Look to EMV chip cards for recent rise in digital credit, debit fraud attempts

But fraud itself may not be up as criminals change tactics, point-of-sale breaches drop

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Those fraud-fight­ing, chip-enabled cred­it cards seem to be every­where now and—credit card fraud activ­i­ty is up dra­mat­i­cal­ly. That might actu­al­ly be a good thing, however.

Retail fraud attempts rose 31 per­cent dur­ing the hol­i­day shop­ping sea­son, com­pared to last year, accord­ing to fraud-fight­ing firm ACI World­wide. The firm says 1 out of every 97 trans­ac­tions was a fraud­u­lent attempt dur­ing December.

Relat­ed info­graph­ic: Fraud­sters adjust to new EMV chip cards.

Over the 2016 hol­i­day shop­ping sea­son, mer­chants expe­ri­enced sig­nif­i­cant growth in their dig­i­tal chan­nels, cou­pled with a sub­stan­tial increase in fraud,” said Markus Rinder­er, senior vice pres­i­dent, Plat­form Solu­tions, ACI Worldwide.

Fraud­sters’ job gets harder

That nec­es­sar­i­ly doesn’t mean bad news. It could be a sign that crim­i­nals are being forced to work hard­er than before to com­mit plas­tic card theft.

Or, the flur­ry could indi­cate a lot of ongo­ing “research” by crim­i­nals. The shift to so-called EMV cred­it and deb­it cards—those equipped with a chip—was always des­tined to shift crim­i­nals away from in-per­son coun­ter­feit card fraud and toward online card-not-present fraud. The chips don’t stop online fraud.

Banks and mer­chants are tight-lipped about actu­al fraud rates, but Gart­ner ana­lyst Avi­vah Litan says while fraud activ­i­ty has risen sharply, she doesn’t believe actu­al fraud rates are up.

I’m hear­ing the same trends from large banks—the per­cent­age of fraud attempts against them is dra­mat­i­cal­ly increas­ing,” she said. “I’m not sure if the fraud­ster suc­cess rate is up—I don’t think it is—but banks and retail­ers have to work much hard­er to keep a steady state of fraud.”

Visa said late last year that the EMV shift has been a rag­ing suc­cess. After plen­ty of fits and starts, there are now 1.75 mil­lion mer­chants in Amer­i­ca who are chip ready. Those mer­chants saw a 45 per­cent drop in coun­ter­feit fraud with­in one year, Visa said.

Crim­i­nals haven’t caught up

Such a drop was inevitable. Crim­i­nals have not yet learned how to repro­duce EMV chips so they can mass-pro­duce coun­ter­feit EMV cards, the way they are able to dupli­cate mag­net­ic-stripe cards. Pre­dictably, crim­i­nals have shift­ed their atten­tion to online fraud, where chips pro­vide no help.

Indus­try efforts to secure card-not-present trans­ac­tions, with one-time tokens or oth­er tech­nolo­gies, have yet to stick. That leaves banks and online mer­chants fight­ing a dif­fer­ent front in the same war.

But Litan is unsure that EMV deserves all the blame for the recent increase in fraud activity.

Beyond EMV

I think it’s a com­bi­na­tion of (things),” Litan said. First on her list is the pro­lif­er­a­tion of “fraud kits” that bud­ding young crim­i­nals can pur­chase and imme­di­ate­ly engage in crim­i­nal activ­i­ty with lit­tle or no expe­ri­ence. There are also far more crim­i­nals, she said. Crim­i­nals work­ing “dou­ble time” to deal with secu­ri­ty enhance­ments like EMV also are a factor.

The good news is that large banks and mer­chants seem to be effec­tive­ly keep­ing crim­i­nals at bay, Litan said. Her main con­cern is that small­er mer­chants will bear the brunt of the increased activity.

Small­er online retail­ers are the most like­ly to suf­fer since they don’t have the resources to keep up with the new fraud attack trends and they are held liable for e-com­merce fraud, which will con­tin­ue to increase as EMV rolls out in the U.S,” Litan said.

More sto­ries relat­ed to EMV chip cards:
As U.S. adopts EMV tech­nol­o­gy, will hack­ers revamp tactics?
As U.S. switch­es to EMV pay­ment cards, fraud­sters exploit still-open loopholes
Gas sta­tions get three more years to con­vert pay­ment card readers


Posted in Data Breach, Data Security, Featured Story