The Eve of EMV: What eCommerce Businesses Need to Know
By Jen Kijek, Director of Strategic Alliances at LYONSCG
Tomorrow, October 1, 2015, marks a tremendous milestone in the credit card industry. It is the deadline for US merchants to support EMV for card-present transactions, or else risk being liable for any fraudulent transactions at their stores.
What is EMV?
EMV (short for Europay, Mastercard and Visa–the three organizations that developed the initial specifications for the system) is the global standard for processing credit and debit card payments using cards that contain microchips rather than magnetic stripes. Today, EMVCo, a consortium including American Express, Discover, JCB, MasterCard, UnionPay and Visa, manages and enhances the open-standard specifications for the system. The purpose of EMV payments is to “ensure worldwide interoperability and acceptance of secure payment transactions.”
How does EMV work?
As mentioned, the main function of EMV is to reduce credit card fraud resulting from counterfeit, lost and stolen cards. These smart payment cards combat fraud by leveraging a microchip called an Integrated Circuit Card (ICC) that holds sensitive account data instead of using the traditional magnetic stripe.
The issue with magnetic stripes is that they contain unchanging data, meaning that if someone steals the data contained in the magnetic stripe, the theif can then embed the stolen data into a different magnetic stripe, apply it to the back of another card, and use the counterfeit card to make a purchase in a store. Not very secure, right?
Unlike magnetic stripe cards, each time an EMV card is used for payment, the chip creates a dynamic transaction code that can’t be replicated, and so stolen card information from a point of sale machine would not be reusable.
So what happens tomorrow? Currently, if a merchant processes a fraudulent card, the card issuer absorbs the cost. After tomorrow, if someone pays for a purchase at your store with a fraudulent chip card, and a merchant hasn’t upgraded to an EMV reader, the liability is owned by the merchant, not the card issuer.
How does this affect eCommerce?
While the security features of EMV are great protection against fraud for card-present purchases, they aren’t really applicable to online purchases. Because it will be harder to make fraudulent charges in-store, fraud is likely to become more prevalent online.
According to PaymentsSource, payment card-present fraud dropped by 35% in France between 2004 and 2009 after the implementation of EMV, but domestic card-not-present fraud losses increased more than 360%. Similarly, while the United Kingdom saw a 58% decrease in card-present fraud, their card-not-present fraud increased 100% in the five years following EMV adoption. Other countries, including Australia and Canada, experienced comparable spikes in online fraud as well.
This means now is a good time to review online fraud prevention initiatives and verify that the right tools and resources are in place for your eCommerce store. LYONSCG has several partners including CyberSource, Accertify and Riskified, that can assist in this effort as well. It’s important to be proactive when it comes to matters of security on your eCommerce site so that you can focus on providing the best experience for your customers and continue to expand your business.
Want to learn more? Contact us.