As of October 15, 2020, EMV technology has been the law of the land in the US for five years now. The October 2015 deadline marked the point at which merchants needed to accept either chip cards, or the liability for any fraud that happened on their watch. Now, most Americans have at least one chip-enabled card in their wallets, and for many of us, “dipping” the card comes pretty naturally.
Chip cards, which hold much more information than basic magnetic stripe cards, work by storing dynamic, encrypted data. The card produces a unique token for each transaction, which it transmits in place of the cardholder’s actual information. This prevents criminals from using skimmers and other data reading technologies to try and steal users’ information.
Cardholders’ data is more secure, and businesses face less risk from counterfeit payment cards. Sounds like a win-win, right? Well, given that we now have five years of data to examine, it may be time to look back and gauge just how effective EMV technology has been at countering fraud.
EMV Adoption Still Lagging
In 2019, Visa reported an 87% decrease in counterfeit card fraud resulting from EMV adoption in the US. So, clearly, the technology has had some efficacy. The rollout wasn’t a smooth process, though; issues with software, certification, and cost delayed EMV conversion for years in some cases.
In 2019, EMV-enabled transactions grew by 17.7% year-over-year as a share of total card-present transactions. However, EMV was still used in fewer than two-thirds of total card-present transactions. Although EMV usage is on the rise, vulnerabilities will persist until EMV technology becomes the consistent standard.
Gas pumps are a primary source of these issues. For instance, nearly one-third of all operators have no EMV-ready pumps available. Even among the nation’s largest chains, two-thirds say they’ve installed EMV chip readers at fewer than 25% of their pumps. And, even though the deadline for compliance has been pushed back multiple times (set for April 2021 as of this writing), just 61% of operators say they’ll be ready by then.
The same three issues—software, certification, and cost—are plaguing merchants at large. However, one-third of merchants also report experiencing issues related to COVID-19. Those respondents cited cash flow, for instance, as a major obstacle, which is a problem due to the months of shutdowns caused by the virus.
COVID-19 being an obstacle to EMV adoption is something of a catch-22 for merchants. EMV-compliant terminals would let consumers make touch-free purchases using NFC (near-field communications) payment options like Apple Pay and Google Pay. But, the tenuous economic conditions imposed by COVID-19 remain, which make it hard to put up the cash to make these upgrades on a wide scale.
eCommerce Feeling EMV Pain as Well
The impact of EMV technology extends beyond just merchants in the card-present space. eCommerce sellers have lost billions of dollars in the last five years due to fraud, and we can trace some of that back to the EMV liability shift.
Recent data asserts that card fraud incidents increased by 104% between Q1 2019 and Q1 2020. An outsized portion of that activity took place online, as fraudsters began seeing card-not-present transactions as the path of least resistance.
This process creates a kind of vicious cycle. When cardholders grow more apprehensive about online activity, they become more likely to dispute charges. That compounds the existing fraud problem, leading to a surge of invalid chargeback issuances (a practice called friendly fraud).
As merchants experience more illegitimate chargebacks, their internal data grows increasingly inaccurate. This leads to waste and misallocated resources in trying to solve a fraud problem that doesn’t exist. Ultimately, legitimate transactions get rejected, while fraudulent ones slip by undetected, and the cycle continues on.
A Good Step Forward, but More is Needed
Here’s the bottom line: while EMV technology was a positive step forward, it does have some drawbacks. Instead of stopping fraud, it merely pushed fraudsters into the card-not-present space. Thus, online merchants are going to see more fraud and chargebacks, especially as COVID-19 accelerates those preexisting trends.
For merchants operating in that card-not-present space, their best shot at defending their businesses is to adopt a multilayer strategy. This means using antifraud tools including CVV verification, address verification, proxy piercing, and geolocation, as well as 3-D Secure 2.0 technology. They should also employ fraud scoring, which will examine each transaction based on all those disparate indicators.
It’s also important to identify and eliminate potential errors in customer service, fulfillment, and other areas of the business that might lead to chargeback issuances. Finally, CNP merchants can take advantage of two-factor authentication and tokenization by encouraging secure alternate payments like Apple Pay or Google Pay.
There’s no “killer app” that’s going to stop fraud once and for all. Fraudsters are inventive and resourceful, and they’re always looking for new opportunities to exercise their craft. Even with EMV chip cards in our pocket, there’s still plenty of work we need to do, both online and off.