The Rippleshot Data Breach Blog

How Will EMV Adoption Increase Card Fraud in the U.S.?

Written by Zach Walker | Apr 29, 2015 7:30:00 PM

As the United States prepares for the migration to chip-embedded cards, known by many as EMV cards, we as consumers will face one last hurdle before card present fraud is reduced. In October of 2015, merchants and their point-of-sale terminals will have to be EMV compliant to process chip & signature transactions, prompting card issuers to begin aggressively issuing EMV cards.

What Happened In Europe and Abroad?

Last year, we took an in-depth look into EMV and everything you need to know in our three-part blog post.  But as we move closer and closer to the October 2015 deadline, looking at how EMV adoption impacted other countries around the world will provide some insight into how fraud will affect the United States.

Nearly a decade ago, EMVCo, the EMV parent and standards company, first implemented the EMV standard in the United Kingdom to help combat a much higher fraud rate when compared to the United States at that time. The U.K.’s fraud rate is substantially higher due to a time lag between the time of the transaction and the authorization process that occurred offline. As more EMV cards were introduced in the U.K., card present (CP) fraud saw a reduction across the board.

Fraud related to counterfeit cards took a 56% decrease from £97M to £43M and fraud related to lost/stolen payment cards took a 34% decrease from £89M to £59M from 2005 to 2013. This decrease in CP fraud was possible due to the technological capabilities of EMV-enabled cards. Unlike the traditional magnetic stripe cards that the majority of U.S. cardholders still use, EMV-compliant POS terminals will read the chip on the card, prompting the cardholder to enter a PIN to authenticate transaction. Because it is so difficult to clone payment cards with EMV chips, fraud was forced to shift to different avenues. 

Much like squeezing a balloon, card fraud in the U.K. shifted from CP transactions to card not present (CNP) fraud, ATM skimming, or the United States where it’s much easier to clone the magnetic stripe. Even outside of the U.K., the shift to CNP fraud in a post-EMV society is visible. In 2008, Aite began tracking CNP fraud losses in Canada following their rollout of EMV cards for their 2014 white paper on CNP fraud in a post-EMV society. 

 

 

As we can see in Figure 2, CP fraud dropped dramatically over the course of 5 years by 54% saving over CA$140 million. But CNP fraud seemed to replace the CP fraud that went away by at least a 1-1 basis. This shift in CNP fraud caused a 133% increase in Canada during the same period. With October shortly approaching, many payments experts believe that we will see a similar shift in fraud here in the United States.

Unfortunately for cardholders in the U.S., the roadmap originally laid out by EMVCo and merchants will not require POS terminals to accept a PIN from the cardholder, instead only asking for a signature to verify the cardholder’s identity. With rising costs and the complexity of PIN-based authentication as the main roadblocks to implementing chip-and-PIN cards in the United States. By asking customers to verify the identity by using a signature that can easily be copied, disables the secondary security feature to help increase card security.

 

What We Think Is Going To Happen In The United States

As more and more cardholders in the United States are issued EMV-enabled payment cards, we should see a decline in CP fraud loss just as other post-EMV countries across the world experienced.  This decline will not have as big of an impact when compared to the U.K. or Canada, due to the online real-time authentication system already in place. Another factor to take into consideration regarding the reduction of CP fraud is the fact that retailers will initially accept the less secure chip-and-signature cards, making it easier for cybercriminals to duplicate compromised cards.

 

 

However, the U.S. should expect to see a spike in fraudulent new accounts or account takeovers and in CNP fraud losses. Online spending in the United States will continue to grow, expecting a rise from $262B in 2013 to $440B in 2017, a compounded annual growth rate of 13.8%. With EMV’s rollout and the increase in e-commerce transaction volume, CNP fraud in the United States is expected to dramatically increase CNP fraud.

EMV migration in the United States is long overdue and as we inch closer to the October 2015 deadline, we should prepare for the shift in fraudulent transactions from card present to card not present transactions. As cardholders continue to make more e-commerce transactions, CNP fraud will continue to grow as CP fraud shrinks.

Want to learn more about EMV’s adoption in the United States? Download a copy of our latest white paper, EMV Adoption In The U.S., for an in-depth look at the benefits and downsides to EMV adoption.