Visa reports EMV chip cards thwart fraud, but criminals adapting
Visa points to a 70% drop in fraud due to EMV chip cards, as consumers and merchants adopt the new payment card technology. But criminals are shifting their own focus to adapt.
With EMV standard chip-equipped credit cards becoming the new normal, merchants who have deployed point-of-sale terminals compatible with EMV chip cards saw a drop of 70% in in-person counterfeit card fraud in September 2017 from December 2015, according to financial services giant Visa.
The EMV (Europay, Mastercard and Visa) standard requires embedded microchips in payment cards to keep transactions secure. The liability shift deadline was Oct. 1, 2015, after which merchants who did not support EMV payments would be held responsible for the cost of fraudulent transactions.
"During the most recent period ending in December 2017, Visa saw strong growth across the number of chip cards and chip-enabled merchants, payment and transaction volume since before the shift to EMV chip, launched in October 2015. Counterfeit fraud also declined sharply," Visa said in its statement.
As of December 2017, 2.7 million merchant locations were accepting EMV chip cards with supporting point-of-sale (POS) terminals, representing 59% of all U.S. storefronts. Visa also reported that EMV chip cards accounted for 67% of all Visa credit and debit cards, for a total of 481 million Visa chip cards in the U.S.
Experts weigh in on effects of EMV chip cards
I don't think we will see card data breaches with the magnitude of a Target breach again in the United States. Chip cards work.
Avivah Litanvice president and distinguished analyst at Gartner
If trends elsewhere in the world hold for the U.S., the drop in POS fraud due to the acceptance of EMV chip cards may be offset by increases in the other dominant form of credit card fraud: card-not-present (CNP) fraud.
Earlier this month, Javelin Strategy & Research, financial consultants based in Pleasanton, Calif., reported that card-not-present fraud was now 81% more likely than POS fraud -- the largest gap the company had seen.
Avivah Litan
If the experience with EMV chip cards in the U.S. mirrors that elsewhere, the overall volume of card fraud is likely to remain constant, Avivah Litan, vice president and distinguished analyst at Gartner, told SearchSecurity. "That is what we witnessed in other countries that rolled out chip cards," she said.
Michael Reitblat, CEO and co-founder of Forter, a fraud prevention company headquartered in New York, said, "Average online attack rates remain two-and-a-half times higher than before they began to spike significantly in late 2015 as a result of EMV implementation, despite an overall decline in 2017 compared to 2016."
Eva Velasquez, CEO of Identity Theft Resource Center, a San Diego-based nonprofit organization providing assistance to victims of identity theft, said with the adoption of EMV chip cards in the U.S., "counterfeiting cards is no longer the lowest-hanging fruit, and thieves moved their efforts to online card-not-present transactions."
Litan said the shift was an expected outcome of EMV adoption. "We always predicted that card-present fraud would decrease with the roll outs of chip card payments, and that CNP fraud would rise," she said. "It proves, once again, that the criminals will always follow the path of least resistance and that chip card implementations increase POS security and reduce POS card fraud. I don't think we will see card data breaches with the magnitude of a Target breach again in the United States. Chip cards work. The criminals will find new frontiers to conquer, of which just one is card not present payment fraud."
Avivah Litan
