Chip and Pin (EMV) Won’t Stop All Fraud: Here’s Why

Posted by Zach Walker on Feb 26, 2014 8:13:00 AM
Find me on:

ChipandPIN

In the final piece of our article on EMV technology and chip and PIN cards, we're going to explain why these "smart cards" will help reduce fraud but are not the key to stopping all fraud. Basically, fraud types will shift and fraudsters will improve their fraud techniques.

Just Like Squeezing a Balloon

In spite of these limitations, the implementation of EMV in the UK resulted in a 75% decrease in credit card fraud at brick and mortar stores over 8 years (2004 to 2012). However, European fraud has merely switched to new locations.

  • on-line transactions
  • elaborate ATM fraud
  • markets without chip-and-PIN like the US

Online credit card fraud has skyrocketed in Europe after EMV was implemented there. The best way to picture both card-present and card-not-present fraud is to view it as a balloon. When it becomes more difficult for cyber criminals to rely on card-present fraud (like squeezing one side of the balloon), the amount of card-not-present fraud increases (like the other end of the balloon expanding).

Squeeze too much on one side, and the air has to go somewhere else.
Squeeze too much on one side, and the air has to go somewhere else.

So, when EMV comes to the US , expect the type of credit card fraud to change. Don't expect fraud to just disappear.

Unresolved Vulnerabilities

The key thing to take away from these implementations is that chip-and-PIN cards are not foolproof and are still susceptible to hacking.

Many experts believe that U.S. banks can expect to see ATM fraud involving skimming increase over the next 12 months as the United States begins the switch to EMV technology. For fraudsters, there are a few ways that they can attempt ATM related attacks by using such methods as;

  • Card Skimming: Where a customer's card information and PIN are captured at an ATM and used to produce counterfeit cards for fraudulent cash withdrawals. In this case, the customer sees a normal transaction and retains the card.
  • Card Trapping: When a customer inserts their card into an ATM, the card is physically captured at the ATM, compromising the PIN. Later, fraudsters can use the card to make fraudulent cash withdrawals with access to the PIN.
  • Cash Trapping: Instead of seizing the customer's card in the ATM, fraudsters will attach a device to an ATM that will trap any cash that the ATM tries to dispense. While the customer will retain their card, fraudsters will later return to the ATM and retrieve the cash trapped inside the ATM.

While the transition to EMV technology is well overdue for US consumers, retailers and card issuers, it's important to recognize that fraudsters and cyber criminals will get better at bypassing EMV technology.

Fraud Lives On

EMV is a piece of the security puzzle, but don’t expect it to stop all fraud. US implementation of EMV may well decrease card-present credit card fraud in the US, as it has in the rest of the world. However, expect fraudsters to increase their online fraud and to gain sophisticated tools to bypass EMV security. Fraud will always be an arms race between credit card issuers and organized crime.

 


Get an update on EMV implementation in the U.S. through our featured white paper, State of Card Fraud: 2016.

New Call-to-action

 

Topics: Industry News, EMV