The much-anticipated EMV deadline has officially passed, allowing U.S. merchants and consumers to join the rest of the world in the fight against in-store credit card fraud. Now that our sensitive financial details are finally safe from thieves, here on out we can expect to be fraud-free.
At least this is how the story was supposed to go.
The reality, however, is somewhat different. Although EMV adoption has achieved some of its original goals, security breaches are on the rise. In fact, 2015 was one of the least secure years when it comes to fraudulent activity.
What happened? Why didn't the U.S. EMV deadline put an end to credit card fraud?
Let's take a look.
1. The Pre-EMV Fraud Spike
With the EMV deadline quickly approaching, many thieves rushed to take advantage of POS systems that hadn't yet upgraded. According to some estimates, the amount of fraudulent account creation skyrocketed at the beginning of 2015, with more than 25 percent of newly created accounts being flagged as fake.
From May to July of 2015, that number jumped to 50 percent.
In other words, the EMV deadline created a surge in data breaches simply because hackers were eager to exploit vulnerabilities while they still had the chance.
However, what about after the deadline passed?
2. EMVs Offer Little Protection Online
The extra security features that EMVs offer only protect against in-store fraud. For card-not-present (CNP) transactions, EMVs are no different from traditional swipe-and-sign plastic.
Thieves know this, which is why they’ve increasingly targeted eCommerce websites.
This has happened in nearly every major market that has made the switch to EMVs. As physical stores become more secure, eCommerce websites represent low-hanging fruit. Europe saw online fraud go from 25 percent in 2004 to 64 percent in 2010 after making the EMV switch. Experts predict that the U.S. could potentially witness a doubling of CNP fraud over the next two years — largely because of EMV adoption.
Yet, there is perhaps an even bigger reason why EMVs in the U.S. haven’t completely stopped fraud.
3. EMVs Aren’t Universal
Although EMVs do make in-store purchases more secure, this benefit only exists when both sides of the transaction are EMV-ready. In the U.S., this is rarely the case — even after the October deadline.
An estimated 59 percent of consumers don't have chip-enabled plastic yet. EMV adoption on the merchant side is even lower. According to some estimates, retailers have barely cracked the 25 percent mark — that is a real problem.
New liability rules definitely help to shift responsibility, but they do not prevent fraud. As long as either side of a transaction is legally allowed to use traditional mag-stripe options, retail fraud will only continue to climb. In 2015, experts predicted that total U.S. credit card fraud could exceed a staggering $10 billion.
In actuality it was much higher than that.
The true test will be this upcoming holiday season when Americans hit stores in droves. However, that test will only be valid when looking at "card present" transactions in which both sides are EMV-compliant.
To learn more about EMV credit card processing and advanced fraud protection, contact BluePay’s payment security team today.