This October, the much-discussed Payment Networks’ EVM Liability shift with EuroPay, MasterCard, and Visa (EMV) is due to take effect in the US. What does this mean for online merchants who don’t have a brick-and-mortar presence? It could result in higher costs due to increased fraudulent purchase attempts. However, taking preemptive measures can save you and your company a pretty penny in the long run.
“The Liability Shift”
The October 1 2015, date denotes what is commonly called, “the liability shift.” After this date, when credit card fraud takes place, liability for the costs falls on the entity using the lesser technology. In 2015, the liability for credit card fraud in the US is estimated to total more than $15 billion.
After the shift occurs, if a merchant is still using the swipe and signature method, and the customer has a “smart card” (a credit card with the EMV chip technology in it) then the merchant is liable. If the merchant is using the chip and PIN technology which will become the new standard for the terminals, but the bank hasn’t upgraded to the smart card chip, then the bank is liable. However, this technology is only denoted to be used by brick-and-mortar merchants, this increase in physical security has no effect on CNP transactions.
How The Liability Shift Affects Online Merchants
Now, you might be thinking that, “I don’t have a retail store, so I won’t have to worry about this effecting my business, since all of my transactions take place online or via mobile.” Well, it is true, that the liability shift does not effect online merchants, you won’t have to worry about having a card reader that can utilize the new security features. But, this also now makes online purchases the path of least resistance for counterfeit purchases and credit card fraud. In a study conducted in 2014, CNP (card not present) fraud made up 45% of total US card fraud.
EMV will not result in the elimination of counterfeit fraud, nor will EMV spell an end to database breaches; it will merely force criminals to adjust their tactics and targets. In Canada, when they performed the EMV shift, counterfeit and lost/stolen fraud had a 54% decline from 2008 to 2013, while CNP saw a corresponding increase, jumping 133% over the same period.
Canada, wasn’t alone in this jump. In the UK, CNP fraud rose by 79% when they performed the liability shift back in 2005. Development of more sophisticated fraud analytics by issuers and merchants and an increase in use of 3-D secure technology (explained below) has helped to rein in CNP fraud, soft targets such as call centers has caused this form of fraud to start rise again.
The good news is that there are a wide variety of solutions available to secure the CNP environment; as with any type of fraud prevention, no single point solution will suffice. Instead, merchants should take a layered approach to their defenses. Here are a few different security tactics that you can use to secure your data further.
Behavioral Analytics
Behavioral analytics are a key technology for merchants seeking to bring their fraud-mitigation technologies down to the transaction level. Behavioral analysis tools detect fraud by monitoring the user session and transactions to detect suspicious activities and patterns associated with possibly counterfeit cards. However, as with any tool, you do have a certain level of false positives. To minimize the level of false positives, it is good to have a stepped-up authentication process that includes the end user.
Tokenization
Tokenization is a great compliment to EMV; it essentially picks up where EMV leaves off in the card security process. EMV secures the communication between the card and the POS terminal, but does nothing to encrypt the data, between the merchant and the issuer. This is where Tokenization takes over and replaces the card data with a secure token.
Tokenization removies the account number on the payment card from merchants’ databases and replaces it with a string of letters and numbers that serve as a proxy for the true cardholder data. Which can be used by the merchant to facilitate settlement, recurring payment, chargebacks, etc., but is useless to criminals if the merchant’s system is compromised.
3-D Secure
Finally, there is the 3-D secure protocol which adds an additional layer of authentication in CNP transactions. You know these as Verified by Visa, MasterCard SecureCode, and AMEX SafeKey. One of the key value driver for this level of security is that when they use 3-D Secure, for CNP transactions, the fraud liability shifts to the issuer, even if the issuer doesn’t have the corresponding Access Control Server infrastructure to support a 3-D Secure request.
Conclusion
Card fraud is rapidly escalating at POS and in CNP channels. The arrival of EMV will certainly help stamp out counterfeit fraud, but the experiences of other countries shows that the arrival of EMV will do nothing to stop database breaches, and CNP fraud will rise precipitously unless preventative measures are taking preemptively. With the clock quickly ticking away to the October 2015 liability shift. Merchants should begin to implement the above security methods to guard themselves from this incoming rise in attacks once the shift happens.
This reader is better suited for busier merchants seeking an alternative to expensive countertop electronic cash registers. The Vital Plus X5 offers more advanced payment and management capabilities such as split payments, inventory alerts, server/table assignment and kitchen printing. The handheld device features a 5″ HD color touchscreen with customizable screen layouts, a built-in camera for scanning, a charging base and training tutorials. The Vital Plus POS is ideal for small-medium specialty retailers, coffee shops, delis and event registration booths.
This is the most feature-rich POS solution, offering three register sizes to fit various businesses needs and budget. Additional features and benefits of the Select systems include Ethernet/WiFi connectivity, a cash drawer, customer-facing HD color display, employee time clock, and white-glove 24/7 support by Vital Experts. Vital Select systems are ideal for business seeking a full-featured, standalone POS solution. Retailers, restaurants, convenience stores and higher-volume vendors should consider a Vital Select system.
