EMV is a security standard designed to protect in-store card swipes from card replication and counterfeit by use of a chip embedded in the card and in card acceptance terminals. EMV, which stands for its three original creators (EuroPay, MasterCard, and Visa), is now run by a joint consortium of the major card networks. The U.S. market is the last major market to deploy EMV. When the U.K. market adopted EMV chip technology several years ago, analysts calculated that fraud in the card present retail environment dropped by almost half while fraud in the CNP environment doubled. It is that lesson that has many in the U.S. worried, notwithstanding advancements in card authentication and other fraud detection tools in the CNP environment developed since then.
CNP merchants already struggle to manage chargebacks at or below thresholds set by the card networks. It can be a tough battle, especially for merchants operating honest CNP businesses within the framework of current consumer protection laws and regulatory policies regarding adequate disclosures and consumer consent. Among other things, these merchants often deal with the “friendly fraud” of consumers who make legitimate purchases and then try to get their money back by a one-click complaint to their credit card issuer, and with chargebacks resulting from card testing by fraudsters that purchased low ticket items on websites with stolen card numbers to see if they have a “live” card.
Payments companies are working to educate their CNP merchants on the potential effects of EMV deployment, but there is a growing sense that many e-commerce retailers are not prepared for the impact. Merchants will incur costs in dealing with the influx of chargebacks and bear responsibility for refunding the larger group of defrauded consumers. With chargeback ratios now a primary factor reviewed by consumer protection regulators as an indicator of potential harm to consumer caused by the merchant, parsing through chargeback reasons to defend your conduct could be a tedious, expensive, and uncertain process.
There are a number of different strategies that may be used in the CNP space to deal with the EMV shift. Many card issuers are looking at authentication strategies and other tools that may help identify fraud before the charge goes through. CNP merchants might consider the use of dynamic passwords as part of the order process though weighing the willingness of customers to take extra steps in an online check-out process may be tricky. Industry experts often advocate for a tiered strategy to fighting online fraud, perhaps based on geolocation information about customers or pricing points of the merchant’s products or services, with more robust strategies focused on the highest risk transactions.
If you are a CNP merchant and haven’t yet addressed the EMV issue, it’s time to talk with your payment processor and payments consultants about available remedies and developing the right EMV response plan for your business. Otherwise, the CNP fraud resulting from the EMV transition is likely to add a complicating layer to an already difficult chargeback management function.