Category Archives: Mobile Payment

The EMV Liability Shift: How Does This Affect Online Merchants?

This October, the much-discussed Payment Networks’ Liability shift with EuroPay, MasterCard, and Visa (EMV) is due to take effect in the US. What does this mean for online merchants who don’t have a brick-and-mortar presence? It could result in higher costs due to increased fraudulent purchase attempts. However, taking preemptive measures can save you and your company a pretty penny in the long run.

“The Liability Shift”

The October 1 2015, date denotes what is commonly called, “the liability shift.” After this date, when credit card fraud takes place, liability for the costs falls on the entity using the lesser technology. In 2015, the liability for credit card fraud in the US is estimated to total more than $15 billion.

After the shift occurs, if a merchant is still using the swipe and signature method, and the customer has a “smart card” (a credit card with the EMV chip technology in it) then the merchant is liable. If the merchant is using the chip and PIN technology which will become the new standard for the terminals, but the bank hasn’t upgraded to the smart card chip, then the bank is liable. However, this technology is only denoted to be used by brick-and-mortar merchants, this increase in physical security has no effect on CNP transactions.

How The Liability Shift Affects Online Merchants

Now, you might be thinking that, “I don’t have a retail store, so I won’t have to worry about this effecting my business, since all of my transactions take place online or via mobile.” Well, it is true, that the liability shift does not effect online merchants, you won’t have to worry about having a card reader that can utilize the new security features. But, this also now makes online purchases the path of least resistance for counterfeit purchases and credit card fraud. In a study conducted in 2014, CNP (card not present) fraud made up 45% of total US card fraud.

EMV will not result in the elimination of counterfeit fraud, nor will EMV spell an end to database breaches; it will merely force criminals to adjust their tactics and targets. In Canada, when they performed the EMV shift, counterfeit and lost/stolen fraud had a 54% decline from 2008 to 2013, while CNP saw a corresponding increase, jumping 133% over the same period.

Canada, wasn’t alone in this jump. In the UK, CNP fraud rose by 79% when they performed the liability shift back in 2005. Development of more sophisticated fraud analytics by issuers and merchants and an increase in use of 3-D secure technology (explained below) has helped to rein in CNP fraud, soft targets such as call centers has caused this form of fraud to start rise again.

The good news is that there are a wide variety of solutions available to secure the CNP environment; as with any type of fraud prevention, no single point solution will suffice. Instead, merchants should take a layered approach to their defenses. Here are a few different security tactics that you can use to secure your data further.

Behavioral Analytics

Behavioral analytics are a key technology for merchants seeking to bring their fraud-mitigation technologies down to the transaction level. Behavioral analysis tools detect fraud by monitoring the user session and transactions to detect suspicious activities and patterns associated with possibly counterfeit cards. However, as with any tool, you do have a certain level of false positives. To minimize the level of false positives, it is good to have a stepped-up authentication process that includes the end user.

Tokenization

Tokenization is a great compliment to EMV; it essentially picks up where EMV leaves off in the card security process. EMV secures the communication between the card and the POS terminal, but does nothing to encrypt the data, between the merchant and the issuer. This is where Tokenization takes over and replaces the card data with a secure token.

Tokenization removies the account number on the payment card from merchants’ databases and replaces it with a string of letters and numbers that serve as a proxy for the true cardholder data. Which can be used by the merchant to facilitate settlement, recurring payment, chargebacks, etc., but is useless to criminals if the merchant’s system is compromised.

3-D Secure

Finally, there is the 3-D secure protocol which adds an additional layer of authentication in CNP transactions. You know these as Verified by Visa, MasterCard SecureCode, and AMEX SafeKey. One of the key value driver for this level of security is that when they use 3-D Secure, for CNP transactions, the fraud liability shifts to the issuer, even if the issuer doesn’t have the corresponding Access Control Server infrastructure to support a 3-D Secure request.

Conclusion

Card fraud is rapidly escalating at POS and in CNP channels. The arrival of EMV will certainly help stamp out counterfeit fraud, but the experiences of other countries shows that the arrival of EMV will do nothing to stop database breaches, and CNP fraud will rise precipitously unless preventative measures are taking preemptively. With the clock quickly ticking away to the October 2015 liability shift. Merchants should begin to implement the above security methods to guard themselves from this incoming rise in attacks once the shift happens.

The Pros and Cons of Mobile Payment Solutions

mobile_payment_solution

Mobile payments are a big part of the e-commerce industry, and they’re one of Web Payment Software’s specialties.  But the term “mobile payments” is so broad.

In short, mobile payments are any monetary transaction that can take place on a mobile device.  Examples include anything from a card-swiping device that plugs into your phone’s headphone jack, to Google wallet, to a store’s iPhone app that makes it easier to buy products.  Mobile payments are growing, and they’re more than likely “the future.”  But as great as mobile payments are, there are also cons.  So let’s break it down a little more.

Why They’re Great:

1.  The Security
If you download an app from a trustworthy company, use a secure Internet connection, and keep your phone password protected, you’re more than likely safe making mobile purchases.  Do customers necessarily believe that, though?  We’ll discuss that in a bit.

2.  They Give Consumers More Options
Say you’re a business at a trade show.  You have a mobile credit card reader. Customers can no longer say, “I can’t buy that, I only have my card.”  In the same sense, if you’re a customer, you don’t need to worry about bringing cash everywhere.

3.  Brand Loyalty
Mobile payment systems help build brand loyalty.  Lets take a moment and flashback to the McDonald’s mobile ordering app.  It’s great for McDonald’s because people download the app, and then see the McDonald’s logo every time they flip through their phone.  But it’s great for McDonald’s fans as well, because they get a cool new ordering system.

Why They’re Not…(Yet)

1.  User Experience
At the end of the day, many users feel that mobile payments are more trouble than they’re worth.  Why download a phone app, just to purchase a product on a tiny cell phone screen, when you can simply go on your computer?  Why scan a QR code to pay for something when you can just pay in cash?  Think about this – you need to have your phone charged in order to pay for something / accept a payment.  What if it dies?

2. They Cost Businesses Money
If you’re allowing people to swipe credit cards on your phone, you’re getting charged a transaction fee, or a monthly fee, or both.  If you’ve had someone design an app to help people buy your products on the go, that costs money.  The ability to accept mobile payments is not always worth the price.

3.  The Trust Isn’t There Yet
Despite what I said earlier about mobile payments being safe and secure, consumer trust just isn’t there yet.  There’s something about sending information through thin air from one device to another, or swiping your info into someone’s phone whom you don’t know very well.  Read this article for what people in the UK think.

Are mobile payments right for your business?  What do you think?