known as FDAA for an allegedly illegal debt relief scheme targeting credit card debtors ...
- In the wake of Equifax hack, Congress proposes credit bureau reform – Lawmakers call for changes in credit report system to protect people's data, or at least give them more control over it ...
- Poll: 1 in 4 Americans checked their credit after Equifax breach – The flood of post-breach consumer action is encouraging, but many still didn't check their credit ...