Rippleshot Blog

A study recently released by LexisNexis and Javelin found that card issuers are directly losing $10.9 Billion to card fraud annually. This survey of 100 card fraud and risk decision makers at U.S. card issuing financial institutions found that while the losses come from a mix of different areas - from counterfeit card and application fraud to account takeover, nearly all issuers anticipate fraud growth across the board, regardless of the implementation of EMV.

Five months in, and the EMV rollout has gotten off to a relatively rocky start. Many of the smaller and mid-size financial institutions we’ve spoken to have yet to finish transitioning over to chip cards, and anyone with a chip card can vouch for the fact that most merchants aren’t yet accepting them. A fair number of EMV terminals have tape or notes over top of the slot used to dip cards, and we’re hearing from several financial institutions that card fraud is at painfully high levels. What’s happening? We dig in below..

Online fraud is expected to skyrocket in the coming years, but it’s not only because of the EMV conversion. While the new chip cards are forcing hackers to employ different methods of using stolen cardholder information, there’s a separate but perhaps equally as influential statistic at play - the exponential increase in online spending in the United States.

It has been almost a month since EMV’s adoption began here in the United States, and many consumers are still unaware of this massive change in the payment ecosystem. While you would be hard-pressed to find a payments expert who would classify the EMV shift as a disaster, when it rains, it pours.

This month, the House Small Business Committee held two hearings to learn more about the implications of the EMV transition on small businesses, along with the efforts being made to ensure they are in compliance with financial service providers and are in a position to succeed. Witness testimony was heard from a number of parties - from Visa and the NAFCU, to small business owners and the National Retail Federation.

There is just over one week left before the EMV liability shift takes place, and it’s looking like neither consumers nor merchants will be as prepared as expected. Though many experts have been claiming for months that the U.S. will be unlikely to hit the self-imposed October 1st deadline, recent surveys have shown a much more grim outlook.

In the payment security space, the news is almost impossible to ignore. EMV chip-enabled cards are coming, along with an incredibly important fraud liability shift. As of October, whichever party (issuers or merchants) is not EMV compliant will take responsibility for fraud and all related chargebacks.

In a post covering the Fraud Summit here in Chicago in May, we discussed the growing concern over whether or not merchants will be able to meet the rapidly approaching deadline. The concern though, isn’t with the big box merchants, many of whom are already compliant - it’s with the smaller merchants who don’t have the technical support and cash that the larger companies have to implement overhauls of this size and scope.

Unfortunately, a recent survey by Wells Fargo confirms the suspicions that these smaller merchants won’t be ready. In fact, 68% of the small business owners surveyed in early July weren’t even aware that the EMV shift was happening.

As the deadline for implementation of EMV nears closer, and chip cards are starting to hit customer mailboxes, questions surrounding the conversion are growing louder. The most controversial being why the U.S. has chosen to implement chip and signature over chip and PIN (like most other countries that have made the switch). There has been a ton of speculation over the decision, so we’re taking a step back to explain the differences, their impact, and what it really means to not be implementing PIN verification.

The Rippleshot team had the pleasure of attending ISMG’s Fraud Summit here in Chicago this week. Unsurprisingly, the topic on everyone’s minds and mentioned in almost every single panel was the impending shift to EMV in the coming months and how that will impact card security moving forward.

As the United States prepares for the migration to chip-embedded cards, known by many as EMV cards, we as consumers will face one last hurdle before card present fraud is reduced. In October of 2015, merchants and their point-of-sale terminals will have to be EMV compliant to process chip & signature transactions, prompting card issuers to begin aggressively issuing EMV cards.

In the final piece of our article on EMV technology and chip and PIN cards, we're going to explain why these "smart cards" will help reduce fraud but are not the key to stopping all fraud. Basically, fraud types will shift and fraudsters will improve their fraud techniques.

When the dust finally settles, where does everyone stand?

It’s been nearly two decades since the idea of making the switch to EMV was first brought to people’s attention in the United States. With all the recent data breaches involving retailers, government agencies, healthcare providers and educational institutions, the US finally has the political will to make this change.

What Is EMV (aka Chip and PIN)?

When you see the words “chip technology”, they’re talking about credit and debit cards with an embedded microchip that contains unique cardholder information, including the cardholder’s name, card number and expiration date. Instead of swiping your magnetic stripe card and signing to authenticate, the new point-of-sale (POS) machines will read the chip on the card and then ask the cardholder to enter a PIN code to authenticate. Replicating the chip itself is far more difficult than replicating traditional magnetic stripe data, making card duplication much harder.