A Tsunami is Coming

Some of them tower higher than skyscrapers.  Some of them move rather quickly while others cover a leisurely few centimeters per second. They travel great distances around our globe, totally invisible to the naked eye.  Why?  Because these giant waves, Tsunamis by any other name, are born, live and die completely beneath the surface of the seas of the Earth.  Makes you wonder what else we may be overlooking, doesn’t it?

As I read that story in the MIT Technology Review, my mind wandered off the reservation and wound up in the land of Chip and Pin, also known as the land of the Europay-MasterCard-Visa chip cards that are scheduled to replace magnetic stripe payment cards in 2015. When this happens, it will become much more difficult for the perpetrators of fraud to put one over on the brick and mortar merchants. At the same time, it will most likely start a tidal wave of card-not-present (CNP) fraud.

In Canada, which began converting to EMV cards in 2008, CNP fraud more than doubled.  In the United Kingdom, where the EMV conversion began about a decade ago, CNP fraud increased 64% between 2005 and 2013.  Australia’s CNP fraud also jumped when the country migrated to chip cards. The experiences of these other countries suggests that CNP fraud will migrate to the shores of the United States in short fashion. In the words of Karisse Hendrick, program manager, Americas, at the Merchant Risk Council, “There’s kind of a tsunami coming.”

CNP fraud currently accounts for about 45% of all U.S. card fraud. And, it is already on the increase in the U.S. even though chip cards currently account for only a low single digit percentage of a market with more than a billion payment cards.  Add to that the fact that a major EMV deadline that will shift liability for counterfeit point of sale transactions to the non-EMV capable party – the merchant or the card issuer – is still a year out.  Experts estimate that CNP fraud will more than double by 2018 to over $6 billion in the U.S.

Remember, CNP stands for card not present.  The problem, very simply, is that merchants are conducting credit transactions without the credit card being present.  They are conducting business with the equivalent of a person pulling a piece of paper out of his, or her, pocket and saying, “I don’t have my card with me and I have no identification, but here is my credit card number.” 

The merchant shrugs and says, “Okay.” They conduct their business and the fraud is perpetrated because the credit card number was hacked at the local big box store last Christmas.

A simple way to take care of this problem would seem to be – DON’T CONDUCT CREDIT CARD BUSINESS IF THE CARD IS NOT PRESENT!  NO CARD, NO MERCHANDISE! Simple, right!?  But, what about the internet?  This is where much of the CNP fraud takes place.  How do we fix the internet?  In 2014’s first quarter, online sales volume totaled $71.2 billion.  It accounted for 6.2% of all retail sales.  A CNP credit card transaction is nearly three times riskier than its face to face equivalent. Having just one solution is not going to get the job done.  I really doubt that one size is going to fit all.  What would help?

A password could be established with the issuing financial entity and the card holder.  Any purchase would require that password before a transaction could take place.

Then, there is a process called tokenization.  Tokenization replaces critical card information with random data strings that are useless to fraudsters.  Tokenization has been around for a while but, it is believed that tokens are about to get a bigger piece of the pie known as payment card risk control as technology for generating and distributing them advances, and as mobile payments gain ground.

Yes, there may be a tsunami coming. There very well could be one already upon us, lumbering just below the surface. What will you do? Will you wait until the tidal wave hits, or will you prepare. At POS Plus, we provide solutions. Let us provide a solution for you.

     In preparing this article, I relied heavily on an article entitled, “Unintended But Predictable,” written by Jim Daly. This article appeared in the September 2014 issue of  Digital Transactions, on pages 34-38.