In the financial industry, EMVs are heralded for their advanced fraud protection features. To initiate purchases in physical retail stores, the chip-enabled credit or debit card must be present, making EMVs more secure than traditional magnetic stripe plastic.
- With chip-and-signature EMVs, the customer signs his/her name to complete the transaction.
- With chip-and-PIN cards, the customer enters a personal identification number.
Whenever and wherever EMVs are adopted, in-store retail fraud decreases. These more secure cards are already the default payment standard in most major markets. Recently, new liability rules made EMVs all but mandatory in the United States.
However, what happens when merchants process card-not-present (CNP) transactions that don't require direct access to the embedded chip? Do EMV security features become obsolete?
EMV Credit Card Transactions in the Online World
When buying products and services online, EMV transactions are identical to those made with magstripe plastic. Consumers only need to provide their:
- 16-digit credit card number
- Mailing address
- Card verification value (CVV)
The fraud protection features that make EMVs so effective in brick-and-mortar establishments don't apply in the e-commerce world.
This doesn't necessarily mean that EMVs are more prone to online fraud, but because physical retail environments are becoming harder to attack, e-commerce stores are much easier targets for thieves and hackers.
If you're going to steal sensitive financial data, your best bet is to go after online purchases — whether consumers use EMVs or older magstripe credit cards.
This is precisely what is happening worldwide.
Online fraud in the U.S. is expected to soar to $6.4 billion by 2018, nearly double what it was in 2014, but you don't have to rely on predictions. The close relationship between EMV adoption and online credit card abuse is already well documented:
- Within three years of embracing EMVs, card not present fraud rose nearly 80 percent in the U.K.
- Online credit card fraud in Australia and Canada more than doubled after they switched to EMVs.
- France watched CNP fraud increase by more than 20 percent during its first four years of widespread EMV use.
As an e-commerce merchant, what steps can you take to protect yourself from fraudulent purchases initiated via Internet or telephone?
Tips for Making Online Shopping More Secure
We have compiled a list of best practices for making your e-commerce shopping cart more secure — both for you and for your customers. These tips apply whether consumers use chip-enabled plastic or swipe-and-sign cards.
Some of the more effective strategies include:
- Using a secure payment gateway that follows PCI-compliant standards.
- Using hosted payment pages to further reduce your PCI scope.
- Making optional CVV codes mandatory for all transactions.
- Investing in tokenization and encryption.
- Actively scanning for common warning signs of card abuse.
Want More Tips for Making Your E-Commerce Business More Secure?
If you’d like additional resources for keeping your online store safe from criminals, schedule a free appointment with our payment security team today.