MAG Insights

Announcements from the MAG & Featured Articles

MAG Sponsor Spotlight: Coming Soon To Your Website and Mobile App: Increased Fraud How to prepare yourself for the increase in CNP fraud due to EMV (MAG Quarterly- Volume Three, Issue Two)



By Chester Ritchie, Senior Vice President, Worldpay

June 4, 2015

Preparing for CNP fraud with the country’s transition to EMV is essential.  Fraudsters will shift attention from card present fraud to card not present fraud as proven in other parts of the world.  There are solutions to add security to the eComm market.

As the U.S. migrates its physical card infrastructure to EMV, an interesting phenomena is likely about to happen: increased fraud for Card Not Present (CNP) transactions. EMV has proven worthy in reducing physical card fraud, but hasn’t had much of an impact on overall fraud. In fact, the lesson learned is that fraud simply migrates to the path of least resistance. In the majority of countries that have implemented EMV, fraud has simply migrated to eComm transactions. 

In Canada, between the years of 2008 and 2013 we saw Card Present fraud rates decline 45% due to their EMV rollout. But, during this same period, Card Not Present fraud rose an astonishing 230%! In dollars, Card Present fraud began 2008 at $245.4 million dollars and declined to $111.5 million in 2013. While at the same time Card Not Present fraud went from $128.4 million dollars to $299.4 million (source: ACT Canada). 

The reason Card Not Present fraud increases is because it suddenly becomes the path of least resistance. Since card holder information is essentially no longer useable to create fraudulent cards after the adoption of EMV, bad guys simply use that same information to complete fraudulent online orders on sites and apps that haven’t employed fraud tools. Also, confusion leads merchants to mistakenly believe EMV encrypts card holder information when in fact it is available without additional measures such as encryption and/or tokenization. This card holder information is then used for fraudulent CNP transactions. We anticipate a spike of this type of activity over the next few years until it is curtailed by the adoption of encryption and tokenization. 

For CNP merchants, since we know what is coming our way, now is the time to investigate new technologies to help in the fight. One such product is the industry standard – 3D Secure (3Domain Secure™). The first generation of this product had version 1.0 challenges, but the newest 2.0 version promises some compelling reasons for merchants to give it a second look. Visa and MasterCard are so confident in 3D Secure 2.0 that they are offering merchants and issuers: 

• A liability shift in favor of the merchant 
• Discounted Interchange rates of 12-59 basis points 
• Uses data points to help verify the person entering the card information IS the card holder 

These incentives alone dictate a closer look at what 3D Secure 2.0 has to offer. The impact on a business can be significant to both the top line and bottom line. For sales, merchants who traditionally wouldn’t accept credit cards (due to fraud concerns) but instead opted for wire transfer, ACH or PayPal can now capture those sales they were losing. Also, the discount on Interchange due to lower fraud risk is significant to any seller. 

The first generation of 3D Secure created too much friction for customers and was met with high cart abandonment rates. 3D Secure 2.0 fixed that. Rather than requiring customers to supply additional information, the 2.0 version now works behind the scenes with issuers and data analytics to make better educated decisions. The protocol now allows additional types of information to be collected and used for future transaction authorizations. Things like your email, IP address, phone number, device identifier, etc. tell the system you are in fact the card holder. It’s one of those AHA moments of simplicity.   

Issuers also allow merchants to choose when and when not to utilize 3D Secure 2.0 when processing transactions. By utilizing Risk-Based Authentication (RBA), merchants can choose to employ 3D Secure 2.0 based on items such as high risk SKUs, price points, shipping location, A/B testing, failed fraud screening, etc. It helps reduce the likelihood of a false decline and removes a friction point for enrolled customers. 

About the Author 
Chester Ritchie is SVP of Worldpay US, a leading global payments technology and services company that offers services across the entire payments value chain and in any environment: in-store, online and via mobile devices. To learn more about Worldpay and how to prepare for EMV and beyond, visit www.worldpay.com/us/emv

The mark 3D Secure is owned by EMVCo, and is a service of EMVCo. Worldpay is not responsible for the performance of 3D Secure. This content is not intended to provide a complete explanation of applicable laws, rules or regulations. It should not be considered legal or compliance advice. Individual situations will differ, and any questions or concerns should be discussed with your own lawyers and advisors.