Rippleshot Blog

No surprise here. Pulse Network’s 2016 Debit Issuer Study cites an across the board increase in fraud losses for all types of financial institutions from 2014 to 2015. But where’s it all coming from? How will mobile payments impact the debit market? And what sort of growth is expected over the coming years? We cover it all ahead:

“Those who cannot remember the past are condemned to repeat it”.

This quote couldn’t hold more true when it comes to the EMV liability shift in America. Cybersecurity experts are perplexed regarding the future, scrambling to find clues in order to predict the who, what, when, and why of the EMV roll-out. What they don’t know is that the answers may actually lie within the past, or across the Atlantic Ocean. Most Americans are quick to forget that we were actually one of the latest to adopt the EMV standard, following suit after Africa, the Middle East, Asia, Latin America, and almost all of Europe. So when it comes to painting a picture of the aftermath that will result from widespread adoption of EMV protocols, why don’t we examine our international counterparts more closely? Join us as we discuss European history surrounding EMV adoption, fraud trends that will carry over to America, and the implications of widespread EMV implementation in our latest infographic: The Evolution of European Card Fraud.

Chip-card hacking has most likely been around longer than you think. Commonly known as the EMV standard, which represents the card network consortium of Europay, Mastercard, and Visa, the chip-based card technology has been widely adopted in virtually every global market (except for the U.S. until recently). EMV was born in 1994, when the three international payment systems sought to develop a global chip specification for payment systems, and the first production version was released in 1996. By embedding a secure chip into a plastic payment card, EMV technology enhances the overall security of debit/credit cards, overshadowing the effectiveness of the traditional magnetic stripe-and-swipe. In addition to replacing the outdated signature with a more secure PIN (personal identification number), the chip card utilizes cryptographic processing to create an ID that is unique to every transaction, as opposed to displaying sensitive account and payment information. However, the common misconception is that EMV is the “be all, end all” of payment security- this couldn’t be further from the truth. Find out how chip-card hacking has evolved from a replacement of internal hardware to sophisticated ATM shimming software as the Rippleshot Team explores the history of chip-card hacking.

We have a good idea of the short-term consequences of data breaches- lawsuits, chargebacks, etc. But what about the long-term? A recent research report published by Claire Greene and Joanna Stavins of the Federal Reserve Bank of Boston sought to find a conclusive answer, leveraging consumer perceptions surrounding Target’s data breach as a case study. By examining longitudinal data on 1,908 US adults from results of the Survey of Consumer Payment Choice (SCPC), the report took advantage of a naturally ripe environment for experimentation, as some respondents were asked to rate payment instrument security before the Target data breach became public knowledge, and others answered the survey after news of the breach became widespread. Although the research has merit in identifying the inelastic behavior of consumers regarding payment instrument usage, it fails to address how data breaches contribute to costly card-reissuance and false-positive declines for banks and credit unions.

The aftermath of headline-grabbing data breaches at deep-pocketed retailers is almost always characterized by litigants of all sizes lining up to seek reparation for their legal injuries. These litigants can come in the form of disgruntled financial institutions, who demand compensation for breach-related expenses, or unhappy consumers who have suffered from theft of personal/ financial information and unauthorized charges on their accounts. Although consumer class-action lawsuits are a dime a dozen, they typically do not fare well in court, as courts generally conclude that their losses are covered in full by banks. On the other hand, financial institutions have a much easier time proving the costs associated with data breaches, such as card reissuance and reimbursement on fraudulent transactions. Follow along as we discuss the most recent data breach lawsuits including Target, Home Depot, and Wendy’s, and their effect on consumers, financial institutions, and retailers.

By 2019, the global e-commerce market is predicted to be worth US $2.4 Trillion. In short, e-commerce is growing at an unforeseen rate. Unfortunately, it also means that online payment fraud, a notorious companion, will tag along for the ride. In their latest research report, Fraud Trends 2016, WorldPay highlights the key issues at the fore of global risk and fraud prevention, such as perceptions regarding mobile fraud, the use of social media in risk mitigation, and the inability of companies to effectively leverage data.

The United States is often the target of most studies on widespread card fraud, due to its slow crawl to implement EMV technology. And because of this, it would be fair to assume that the United States is the only country uniquely experiencing significant levels of fraud and the ripple effects of skeptical customers and loss of revenue. But, that’s actually not the case. ACI Worldwide and Aite Group’s Global Consumer Card Fraud report sheds light on the issue across twenty nations, and provides a look into what even long-EMV compliant countries like Canada and Mexico are experiencing, decades after the implementation, and how consumers are reacting to it.

The landscape of fraud between 2015 to 2016 is best characterized as uncertain and dynamic. As government institutions such as the CFPB and FFIEC begin to play a bigger role in cybersecurity regulation, it has yet to be seen what data security protocols will be required of financial institutions. Also, pending legislation in Congress surrounding data security has the potential to determine federal standards of information security for merchants. Finally, with back-and-forth lawsuits between retailers, payment card networks, and issuers over disputes regarding EMV compliance and liability shift, nobody is exactly sure who will come out on top.

At Rippleshot, we understand how difficult it can be to juggle so many moving parts and develop actionable insights from them. That’s why we created a timeline for you to get up to speed on recent developments in card fraud and payments security.

Yesterday, news broke that supermarket chain Kroger had filed a lawsuit against Visa due to disagreements over chip and PIN transactions. If this is starting to feel like an echo chamber, it’s because Kroger is far from being the first merchant to sue a card network over the EMV conversion. In March, a small grocery chain and liquor store in Florida filed an antitrust lawsuit against all four card networks and a dozen banks. This was followed by Wal-Mart filing a lawsuit against Visa in May, and Home Depot filing one of their own against Visa and MasterCard in mid-June. What’s the issue behind all of this litigation? Follow along as we break each one down.

ABA Endorses Rippleshot’s Automated Card Compromise Detection Platform

Leading banking organization recommends Rippleshot technology for U.S. banks

A fiery debate has resurfaced between financial institutions, merchants, and consumer groups regarding the Data Security Act of 2015. The bipartisan bill introduced to Congress as H.R. 2205 by Representatives Randy Neugebauer and John Carney on May 1st, 2015 explicitly states two purposes: “to establish strong and uniform national data security and breach notification standards for electronic data” and “to expressly preempt any related State laws in order to provide the Federal Trade commission with authority to enforce such standards for entities covered under this Act.”

A study recently released by LexisNexis and Javelin found that card issuers are directly losing $10.9 Billion to card fraud annually. This survey of 100 card fraud and risk decision makers at U.S. card issuing financial institutions found that while the losses come from a mix of different areas - from counterfeit card and application fraud to account takeover, nearly all issuers anticipate fraud growth across the board, regardless of the implementation of EMV.

It’s easy to get caught up in the headlines, particularly when stories of large-scale breaches of cardholder information seem to graze the front of newspapers on a weekly basis. But the truth is, even though the Targets, Home Depots, Michaels and Wendy’s are all-encompassing as far as the media goes, they’re actually not the majority of the card compromises that take place - not by a long shot.

Criminals now have access to a wealth of personal information that is being exposed through data breaches - including, but not limited to names, dates of birth, email addresses, social security numbers, card numbers and home addresses. This information, paired with the implementation of EMV and the inevitable increased difficulty in committing card present fraud has led criminals to a new target - call centers. Armed with seemingly everything they need to know about a person, it often only takes one or two calls and a couple of good, educated guesses to get access to someone’s account.

Last Thursday, the Consumer Financial Protection Bureau issued a set of proposed rules that would put an end to the mandatory arbitration clauses that you see in many bank and credit card contracts today. This announcement has already seen a wealth of commentary from industry associations to legal experts and consumer advocates, but how did we get to this point? What data on arbitrations was used to make this decision? And how will this inevitable regulation affect banks moving forward? We’ll cover it all below.