As our industry continues to roll out EMV chip card technology, fraud at the c-store will continue to decline due to the benefits of EMV in combating card-present counterfeit fraud. As this happens, fraudsters will likely shift their focus to other low hanging fruit, such as online or e-commerce fraud where it’s more difficult to verify the identity of the person making the transaction. This is generally what other markets around the world have experienced after fully adopting EMV. Although e-commerce doesn’t play a big role in today’s c-store, I thought it might be helpful to touch briefly on how the payments industry is looking to address a potential rise in e-commerce or card-not-present (CNP) fraud.
According to the latest statistics from the U.S. Commerce Department, e-commerce sales topped $300 Billion in 2014 and are continuing to account for a larger percentage of overall retail sales. As e-commerce continues to grow, we would expect to see a corresponding rise in e-commerce fraud. However, as we saw in other countries, the implementation of EMV can cause e-commerce fraud to spike even more due to the door closing on card-present fraud. In the Canada, for example, in the years after EMV was implemented (2008-2013) fraud related to counterfeit and lost/stolen cards decreased by 58%, whereas CNP fraud rose by 133% according to an Aite report.
Quite a few technologies exist to aid in authentication for CNP transactions, such as one-time use passwords, secret questions, device authentication tools and even biometrics like fingerprints and facial recognition. These technologies vary in terms of their effectiveness, their impact on the consumer’s experience, and the cost to integrate them into the payment process, which can impact adoption by merchants and processors. In April 2015 the EMV Migration Forum published a whitepaper that covered current best practices for securing CNP transactions. In addition to the authentication methods mentioned above, the whitepaper describes three additional approaches to curbing CNP fraud.
- Fraud Reduction Tools – When a transaction is performed, all of the data associated with that transaction (consumer, payment method, products ordered, etc.) can be analyzed to evaluate the risk that the transaction is fraudulent. A merchant or payment processor can use this risk scoring to decide whether to approve a transaction.
- 3-D Secure– This is a standard communication protocol supported by the card brands that merchants and issuers can integrate to for better cardholder authentication. It primarily incorporates the use of passwords that the consumer must provide to proceed with a transaction.
- Tokenization – This involves replacing the card holders account number with a different number that has no value for fraudsters. The tokens can either come from an acquirer after a transaction is completed and stored by the merchant, or presented with the transaction as it is with Apple Pay.
Overall, most stakeholders in the payment industry agree that there is no “silver bullet” for eliminating fraud, but instead merchants and processors need to deploy a variety of these tools to increase payment security. For retail petroleum operators, the near-term focus should continue to be on securing card-present transactions through the rollout of EMV, although by learning about these additional tools you can begin preparing for the future as more and more transactions are completed without a physical card.
For additional resources on the EMV migration to the US and its impact on our industry, please see:
- Gilbarco’s EMV informational web-page
- Previous Gilbarco blog posts on EMV:
- November 2014 – Fraud at the Pump – How EMV Can Eliminate “Pump and Dump” Schemes
- January 2015 – EMV Made Easy – How the Consumer Experience Will Change
- March 2015 – Have My Chip – Now Where’s My PIN?
- April 2015 – EMV Liability Shift Dates Standing Firm
- May 2015 – Credit Card Fraud and EMV in the News
- Product Opportunities to create an ROI from the EMV Migration
- EMV Migration Forum – Knowledge Center