Why Credit Card Frauds Are on Rise?

EMV Chip and Pin USA Benefits and Risks

If your credit card is rejected and the payment is halted, even when you have a good credit score, then you should blame skimmers. In United States, every one out of four cards fall prey to skimmers, who steal your private financial account information and use it for their benefit. According to a website CreditCards.com, American Credit Cards holders are in constant danger of getting their credit information purloined. The problem is serious and increasing with each passing year. According to MasterCard, the credit swindle cost retailers more than $32 billion in 2014.

Skimmers or credit card sliders are attached to genuine point-of-sale machines by the fraudsters. The said machines may be ATMs, gas pump etc. In most of the cases, unmanned machines are one targeted. Once your information is copied by the skimmers from the electronic strip, which is present in the backside of card (debit or credit); it can be imprinted on a fresh, blank card. Such information can also be sold online.

U.S. alone contributes to 47% of point-of-sale credit card theft, however taking about worldwide rate; the country represents just 24% of credit card volume. Until date, every quarter of cardholders in America fall victim of such frauds, reports CreditCards.com. The reason for this high percentage is the prevalent use of old technology in the credit cards.

U.S. has shown less interest in implementing latest EMV technology over the existing magnetic strip; says Craig Shearman, who is Vice President at the National Retail Federation. He also compared the strip with an 8-track tape of 80s. He added that it is very simple to copy the magnetic strips and the blank magnetic strip cards can be legally purchased with ease. Hence, this old technology is itself an open initiation to the fraudsters to skim the credit card information. Lastly, Mr. Shearman said that a new and better technology, which goes by the name of EMV, has docked the American shores.

The Europay MasterCard Visa (EMV) card is integrated with a data chip, which is much more secure than a magnetic strip. At each purchase, the chip cards or EMV cards create a unique code, which is very thorny to skim. In addition, these new technology cards also emit a signal on every transaction, which signals legitimate use. Such kind of technology is not easy to replicate and hence chances of credit card frauds are much less.

October 2015 was the deadline for the retailers in U.S. by which they should have implemented the chip card technology. However, just one-third retailers upgraded their resources and facilities for the EMV cards; reports MasterCard. In addition, the company’s official cites that there have been about 40% declines in card fraud since the chip card mandates were rolled out.

Bank of America, Visa, and MasterCard are some of the foremost credit card issuers, who provide an additional secondary security measure, which decreases the chance of a fraud.

Contributor to this post are Bill Trueman and Kevin Smith, leading payments, risk and fraud experts and frequent commentators and writers on various issues involved; with vast experience of the banking, insurance, retailer and international payment schemes, and are recognised thought leaders at the forefront of many industry-wide and international debates.

Visit here for more information on EMV CHIP & PIN Card Security, Risk Review Strategy and Parameters.

EMV Dilemma for Card Networks

EMV Chip and Pin USA Benefits and Risks

Is U.S. prepared for the EMV chargeback avalanche?

Will merchants stop accepting credit cards?

These two are the main dilemma associated with the EMV or “Europay, MasterCard, and Visa” Cards. For their answers, let us peek into its background.

EMV Background

The cost of annual frauds related to debit / credit cards is billions of dollars over the entire globe. To curb this cost, a scheme was hatched many years ago wherein EMV cards were to introduce to the U.S. The most beautiful part of this scheme was “the liability shift”, which allowed the EMV cards to be sold as voluntary, user-friendly and highly secure. The participants of payment industry would have the flexibility of deciding themselves on whether or not the economics holds water to the high price of the conversion. For the end users, there would be drastic cutback in the chances of fraud. As far as the Card Brands were concerned, the EMV Cards will cost very little or nothing.

The fateful PIN decision

Majority of banks and issuers considered that a premature move to the EMV Cards based on chip-and-PIN format could result the consumers in pushing their card to “back-of-wallet.” Unlike the rest of world, Americans prefer to shun the PIN-based credit transactions. In general, an average consumer has an average of 4 credit cards, where no PIN is required. Hence, the shift of EMV Cards of chip-and-PIN type was considered as extremely risky in terms of the transaction volumes.

Therefore, there was always a dilemma associated with the implementation of EMV in the United States of America. To overcome this, it was decided that U.S. credit cards would have an EMV Chip along with a magnetic stripe for “fallback.”

The chargeback avalanche

The POS liability shift was seen six months ago and now in 2016, merchants are feeling arduous because of it. The Merchant Advisory Group states that for smaller merchants, the chargebacks have piled up to $10,000 weekly and for larger ones, the rate is up to $1 million weekly. The fact is, they were not serious regarding the “optional” upgrade to EMV for which a four-year window was provided. So now, they are jostling to install the necessary hardware for eliminating the torrent of chargebacks. They are also complaining about the 4 years window being too small for the EMV implementation.

Adding onto the fusillade of chargeback losses, they are multiplied as the issuers have selected to retain the magnetic stripe, which expedites the card frauds.

The next chargeback landslide

The liability shifts are imminent for ATMs (Mastercard in October 2016, Visa in October 2017) as well as for the gas pumps (October 2017 for both brands). This clearly implies that their owners are the next to face the chargeback landslide. In addition, with the new EMV technology, the upgrade path may require aging gas pumps and ATMs to do a comprehensive replacement in the coming months.

Brand Damage

The card brands have blindfolded themselves by the financial windfall of shedding billions in fraud losses to their own clients. Therefore, these brands are now standing against a number of risks such as:

Regulatory Risk: Many people including senators and others in Washington are investigating EMVCo, inquiring about the factors like its ownership and impact in the payment sector. The question is can the liability shift cause an expanded financial regulation – and at what cost to the card brands?

Legal Risk: Already, lawsuits have been filed which caution class action. This raises the question – “what will be approximate cost of the legal & public relations o the card brands?”

A Return to Cash: There is possibility that the merchants affected with the chargeback avalanche may just decline accepting the credit cards. If a retail ATM is installed and nonexistent or minimal surcharge is implemented then clients can get convenient access to cash.

U.S. has preferred to convert to EMV without a regulatory mandate, which is entirely contrasting to the rest of the world. There is a good chance that instead of safeguarding themselves against the heavy losses of frauds, they might find themselves between a rock and a hard place.

Author of this post are Bill Trueman and Kevin Smith, who are Europe’s leading payments, risk and fraud experts and frequent commentators and writers on the issues involved. They have vast experience of the banking, insurance, retailer and international payment schemes, and are recognised thought leaders at the forefront of many industry-wide and international debates. For more information about EMV CHIP & PIN Security, Risk Review Strategy and Parameters, visit here.

News Source: MobilePaymentsToday

Card Fraud Rate is Third Highest in the US

EMV Chip and Pin USA Benefits and Risks

ACI Worldwide released new data, according to which about 30% consumers globally have been a victim of card fraud in last 5 years.

Adding on, out of the 17 countries, which were studied, 14 witnessed an increase in the card frauds between 2014 and 2016. Among these, US are among the top fraud-hit countries and it has sustained its position in the top three since 2014 to 2016. The top two reasons that are exacerbate the US card frauds are assumed as Lagging EMV Adoption and Increasing E-commerce Fraud.

Lagging EMV adoption: It is alleged that the security of card transactions will improve if the EMV is completely implemented. However, in the US, just 2% of card-present transactions were compliant to EMV in 2015. Its reasons are at the end of merchants as well as issuer. The EMV adoption is slow as it is costly and time-consuming for the issuers to upgrade all their clients to chip cards. Adding on, merchants face the difficulty in certification and installation processes of EMV terminals.

Hence, there is less number of secure transactions and hence high number of card based frauds.

Increasing E-commerce Fraud: BI Intelligence has estimated a growth to $632 billion by 2020 for the e-commerce sector. With the acceleration of EMV migration processes, it is expected to augment the security of in-store payments, causing the skimmers to transfer their focus on the e-commerce websites. This will also be a part of overall growth of fraud.

If these issues prevail, there will be a huge financial burden on the issuers. In the US, after a fraud incident just 6% of users alter their financial organization. However, 30% of customers choose to use cash or some other payment method after an incident.

If such frauds persist on a larger scale, it will rack up the costs for card issuers since in case of a fraud, many factors are affected like cost of card, shifting of loyalty & trust, and brand reputation. In the U.S., the cost of fraud was about $32 billion in 2014, which is $9 billion more than that in 2013.

Report on Payment Security – Compiled by BI Intelligence, Business Insider’s Premium Research Service

This report is compiled by John Heggestuen, a senior research analyst for BI Intelligence. It peeks into the fraud’s dynamics, which are transferring across online and in-store channels. The report also details the new security types, which are being used more throughout these channels, comprising Apple Pay.

Précis of this Report

1) EMV card that have an embedded microchip are more secure. Herein, the microchip analyzes the card user’s profile to conduct a real-time risk assessment on the individual’s card purchase activity. Upon the insertion of card into a payment terminal, the chip creates dynamic cryptograms, which alter with each purchase. Hence, it becomes difficult to make counterfeit cards.

2) The security of entire payment chain is being bolstered by encrypting the payment’s data. This encryption degrades the important and crucial data via an algorithm, which decodes the card numbers into a new data. Hence, fraudsters find it difficult to reap the original card information for future transactions.

3) The best type of payment encryption is the point-to-point encryption, wherein the encryption takes place initially from the time of capture at payment terminals throughout the acquirer or gateway. Hence, usable data is very difficult to get hands on from the transactions in stores and online.

4) With the implementation of tokenization, online and swiped transactions become more secure. In this scheme, the payment data is assigned with a random value, which makes the sensitive data almost impossible to access from the token itself. The tokens are generally “multiuse”, which implies that consumers do not have to re-enter their payment details repeatedly at the same merchant.

5) Online authentication for users is also ensured with 3D Secure, but is flawed. In this, it is complex to let know whether the card user is in fact the cardholder. In terms of authentication, 3D Secure requires a pass code or a biometric data for the completion of online transaction. Merchants using this method risk elevated shopping-cart abandonment.

This blog post has been posted by Bill Trueman and Kevin Smith, who are widely accepted as some of Europe’s leading payments, risk and fraud experts and frequent commentators and writers on the issues involved. They have extensive experience of the banking, insurance, retailer and international payment schemes, and are recognised thought leaders at the forefront of many industry-wide and international debates. For more information about EMV CHIP & PIN Security, Risk Review Strategy and Parameters, visit here.

Reference: Business Insider

Beware of Scams Intended for New EMV Chip & PIN Cards

EMV Chip and Pin USA Benefits and Risks

Americans are using new credit and debit cards, which are principally designed to make stealing of sensitive data, an arduous effort. Yet, crooks & scammers keep trying to do so by devious new ways.

A warning has been issued in New York by the state officials that warns consumers of a new phishing scam related to EMV Chip Cards, which are now omnipresent in the country after 3 years of their initial introduction.

The New York State Department of State’s Division of Consumer Protection (DCP) affirms that crooks are sending emails to individuals concealing themselves as card issuers. The targeted individuals are those who have not yet acquired their new chip cards.

In such emails, the recipients are asked to provide personal data and update their accounts so that delivery of their chip cards can be initiated. In some emails, the individuals are also provided a link, clicking on which will forward the process. DCP states that clicking such links can install a malware on your device.

Extract of The Nilson Report:

David Robertson, who is the publisher of The Nilson Report states in a trade journal for payment-card industry that EMV Chip Cards have better security than conventional magnetic-stripe cards. The latter traditional cards store the unchanging data on them, which is easy to copy (known as skimming) and can be used for making counterfeit cards. He also added that the availability of data-skimming devices is cheap and easy; making it easier for clerks and waiters to use them. In addition, these devices can also be installed at gas pumps and ATMs.

In EMV Cards, a unique code is generated whenever payment is made by it. This code is NOT Reusable for another transaction, making EMV Cards very difficult to counterfeit. The Nilson Report also mentions that in the last year, the payment-card frauds were maximum with valuation of $8 billion in the U.S.

In the year 2015, few merchants who used this chip-enabled payment terminal witnessed a drop of 18% in counterfeit transactions as compared to the data in 2014, as per the Visa (V).

A Fair Warning from DCP Officials:

According to DCP officials, EMV Cards can be scammed. Presently, a large number of these cards are “chip-and-signature cards” whose security is less than the “chip-and-PIN” type cards. In case the former type EMV Card is stolen, it is open to fraudulent use since it needs just a signature to complete the transaction and signature can be duplicated. 

The latter type EMV Cards are highly secure and have decreased the intensity of counterfeit-card fraud. However, crooks are also innovating by adapting themselves to get hold of sensitive account and personal data. This is the concern which was mentioned in the recent phishing scam reports. It aimed at consumers who are still trying to acquire the chip card.

According to Robertson of The Nelson Report, if any consumers falls prey to such scams, then they might fell prey to identity theft. The information gathered through such scams can be used to compile new individual profiles and then open credit cards under the victim’s names.

This blog post has been posted by Bill Trueman and Kevin Smith, who are widely accepted as some of Europe’s leading payments, risk and fraud experts and frequent commentators and writers on the issues involved. They have extensive experience of the banking, insurance, retailer and international payment schemes, and are recognised thought leaders at the forefront of many industry-wide and international debates. For more information about EMV CHIP & PIN Security, Risk Review Strategy and Parameters, click here.

News Source: CBS News

EMV CHIP & PIN direction at ‘Local Bank’ Level

Independent Fraud and Risk Specialist

1. When there is fraud (or dispute) there will be chargeback voucher requests etc., which will be so much harder for merchants where signature is the CVM (for the merchants).

2. In talking to merchants and in every report that I have read or seen, merchants find PIN as a CVM easier, quicker and practical and removes the need to check, find vouchers, keep vouchers, file vouchers etc.

3. There is a supposition that fraud control will move entirely to the issuer, who will manage it from transaction screening monitoring because all transactions will be on line. It is foolhardy to suspect that the whole anti-fraud effort will be moved to the issuer controls, and that the issuer (in all cases globally) will protect the acquirer and merchants even when the liability is entirely with the merchant. Issuers don’t act that way.

4. There is the assumption (above) that ALL transactions will be on-line because that is the way that it is always done (in the USA). This is rather parochial, as there are a lot of off-line merchants – and let’s not even start on UPTs and how they will prevent fraud in a sig CVM environment.

5. “Only a small number of US people travel outside the US to off-line environments” – is cited as a rationale for going on-line only with sig-CVM . This is a fair point, but I know a lot of Americans that do travel. Indeed, most of the Americans I know, is because they do travel – here. And they will be the profitable customers who don’t want to apply for new cards just to travel – and possibly change bank in the process.

6. Leap-frogging technology for NFC – Nick’s comments cannot be added to, but it is hard to resist commenting. What utter, utter ……. Yes the NFC needs the EMV platform and then what will be the transport for a CVM and what is the new technology leaping CVM that will be adopted. Maybe a star-trek or Blake’s-7 transported to check the passport at the POS. Silly of us not to think of that one eh?

7. The argument of widespread PIN use, leading to compromises that will cause a loss of integrity in ATM cash withdrawals sounds plausible at first glance – and ‘hands up’ when I was ignorant I used to think this too. But the ATM can validate the token (card), so after this it will be down to the transaction screening to identify the fraudsters – surely that is the follow-on logic? Call me cynical, but the reason that we need to protect the integrity of these specific (ATM) acquired transactions is that they are the only transactions that the same issuers acquire themselves – and of course the transaction screening is not good enough if they are taking the risk themselves. But generally speaking the ATMs are protected from abuse with low daily withdraw limits (not imposed upon merchants). So they are at the least risk from major fraud attack (due to limits) and the easiest to transaction screen. But above all let’s remember where a large proportion of the PIN compromises take place – even in a CHIP and PIN environment, it is through (or at) ATMs!!!!!!!!!

8. Did I also read that the strategy is also to adopt AVS at UPTs to protect these transactions in an on-line environment. Huh?

EMV Chip and Pin USA Benefits and Risks

OK and TWO PREDICTIONS BASED UPON REAL-LIFE EXPERIENCES and BEHAVIOURS 

1. In a CHIP with no CVM environment – what will happen to fraud? Well, it will of course have to be WITH the card (as well as driven to the CNP sector). So if it HAS TO BE WITH THE CARD, this new strategy will drive fraudsters back to stealing the cards, mail intercepts and robbery. And at gunpoint. And if at gunpoint, one might as well demand the PIN with menaces too – to get cash from the ATM. So, a strategy that WILL drive more bodily crime. Why, oh why would the US want to protect issuers in this way by endangering the cardholders so seriously?

2. In the US, Americas will travel, maybe to the Olympics even, and after a summer of USA based hurt, American consumer groups and merchants may well help to drive a U-Turn in direction. Let’s see.

Author Bill Trueman is the Risk and Fraud specialist helping business and bank owners manage risk & fraud and save millions quickly. He is director of RiskSkill, UKFraud and an active member of AIRFA. He provides risk management & fraud prevention services covering bank fraud, credit cards fraud, master cards fraud, insurance fraud, corporate fraud & business frauds in Europe and World wide at the par of National Fraud Authority(NFA) and Insurance Fraud Bureau(IFB). For more information about EMV CHIP & PIN Security, Risk Review Strategy and Parameters, click here.

11 FAQs on EMV Chip & Pin Cards

Independent Fraud and Risk Specialist

In this article you will get answer of the following questions in detail.

What is EMV?
Does EMV work – Is it proven?
Why has the US become one of the last markets to adopt EMV?
What are the main reasons that have held us back in the USA?
What other reasons have been cited for not implementing EMV?
How will EMV stop frauds associated with the big data compromises like Home Depot?
What happened on October 1st 2015?
What is all of this happening at the last minute and so quickly?
What are the issues around Signature vs. PIN?
I have Signature, but I have to use my PIN abroad – What do I do?
Why is the USA moving towards a less secure Signature as an authentication of a customer rather than PIN ?

FAQs – Frequently Asked Questions – About EMV and the US market.

This is an FAQs for the emerging USA market that is today moving towards EMV – i.e. in the USA – EMV is now starting to happen quickly in order to catch up with the rest of the world where EMV has been implemented over the last 15 years.

What is EMV?

EMV is the standard that was created about 15 years ago to increase the security of payments globally and reduce fraud at the same time as making payments easier for all parties. It was originally conceived by Europay,MasterCard and Visa – hence the name. It was a US company initiative, but was adopted much faster around the rest of the world for a number of reasons.

Does EMV work – Is it proven?

Yes.

It is used almost globally now. The USA market may be a large market in itself, but it is now just a small final part of the global solution left to implement EMV. Overall, EMV has reduced fraud where cards are present at the point of sale to almost $0 and created a safe card processing architecture for all parties. There has been a lot of misreported problems that often stem to articles written 20 years ago, but all the pre-EMV doom-mongering has proven unfounded. EMV has been a global success.

Sadly, the US market is where the fraudsters have moved their operations to – i.e. away from from the markets that have implemented EMV – where EMV based OTC fraud has reduced to almost $0. The compromised cards from say, the Target and Home Depot data thefts have been little more than useless in EMV environments.


Why has the US become one of the last markets to adopt EMV?

The easy answer is to say: ‘we do not know’. 

The more complex answer is that there were a series of technical, strategic, legal (Dodds Frank / Durbin) and operational issues that delayed implementation of EMV. There were also many less relevant reasons that managed to be cited for non-adoption of EMV over the years.


What are the main reasons that have held us back in the USA?

The reasons are many, but fall into the following broad categories:
  • The US does not have a national payments ‘card strategy’ direction body. In the rest of the world, implementations have been either directed by a government or national body or have been supported by a strong collection of interested parties who have created the business cases, statistics, and losses for the problem. Similar bodies that have driven forward the solutions and project managed the communications, and change management.
  • Many interest groups have examined their own costs of implementing an EMV solution in isolation from the industry as a whole – and based upon assumptions that benefits would not be realised or passed-on. The average interchange costs from the schemes for ‘secure transactions’ – which are defined as EMV transactions in an OTC environment – are lower than those for non-secure transactions; which form a large part of the financial benefits differential for an EMV implementation .
  • Without a strong ‘national’ lobby group, retailer groups in the US have not been able to so readily ‘demand’ softer benefits for an EMV programme such as making the customer journey easier, cheaper, and quicker at the till. Retailer groups have assumed that the costs would fall to them, without benefits.
  • The payments market is fragmented with so many different parties with their own P&Ls and interests – e.g. card schemes, Issuer banks, Acquirer banks, processors, technology providers and merchants. Some of these groups are stronger and bigger than others, and the best decisions for ALL parties may not have been made.

What other reasons have been cited for not implementing EMV?

There are many of these, so it is hard to know where they start and finish, but the main ones seem to be:

The costs of card upgrades is perceived as high – whereas in costs have fallen exponentially over the last 15 years; and we still see people who quote costs associated with the 1990s. Costs of CHIPs on cards or on SIM cards are now a cheap commodity.

The costs for merchants is perceived to be too high : which is a perception that is unfounded. Most merchants upgrade their POS equipment regularly and in doing so, the wise-ones will implement CHIP readers. This technology is relatively cheap and technically much more robust than magnetic stripe readers. In other markets, large retailer groups have demanded PIN implementations because this removes the need to take and store signature; and puts the card and customer ‘checking’/ security process back into the hands of the card issuers rather than as a part of the duties of a till operator. Experienced PIN users find the ‘signature processes’ both slow and cumbersome. Retailers like PIN as the throughput of customers is faster, documentation storage, production and retrieval is removed.

There are legal reasons that prevent adoption in the US. The main reasons seem to be associated with a need for payers to be allowed to select payment methods at the point of sale (often associated with the Durbin Act). EMV standards were amended many years ago to permit such choices at the point of sale in order to accommodate needs for such flexibility within other countries in the world.

EMV is only for off-line transactions – A belief that EMV is either only for offline transactions, or mainly for off-line transactions persists. EMV has security, handshakes and flexibility for all parties in many ways, and it allows for cards to be used in off-line environments securely and safely too, but ONLY if defined by the card issuer as a requirement. Many issuers will not require such functionality, as the world is moving fast to become fully ‘online’. Where customers travel to countries (or indeed regions without ‘on-line’ capability in the US or EU, i.e. where they need to deal with merchants which are away from a telecoms infrastructure, it can be useful for banks to allow customers to spend in such locations that may be off-line. Scheme rules are however continuously changing and Telecoms are becoming much better than they were 10 years ago.

The USA infrastructure is too complex to change: often accentuated by the woes of the numbers of suppliers, gateways and issuers/acquirers within the market. This may well be perceived to be the case, but we also have to bear in mind that the experience globally is of far greater complexity, and that times change as solutions and markets evolve. We must also remember that we moved (globally) from zip-zap machines (knuckle-busters) to magnetic stripe processing, and exactly the same arguments were used then.

NFC is not supported in EMV – this is very incorrect. The EMV standard provides ‘the rails’ upon which NFC runs – and removes the insecure NFC that is based around ‘open’ unencrypted magnetic-stripe ‘Tap and Go’ cards that were issued a few years ago in the US. There has been a long-term re-hashed investigative TV reporting on card details being stolen via NFC readers, which is just not possible in an EMV environment. Of late, we have also seen reports that the EMV is vulnerable because of NFC – which again is incorrect and confusing.

There are better solutions – if we wait. This is true – There are always better solutions tomorrow, for any market and any solution. However, in payments there is nothing proposed or planned that will work – nor anything that is being designed by any significant body anywhere. The EMV standard was designed 2 decades ago by US companies, agreed to by most of the global card schemes and has been implemented as the global standard almost everywhere. It has also become the global standard and platform for building upon, with amendments adopted to accommodate things such as PCI DSS, greater levels of security, NFC and multiple transaction routings. ApplePay and AndroidPay are technologies that are evolving fast, but they adopt the security that forms part of the EMV standards – rather than replacing them or evolving them.

Delays are inevitable now that retailers need to accept Applepay and Googlepay/Androidpay: No. The EMV architecture can be used for these payment types with no need for further POS Terminal changes. The EMV infrastructure is all that is needed and around which these payment methods were designed.

Restaurants cannot accept tipping with EMV: Another Urban Myth, but one that is still quoted widely.
We would be happy to add other interesting entries to this list if you please provide them to us. We know of many others, but those provided above are the main ones that have substance and traction; and where we can see where some of the confusion or misunderstanding might have come from.


How will EMV stop frauds associated with the big data compromises like Home Depot?

Generally, with Data Hacks /Compromises that seem to be common news these days, card details are captured from the records kept at the retailers and these are then used by the fraudsters to create fake cards or use them on the internet. Fraudsters can purchase a magnetic stripe Card encoder for less than $10 and go into business making magnet strip cards with stolen details. So the card numbers have great re-sell value on the ‘Dark Market’. 

Card details can also be collected from an EMV card, and whilst these cannot be used to re-programme another EMV card, they CAN be encoded onto a Counterfeit Card onto the magnetic strip. In this case the Card Issuer will know that this has been done and stop any fraud. If the Merchant’s terminal has a Chip reader the card will not communicate correctly, and if it is a magnetic stripe card the correct magnetic strip security details will not be present as these are not available on the EMV chip. Fraudsters can try and re-programme an EMV card chip; but this is a lot harder and has not successfully been done. Even if it was possible to re-programme an EMV Chip card, there are much easier ways to commit card fraud.

So, whilst the EMV Chip will not stop data compromises, the stolen data becomes very much harder to use and almost not worth stealing. Indeed today, whenever data is stolen from anywhere in the world, the fraudsters will sell the data for use in non-EMV environments – which is why the US has the largest fraud losses globally.


What happened on October 1st 2015?

Counterfeit Liability Shift for the US market began on this date. From this date card issuers around the world with EMV Chip cards can recover money from counterfeit transaction in the US (and anywhere else), where their card details have been placed on a Counterfeit card and where the transaction is undertaken with a magnetic stripe (usually because they have been stolen or compromised as in Q5 above). Accordingly, the losses go to the merchants / acquirers who do not have EMV Chip processing in place.

What is all of this happening at the last minute and so quickly?

Fundamentally, this is NOT ‘last minute’ at all: plans for EMV have been in place for more than a decade.

President Barrack Obama signed an Executive Order requiring all government departments are EMV implemented/secure, to lead the way.


What are the issues around Signature vs. PIN?

Simply, Visa requires Signature under it’s Chip and Choice program and MasterCard prefer PIN.

Why is the USA moving towards a less secure Signature as an authentication of a customer rather than PIN ?

We do not have a clue! Maybe the FBI can explain it to you. Maybe not – it will all depend on the time of day when you ask.


I have Signature, but I have to use my PIN abroad – What do I do?

IF your Card Issuer has set-up your card for overseas use, then it will work with Signature in the US and PIN overseas. If not, a merchant may accept Signature overseas, so it will still work!
Author of the post Bill Trueman is an independent fraud, payments and risk specialist helping business and bank owners manage risk & fraud and save millions quickly. He is director of RiskSkill, and UKFraud and also an active member of AIRFA. He provides risk management & fraud prevention services covering bank fraud, credit cards fraud, master cards fraud, insurance fraud, corporate fraud & business frauds in Europe and World.
For more information about EMV CHIP & PIN Security, Risk Review Strategy and Parameters, click here.

Other Posts Which You May Like:

25 FAQs on Risk Review, Risk Management, Compliance, Due Diligence and Fraud Prevention

Is EMV Chip and Pin Really the ‘Money Pit’ for Retailers?

Riskskill Appointed by Visa Inc. as an Approved GARS Reviewer

Is EMV ‘A Colossal Waste of Time’ for Retailers?

Credit Cards With Chips: Are They Safe?

As now old magnetic stripe credit and debit card are giving way to new EMV cards there are lots of discussions around the world whether these EMV cards will be safe or there are risks associated with them. USA is also going to replace its all old magnetic stripe cards with new EMV cards with chip.

To read more about the benefits and risks about this visit here

Is EMV ‘A Colossal Waste of Time’ for Retailers?

Before saying “EMV Return on Investment Unlikely for Retailers” we should consider some points. The only thing that surprises me about this “glass half-empty and cracked” view is that we did not see it earlier. Surprise surprise, everything has a business case. Sometimes it is clearly positive, others more difficult.

EMV Chip and Pin USA Benefits and Risks

EMV has always been in the more difficult bucket. It is an infrastructure change, not just a few tweaks. It should have been treated more seriously and realistically. Of course it comes down to how you measure this and what you want to prove. It is easy to prove a negative position. More challenging to demonstrate a closer to break-even or soft benefit. We have known about it coming for a long time.

Just because the US market did not want to do to it and now has to and more quickly is whose problem? Like everyone else had to, you plan for it, you build a fully loaded business case as best you can with all major costs to be incurred and those already spent as part of the longer journey. It is a corporate responsibility to address the challenge head on.

You also factor in the real and softer benefits. Some are financial and tangible, others are less clear, more emotive, softer, longer-term, but still important. You try and incorporate hardware and other changes into normal replacement cycles. Back-office and operational impact are significant and should not be underestimated but often lead to greater efficiencies being achieved.

You factor in not just the counterfeit and hopefully lost stolen fraud reduction benefits, but reducing/removing nervous issuer auth declines, disputes and chargebacks, non-compliance penalties, operational efficiencies at POS.

We Should also Know the Main Advantages of EMV:

  • EMV contributes to reducing data compromise challenges and the PCI burden.
  • EMV gives not just liability shift but also other economic transaction level benefits, including pricing incentives, contactless, etc.
  • You squeeze the acquirer processor, vendors, card schemes, others for support.
  • The perception of taking payment security resonates with consumers, your customers, media and across the industry and further afield, e.g. regulators and government.
  • There is deterrent factor and first mover advantage.

There is a benefit to demonstrating that your POS environment is modern and fit for purpose to observers and onlookers and not just a convenient source of compromised card data.

This subject was never going to be easy, but it needs a more open discussion. Don’t get me wrong I appreciate the concerns, I have been there. Yes there are significant costs to be considered the cost of doing it. But what about the cost of not doing it?

Author (Kevin Smith) is an eminent risk specialist who is expert in risk review, risk management, compliance solutions, emv chip and pin risk review, anti-fraud solutions, etc. and have helped lots of organizations worldwide save millions detecting risks and providing necessary solutions. For more information about EMV Chip and Pin in USA, all Ifs & Buts , Risks & Benefits visit here.

Also read here comment on EMV Chip and Pin by Bill Trueman, an eminent fraud, risk and payment specialist.

Other Posts Which You Would Also Find Useful:

25 FAQs on Risk Review, Risk Management, Compliance, Due Diligence and Fraud Prevention

Is EMV Chip and Pin Really the ‘Money Pit’ for Retailers?

Riskskill Appointed by Visa Inc. as an Approved GARS Reviewer

11 FAQs on EMV Chip & Card Technology