Ready or not, EMV is coming to the United States. Most people in the industry acknowledge that there’s no turning back now. The October 2015 liability shift is a short 6 months away.
If you accept credit cards online, you’ve probably been told to brace yourself for a tidal wave of fraud. “EMV locks down the point of sale,” the argument goes. “Fraudsters will be able to use stolen card numbers only for online purchases. Head for the hills eCommerce merchants!”
The advice – invest in card-not-present (CNP) fraud prevention – is certainly valid, but EMV does not offer much, if any justification. It’s noise, a scapegoat, an unexpected soundbite that gets your attention.
The card networks’ liability shift policies for the U.S. market are primarily focused on eliminating counterfeit card fraud, which is at most an unsatisfying piece of the total card fraud pie. Even if there was a dollar-for-dollar shift in fraud from card-present (CP) to CNP channels, the impact would be nearly imperceptible. CNP fraud is too large, and it’s growing fast – at least as quickly as eCommerce purchase volumes.
So what’s the real reason merchants should be investing in CNP fraud detection? Well, there are several. But to name two: rapid growth in cross-border ecommerce and domestic adoption of new (primarily mobile) payment technologies. Both of these trends will drive CNP fraud even if EMV fails to take hold.
Alibaba’s IPO on a U.S. stock exchange symbolizes the opportunity for U.S. companies to reach international consumers. Cross-border ecommerce is still an underexplored opportunity despite being measured in the trillions of dollars globally. As the industry naturally looks outward for growth – accepting less familiar payment types such as AliPay, Bitcoin, Boleto, and GiroPay to reach local markets – merchants must have fraud tools capable of supporting these payment types and a partner with expert knowledge of fraud trends around the world. Fraud rates on international orders are often twice as high as fraud rates for domestic orders. And e-wallets carry additional risk compared to credit cards according to Cyber Source’s Online Fraud report.
In the States, adoption of new technologies for payments in brick-and-mortar as well as digital channels will also drive CNP fraud. Each year, more devices will become internet-(and ultimately commerce)-enabled. Merchants will manage an increasing number of digital channels, and each will have its own risk profile. For merchants, growth in CNP payment volume shifts payments from a channel with relatively minimal chargeback liability (card-present) to a channel with extraordinary chargeback liability (card-not-present).
Of particular concern should be mobile payment technologies that generate card not present transactions for in-store purchases. Emerging payment methods such as Bluetooth low energy (BTLE) and cloud-based mobile wallets have an untested (and therefore higher) risk profile than more familiar tender types, as well as higher interchange rates and greater chargeback liability compared to card-present transactions. All of these factors warrant judicious fraud monitoring.
Will EMV produce a systemic shift in U.S card fraud? Probably not. But the most innovative merchants, the ones that embrace global eCommerce and modernize their in-store experience, must prepare for the risks associated with these opportunities.