America’s tardiness in adopting EMV chip card technology has long been known to contribute to rising rates of fraud here, but now it appears the country’s plans to convert to EMV are, ironically, causing pain overseas.
Fraudulent cross-border transactions on debit cards issued in the United Kingdom increased 25% in 2014 over 2013, with nearly half—47%–of those criminal payments occurring in the United States, according to figures released Thursday by Fair Isaac Corp., a San Jose, Calif.-based anti-fraud software developer with 10 offices in Europe.
That’s more fraudulent cross-border transactions than in any other country, even though the U.S. was only third in terms of total cross-border transactions on the U.K. cards. “The whole thing with fraud is, it's gone cross-border,” Martin Warwick, Fair Isaac’s fraud chief for the Europe, the Middle East, and Africa, tells Digital Transactions News. “That's what's going to come up on [payments] execs' radar.”
The U.S. bulks large for U.K. debit card fraud because criminals using stolen British card credentials are rushing to take advantage of vulnerabilities in the American payments system while they still can and while the stolen information still has value, Fair Isaac says.
“We are seeing a lot of fraud in the U.S. as criminals try to exploit the lack of EMV protection before it is implemented in the U.S., and before the liability shift at the point of sale takes effect later this year. Having EMV will make the mag-stripe data less appealing to criminals,” Warwick says in a press release. On Oct. 1, responsibility for fraud losses on lost and stolen cards, which is now borne by card issuers, will shift to merchants if they aren’t prepared to accept EMV cards, according to card-network rules. That is expected to touch off a massive nationwide conversion to EMV that could take several years to unfold completely. The U.K. adopted EMV in 2006.
With cross-border fraud, criminals use cards or card credentials stolen in one country at merchants or ATMs in another. In many cases, the fraud is online. Indeed, card-not-present transactions accounted for 84% of the fraudulent cross-border transactions on U.K. debit cards, according to Fair Isaac. In terms of actual value, card-not-present transactions amounted to 57% of the cross-border fraud losses. Nearly 70% of the card-not-present fraud occurred in e-commerce, Warwick tells Digital Transactions News.
The rise in cross-border fraud on U.K. cards is particularly distressing because until fairly recently the nation had managed to significantly reduce this form of fraud, according to Fair Isaac. “The U.K. reduced cross-border card fraud from £230 million ($361 million at the current rate of exchange) in 2008 down to £80 million ($126 million) in 2011,” Warwick says in the release. “But cross-border fraud has nearly doubled since then, and it's time to get it back under control.”
One suggestion is to adopt new technology that can ensure the actual cardholder is the one using the card, “such as proximity location services that can identify whether the customer's mobile is in the same place where the transaction is occurring,” Warwick says.
The sample size for Fair Isaac’s study was enormous. The company looked at 52 million active U.K. debit cards representing 5.6 billion total transactions with a value of £306 billion ($480 billion). Despite the rise in cross-border fraud, total fraud for the sample declined 7% from the 2013 level, to £156 million ($245 million).