Digital Transactions Authoritative, insightful and timely information for payments professionals
At trade show after trade show, and in article after article, payments-industry executives have heard for years now that the U.S. migration to chip cards on the Europay-MasterCard-Visa (EMV) standard, while protecting the point of sale from counterfeit fraud, will force fraudsters to ply their craft online.
Indeed, the idea that EMV will drive up e-commerce fraud has been repeated so often that many industry players accept it as a given as the U.S. market prepares for a liability shift to non-EMV-enabled parties next October. Likened to squeezing a balloon at one end and seeing it expand at the other, the notion seemed to make sense.
But for two analysts at Javelin Strategy & Research, the accepted wisdom never added up. “We had a hunch there was some missing information out there,” Nick Holland, retail payments practice lead at Pleasanton, Calif.-based Javelin, tells Digital Transactions News. “The balloon-squeezing mythology needed to be revisited with a fresh set of eyes. Does this idea that EMV forces fraud to other areas still hold water? We had our doubts.”
The “missing” factor, argue Holland and his colleague, fraud and security practice lead Al Pascual, in a report issued last month, is the explosive growth of e-commerce. In other words, rapidly rising volume in this channel has already attracted plenty of fraudsters in recent years, a trend that will only continue with or without EMV in physical stores. “They’re already there,” says Holland. “They already leapt online years ago.”
To buttress their point, Holland and Pascual point to current e-commerce fraud statistics. In the United States, online traffic accounts for just 8.5% of all electronic-transaction volume, yet nearly half of all transaction fraud occurs online.
Fraudsters, in their nefarious way, tend to be multitaskers, attacking all forms of payments in all channels opportunistically. EMV has proven itself effective in other countries against counterfeit-card fraud at the point of sale. But to Holland and Pascual, the idea that criminals confine themselves to just that form of fraud, and then move on to card-not-present crime only when frustrated by EMV, is naïve.
Indeed, Holland argues, online fraud likely would change little if EMV were introduced and online volume were held constant. “One big takeaway is that the mythology around EMV [leading to a rise in] card-not-present fraud is null and void,” he says.
What remains very true, however, is that e-commerce fraud in the United States is due to soar, even if the move to EMV will have little to do with it. If volume drives fraud, and if, as predicted by Javelin, online volume grows to more than 10% of all e-payments within three years, then card-not-present fraud can only grow much worse. “Card-not-present fraud is already very big and will get bigger,” warns Holland.
Exacerbating this problem, he says, is the nascent trend toward same-day or even faster delivery. While this trend promises greater convenience for consumers, it opens new opportunities for fraudsters with stolen payment credentials, Holland warns.
“Increasingly, you’ve got this situation where you’re shopping locally but accessing inventory globally,” he notes. “There’s clearly avenues of fraud there, particularly when you’re getting the goods within hours. Certainly, the time between instigating payment and the delivery of the goods is short and rapidly truncating. The fraud-mitigation response needs to be tailored to that.”
