By D.J. Murphy, Editor-in-Chief, CardNotPresent.com
The scenario facing U.S. card-not-present merchants is the result of impeccable logic. As the payment card system evolved, first in the U.S. and then around the world, fraud naturally followed. That fraud took many forms but perhaps the most lucrative was accessing the increasingly voluminous mountains of illegally obtained account information (courtesy of those data breaches you might have heard something about), using that information to produce easily duplicated counterfeit magstripe cards and walking into stores to buy products with the fake cards that could quickly be sold for cash.
In nation after nation, however, that road to quick cash was closed to criminals with the introduction of the EMV standard and chip & PIN transactions at the point of sale. Replacing the magnetic stripe on the card with a chip made counterfeiting them nearly impossible. Logic, however, does not dictate that the criminals leveraging that particular scam close up shop and live out their lives as law-abiding citizens. They simply took the information they already had access to (from the aforementioned breaches) and applied it in the next-easiest way. Between the time EMV technology was conceived and the time it was implemented—first in the U.K. and Europe, then around the world—a new opportunity emerged for criminals to put stolen payment card information to productive use: e-commerce. And EMV does not account for fraud perpetrated via e-commerce—or any other card-not-present channel.
There was one place left in the world, however, where counterfeiting cards was possible long after it was severely curtailed everywhere else: the United States.
This fall, after a decade of resistance by merchants and issuers that would face the increased costs associated with upgrading POS systems and manufacturing chip cards, EMV implementation in the U.S. reaches its most important milestone: liability for card-present fraud will shift from issuing banks to merchants, if the merchants are not equipped to handle EMV transactions.