The Darker Side of the EMV Liability Shift: Fraud Shift
Fraudsters make the move to account takeover and application fraud schemes
It’s been almost two years since the liability for card-not- present fraud in the U.S. shifted to merchants, requiring businesses to implement EMV chip technology – or absorb the cost of the fraud themselves and pay penalties on top. The transition to EMV chip technology has been a slow but steady march, with 52 percent of merchants enabled to accept chip payments as of April, 2017.
Fraudsters are not ignoring the growth in merchant EMV chip enablement. Consequently, since EMV makes it tougher to conduct fraudulent transactions with counterfeit cards at the point of sale, they are rushing to exploit huge volumes of stolen personal information using fraudulent magnetic cards while they can.
As the move to EMV accelerates, card-not-present fraud is expected to decline. Unfortunately, criminals are shifting their efforts to other schemes, according Julie Conroy, research director at Aite Group. Julie spoke on this topic during a recent Equifax webinar, “Walking the Tightrope: Striking the Balance Between Fraud Prevention and User Experience.”
“It’s not like these guys are going to go out and get day jobs,” said Conroy. “They’re going to change their tactics to other forms of fraud.”
As the door closes on counterfeit card fraud, fraudsters will increasingly run through other doors that are still open:
- Account takeover (ATO) fraud—gaining control of a person’s existing account and executing fraudulent transactions that quickly exhaust available funds or credit lines.
- Application fraud—using stolen information to open an account in another person’s name.
- Card-not-present fraud—using fraudulent or stolen cards, even those with EMV technology, to make online transactions.
- Synthetic fraud—a unique form of application fraud, perpetrated with created identities.
Synthetic fraud, Conroy added, is a “double whammy” because “money is leaving the bank and then valuable time is being wasted trying to collect on someone who doesn’t even exist.”
Learning from the Experience of Others
As they migrate to EMV, U.S. financial institutions can learn from the experiences of other countries. After moving to EMV, institutions in the UK and Canada saw significant spikes in online and application fraud. For example, within three years of EMV implementation in the UK, online fraud increased 79%.
Card-not-present fraud, application fraud, and account takeovers are all fueled by personal information criminals have captured from massive data breaches.
What can financial institutions do to counter fraudsters’ increased activity in these schemes?
“The one constant in fraud is that it will change. You’re always playing catch up,” said Ken Allen, Equifax Senior Vice President of Identity & Fraud Strategy, at the Equifax-Aite Group webinar. Technology, he noted, is starting to give fraud fighters much better weapons to level the battlefield.
There’s no one “silver bullet” that gives financial institutions an upper hand. The key, therefore, is to be highly flexible in how and when technology tools are used. For example, some institutions are relying on Equifax to “plug in” different processes and best-of-breed vendor solutions, as needed, to apply the best tactics for their unique challenges. The arsenal of technology tools can be configured to work situationally, with different approaches employed according to the client’s size, products, channels and risk profiles.
To “connect the dots,” Allen also advises institutions to append external data with their own internal behavioral data from existing customers. “Each institution has a way it allows customers to interact and evolve. That evolution leads to norms. Those norms are the starting point to look for anomalies.”
Allen concluded, “Fraud moves fast. That means we have to be creative to keep up. We have to leverage data as much as possible by plugging into the right types of solutions.”
For decades Equifax has worked with organizations to help them secure and authenticate across the customer lifecycle with an eye towards growth and an improved customer experience.
Visit www.equifax.com/fraudiq for details. This is part 2 of a series of articles on the shifting nature of fraud. Read part 1.