Electronic / Mobile Payments Fraud , Fraud , Fraud Management & Cybercrime

EMV Rollout: Are We There Yet?

Experts Say Consumers, Merchants Slow to Make the Move
EMV Rollout: Are We There Yet?

In the week since the EMV fraud liability shift took effect for U.S. merchants, awareness of the conversion to chip-enabled payment cards has increased.

See Also: Fortifying Your Organization's Last Layer of Security

But some experts say card issuers and the card brands still have a lot of work to do on the education front - especially where consumers and small businesses are concerned. The transition from legacy magnetic-stripe transactions to chip transactions will take several years to complete, they say.

And while EMV chip cards are dramatically more secure than mag-stripe cards, the U.S. transition has come with new opportunities for fraud.

Fraudsters Trick Consumers

An ABC News affiliate in Denver reports that a new socially engineered scheme was using the EMV rollout to trick consumers into providing fraudsters with personal information and bank account details.

According to DenverChannel.com, since the Oct. 1 liability shift date, area consumers have received phone calls and/or emails from fraudsters feigning to be their card-issuing banks.

These fraudulent communications inform consumers that in order to receive their new chip-enabled EMV cards, they must confirm or update some of their personal and account information.

This type of scheme illustrates why customer education about how and when chip cards will be issued is so critical for banks and credit unions.

Lack of Awareness

Financial fraud expert Shirley Inscoe, an analyst at the consultancy Aite, says most card issuers have not done a good job of explaining to their customers how they will issue chip cards, nor how to use them.

"Many have sent these cards out just as they would a normal reissue, without any communication at all," she says. "This is a major change, and it is a missed opportunity to educate consumers."

Seth Ruden, a senior fraud consultant for payment risk solutions at ACI, which provides payment platforms and card-fraud prevention technologies, agrees that consumers are not as well-informed as they should be.

"It appears that banks are sending notices with the cards, and the notices are supportive of the language that I would want to communicate to consumers," Ruden says. "However, having consumers actually read these notices and get the behavior right at the POS is the difficult part. I have not seen any major media campaigns to increase awareness of the EMV card roll-out. Apple Pay got more exposure."

But Randy Vanderhoof, executive director of the EMV Migration Forum, believes media coverage about the EMV shift has fueled awareness among consumers and businesses.

"The media coverage over the last few weeks, alerting consumers about what is changing on cards and at merchant locations, is very helpful," he says. "Small merchants are also cardholders and shop where chip cards are used, so they are now aware as well."

And David Pommerehn, senior counsel and assistant vice president of the Consumer Bankers Association, says most CBA member banks have spent the past several months educating their customers about EMV.

"Specifics will vary from bank to bank, but most CBA members are doing multiple communications with customers," he says. "Most of those communications include an FAQ sheet of everything the customer needs to know about their new card. Information is also usually on a bank's website. If a bank isn't doing a mass reissue, education can be more difficult. These banks have to have a more targeted campaign, but all are doing something."

Impact of Fraud Shift

As of Oct. 1, any fraud that results on a chip card that has its magnetic-stripe details compromised because the merchant is unable to accept the cardholder's chip now falls back onto the merchant. Before Oct. 1, card-issuing banking institutions absorbed fraud that results from these types of face-to-face point-of-sale transactions.

But Inscoe says most small and mid-sized businesses are still confused about this liability shift.

"Many businesses are not aware of the liability shift that has occurred," she says. "Given the tight margins many businesses have to contend with, we are very likely to see some businesses fail because of the fraud chargebacks."

The EMV liability shift, which was set by the card brands in 2011, aims to serve as a catalyst for EMV adoption in the U.S. by incentivizing merchants to upgrade their POS terminals for chip acceptance and encouraging banks to issue chip-enabled cards (see Fraud Summit: Shift to EMV a Hot Topic).

That incentive, coupled with the fear of increased chargebacks, has definitely had an impact on some smaller businesses, says Bob Carr, CEO of payments processor Heartland Payment Systems, which in 2009 suffered a network breach that exposed 130 million credit and debit cards.

Carr says merchant interest in EMV has definitely been piqued over the past seven days. "Undoubtedly, there is an uptick in SME [small business] interest in EMV in the last week, I am happy to report," he says.

Carr suggests that Heartland's advertising campaign and outreach to its smaller merchants about the EMV liability shift has spurred more small businesses to take action.

Liz Garner, vice president at the Merchant Advisory Group, a trade association that represents 85 of the nation's largest merchants, says merchants are concerned about increased chargebacks. It will be several weeks before non-compliant EMV merchants know how much counterfeit card fraud has been shifted back to them since Oct. 1, but Garner says most merchants are bracing for an uptick.

"We've been working together with our merchants to put together an 'EMV 101' course for their franchisees," she says. "These are smaller merchants, but they are part of a larger brand, typically. They are aware of the shift and the potential impact of fraud shifting back to them. I don't know about the mom-and-pops, though - the independent small merchants out there. I don't know that they are aware of the liability shift at all. I don't think the card brands have done enough to educate the smaller, independent merchants."

But what Garner worries about more than chargebacks is the anticipated fraud migration to card-not-present, online transactions. For smaller merchants that offer e-commerce payments, the migration of fraud from the physical point-of-sale to the online channel is going to be very difficult to manage, she says.

"Managing CNP fraud is going to be a huge challenge for small businesses that have a presence online," Garner says. "They don't have the resources to put into CNP fraud-prevention."


About the Author

Tracy Kitten

Tracy Kitten

Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

A veteran journalist with more than 20 years' experience, Kitten has covered the financial sector for the last 13 years. Before joining Information Security Media Group in 2010, where she now serves as director of global events content and executive editor of BankInfoSecurity and CUInfoSecurity, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.