August 24, 2016
CNP Expo: EMV Leaves CNP Out in the Cold
May 23, 2013
David Birch of Consult Hyperion started a final-day session at the CNP Expo by citing a statistic that said the U.S. has about a quarter of the world’s card volume and half the world’s card fraud. Clearly, something needs to be done, he said. But what? The U.S. is currently on the road to implementing the EMV standard, but will this be enough? The consensus of the panel was that though EMV implementation is good for many reasons, chips alone will not be enough to prevent the majority of card fraud. They also agreed that we can expect fraudsters to gravitate toward CNP transactions, as these are the easiest target.
Terry Dooley, senior vice president and CIO of EFT network SHAZAM noted that EMV implementation, as it is currently being done in the U.S., will not do much to prevent fraud unless it is coupled with PIN as opposed to signature authentication. He explained that “just because I get someone’s card number doesn’t mean that I know their PIN, and even if a PIN is compromised, it can quickly and easily be changed. So requiring PIN authentication would help make chip cards more secure.”
To prevent fraud, then, many companies are moving toward more identity-centered solutions and behavioral profiling to determine the level of risk for CNP transactions. Birch suggested that with the proliferation of mobile phones, the way forward will likely tie in to some form of mobile app payment, since customers’ phones already have chips, and customers are willing to put PINs into their own device. But Dooley pointed out that adoption of such a solution will likely be slow and presents many additional challenges, especially for smaller retailers that can’t afford app development, and for consumers who may not want hundreds of apps on their phone.
Regardless of what future technologies and payment methods companies decide to adopt, the panel agreed that ultimately, even with chip and PIN implementation, fraudsters will seek out new ways to get something for nothing, so fraud prevention tactics and technologies must continue to evolve going forward.