My fellow FICO bloggers and I have long been advocates for the adoption of the EMV (Europay, Mastercard, Visa) standard in the US, which will boost security for payment cards. But it's critical to remember that EMV adoption is not an anti-fraud panacea.
EMV technology (featuring an embedded chip which enables dynamic, rather than static, authentication credentials) has proven highly effective in reducing counterfeit card fraud in Europe, Brazil and nearly every market where it’s been adopted. However, fraud is a moving target. Quash it in one place, and history demonstrates that it will pop up somewhere else.
Case in point: When the UK rolled out EMV, fraudsters quickly refocused their efforts on cross-border counterfeit fraud and card-not-present (CNP) attacks, where they could bypass the new EMV protections. Fraud temporarily spiked, driven largely by CNP fraud, which grew in overall volume as well in terms of its percentage of card fraud losses (from about 40% prior to the EMV rollout to 72% two years later). We’ve seen similar CNP fraud spikes in other markets adopting EMV.
Card-not-present fraud is quick, easy and anonymous, and leaves scant evidence—making it a favorite of organized criminals as well as weekend hackers. The growth of online and mobile shopping only serves to increase the temptation and opportunities for fraudsters.
But the same mobile and online channels being exploited by fraudsters also offer banks a golden opportunity to fight fraud—while building customer loyalty and trust in the process. When a potentially fraudulent transaction is detected, banks can reach out to customers instantly—by voice, text or email—to confirm whether the transaction is legitimate. These two-way automated dialogs enable suspicious transactions to be addressed within minutes or even seconds.
And fast, proactive fraud intervention builds goodwill among customers. While nobody likes being inconvenienced by a hard decline at point-of-sale, customers appreciate less obtrusive transaction validations and their banks’ efforts to protect their financial health.
While an expert analyst is typically able to resolve fewer than 20 cases per hour, a virtual analyst can resolve a nearly unlimited number of cases. By proactively validating transactions in more instances, banks catch more fraud—and keep more customers happy. And by constantly feeding the real-time results of these customer interactions back to analytic systems, banks can continuously improve the accuracy and adaptability of fraud detection. Thus the cycle of benefit continues.
Banks are also beginning to use mobile phones to fight fraud through proximity correlation. This technology compares the physical location of a cardholder's mobile phone against the location of the point-of-sale terminal where the card is being used. If a consumer makes a call on a mobile phone in Manhattan within five minutes of making a physical purchase in Texas, the odds suddenly become much greater that the purchase is not legitimate.
In the end, EMV adoption will no doubt have a positive impact on the US fraud landscape. It will also plug the biggest remaining hole in other countries’ efforts to fight counterfeit fraud through their own EMV programs, by closing the door on cross-border fraud. And, importantly, it is likely to hasten the adoption of even more anti-fraud technologies. Forward-looking banks will not only look to counter EMV's ancillary effects, such as the expected CNP fraud increase, but will also recognize this as an opening to differentiate themselves by building more relationship-based fraud management.