CNP Expo: EMV — What to Expect at Crunch Time
May 19, 2015
We all know EMV is coming, the question is, what should online merchants expect? Moderator Paul Tomasofsky, president of the Secure Remote Payment Council, began a panel at the CNP Expo Tuesday by reviewing the history of implementing EMV in other countries and discussing possible solutions for US merchants.
Jackie Barwell, director of fraud product management for ACI Worldwide, painted a picture of the patterns of fraud that developed with the implementation of EMV in the U.K. in 2006: Fraud before 2006 was about even across the categories of CNP, stolen cards and in-store fraud. With the implementation of EMV, CNP fraud spiked. Domestic fraudsters realized they couldn’t skim cards and use the data in-store in the U.K., so they started to use the data online and even abroad. Post-EMV fraud decreased with 3D Secure protocols implemented in 2008.
George Peabody, senior director at Glenbrook Partners, pointed out that other international markets have taken about seven years to establish a 90 percent chip-on-chip transaction rate, so it will be awhile before we see “a solid EMV perimeter.” He noted, “This is hardly a panacea…We are still building the three-legged stool of EMV, encryption, and tokenization.”
First Atlantic Commerce’s Tricia Lines Hill mentioned that in Bermuda, where her company is based, 3D Secure is standard in online transactions. She highly recommended this technology, which is a way to authenticate the user in real-time and shifts liability from the merchant to the issuer. In the US, however, only 3 percent of businesses currently use it, partly because both the merchant and the card issuer must be on board.
Terry Dooley, CIO of Shazam Network, was less optimistic about 3D Secure and other antifraud technologies. Since online merchants are becoming fraudsters’ primary targets with EMV, he observed, “your first line of defense at your e-commerce website is to put a strategy in place to know your customers. Obviously this is harder with one-time buyers, but if you’re a business with repeat customers, the benefit in terms of uncovering and preventing fraudulent transactions is massive.”