This post originally appeared on Alaric’s blog.
The EMV roll-out in the US is building speed at long last. It’s been a long bumpy road to get to where we are today, and there is fair bit to go yet. Given all the effort so far it’s important that EMV has the desired effect; to reduce fraud.
But just how will the change impact card fraud as EMV is rolled out across the US? We recently looked at this issue in a whitepaper entitled EMV in the US – how far have we come and where are we going?
Where are we?
A recent report from EMVCo shows a sharp rise in the cards worldwide. There were 2.37 billion EMV payment cards globally, excluding the US, by the end of 2013, up from 1.62 billion 12 months prior.
But so far virtually nothing in the US. However, as the whitepaper shows, things are turning around. From October 2015 the liability for domestic and cross-border card-present transactions will shift to merchants. “The party that is the cause of a chip transaction not being conducted (either the issuer or the merchant’s acquirer or acquirer processor) will be held financially liable for any resulting card-present counterfeit fraud losses,” says Visa. In other words it will be merchants who have to foot the bill if they do not have a suitable terminal for the EMV card.
Jane E. Cloninger, partner at Edgar, Dunn & Company, tells us there is now “very little now to suggest that the timetable for implementation will be blown off course”. A recent Javelin Strategy & Research report suggested the US would achieve EMV “parity” with the rest of the world by 2018.
So if EMV in the US is a done deal, what will the effect be? How will it impact fraud?
Let’s look again at where we are. Right now more than 90 per cent of fraudulent transactions in the US used credit, debit or prepaid cards. Fraud on plastic cards costs more than ACH or check/cheque fraud. The Nilson Report reckons losses for the US payments industry from card fraud could hit $10 billion a year by 2015.
EMV will change the landscape. It will direct fraud away from the card-present sphere just as we have seen happen in other markets where the standard has been adopted. But this time we won’t see the same increase in cross-border fraud. Instead, card-not-present payments, identity theft, internet banking and corporate payments will be targeted.
As the whitepaper point outs, this means it becomes “critically important” for payment service providers, independent sales organisations, processors and acquirers to ensure they have effective fraud detection systems that can protect all channels, all accounts and all payment types from a single platform.
The fact is that EMV doesn’t eliminate fraud; it fragments it. This can be a challenge for organisations that have legacy systems that cannot adapt to the changed environment.
Even in the card present area we can’t expect the EMV wand to eradicate fraud as if by magic. Figures from Visa on EMV transition in other markets indicate merchants can be slow to get ready. If past experience is anything to go by we can expect just 50 per cent of US merchants to be prepared for the liability shift when it happens.
So EMV is not a silver bullet to fix all our payment fraud worries. Some people have even wondered if it’s worth skipping out EMV altogether to focus on new technology that could cut fraud losses. However, I’m certain that without EMV card fraud losses would be significantly higher.
For now I can’t see any point in hanging around to see what happens. Late adopters to EMV will be easy prey for criminals; whether you’re a financial institution or merchant, don’t be the one who’s left with the check at the end of the party.
To learn more, check out NCR and BAI’s webinar on Changing the Game in Fraud Detection.