The day has come and gone. It has been more than a month since the EMV’s adoption deadline (Oct 2015) here in the United States. The highly-anticipated adoption of the Payment Networks’ Liability Shift associated with EuroPay, MasterCard, and Visa (EMV) has taken effect in the U.S., but retailers and merchants are lagging.
Well, not all retailers and merchants. The adoption is primarily lagging when it comes to smaller retailers and e-commerce merchants. Intuit recently released results of a survey among small businesses. The survey results outlined the following key points:
- Awareness of the October deadlines for EMV adoption is low among small retailers and most have not committed to the change.
- Few owners have an understanding of the implications and financial and legal liability.
- Alleviating concerns that small businesses have over cost of the new card reading equipment will have the greatest impact on successful conversion.
- The biggest opposition for conversion to EMV will be small businesses because of their low awareness and budget restrictions.
Small businesses need to get on the conversion train or they will be left behind. Even more than being left behind, they will likely be targeted by fraudsters. The cost for them will be much more than new point-of-sale equipment; the ultimate cost will be their new liability for fraud, mainly counterfeit cards.
But what about e-commerce merchants with card-not–present (CNP) transactions? Will EMV make a difference for their transaction business? The simple answer is no. For all the advanced protection it provides, the EMV migration does pose a threat to e-commerce merchants. The primary advantage of using an EMV card is the prevention of counterfeit card-present (CP) fraud. The embedded chip in an EMV creates a dynamic authorization code for each transaction, even if the card number and other sensitive data is stolen the thief will not be able to replicate the code generated by the chip. However, the chip is not being read by a terminal in an e-commerce transaction so it has no effect. In other countries, issuing banks have provided devices that cardholders can connect to their computers to use their EMV cards for payment, but they are not widely used and have not been implemented in the U.S.
Based on EMV migration data from other countries, it is expected that increased use of EMV cards will result in a reduction in card-present counterfeit fraud and a simultaneous increase in card-not-present fraud. Merchants with card-not-present systems should be advised to increase their fraud monitoring and detection capabilities.
What can e-commerce businesses do to mitigate card-not-present fraud? They need to implement a system of authentication that works for their particular business and enhances inspection of their card-not-present transactions. The most cost-effective way to do this would be an identity authentication process combined with a secure payment gateway. “Important factors for success will be not only effectiveness in reducing CNP fraud, but also ease of merchant implementation and customer ease of use,” according to EMVCo, developed by the Smart Card Alliance. Some techniques and tools for implementing verification for e-commerce businesses are:
- Continue PCI compliance
- Use an address verification service (AVS)
- Confirm the phone number and transaction information before shipping products
- Take advantage of fraud prevention services available from credit card companies such as Verified by Visa or MasterCard SecureCode
- Verify card security codes
- Investigate priority shipping requests (especially if free shipping is offered)
- Validate unfamiliar orders from repeat and regular customers
It’s estimated that 40% of the world’s cards and 70% of its terminals used outside of the U.S. are using the EMV standard.
Currently, the U.S. EMV adoption rate is stagnant and while some are content to let the financial industry run its own course this laid-back approach cannot last. Small businesses need to adopt EMV, there is no way around it. On the other hand, e-commerce businesses must adapt to the possibility that card-not-present fraud will increase and implement additional verification tools to combat this problem.
We will continue to share our thoughts and recent news about the industry and the EMV adoption process going forward. Until then, we hope you’ll follow the conversation and share your thoughts with us on Twitter, Facebook, and LinkedIn.