Embracing EMV technology and instituting tokenization are vital steps when fighting fraud. However, do these two new emerging technologies in the US mean that financial institutions should rely on only EMV and tokenization to prevent fraud?
Credit Card Tokenization
Tokenization and EMV secured cards are devised to make payment information more secure. EMV credit cards offer a higher level of security than traditional cards by creating a unique transaction code that will not be used again. This is unlike the current cards that carry a magnetic stripe because the magnetic stripe on a debit card or credit card contains personal information that doesn’t change. So, if a criminal copies the stripe, the information can repeatedly be used. The new EMV credit cards have an embedded microchip that encrypts information during a transaction and protects against the counterfeiting of cards. When using an EMV-enabled card, the unique code that is created cannot be applied to more than one a transaction. Thieves will not be able to duplicate a transaction quickly to obtain your card information due to this one-time code.
EMV protection is intended primarily for point-of-sale payments. EMV offers protection when a card is used in person. Tokenization, on the other hand, is more focused on card-not-present (CNP) transactions, helping to increase security for online and digital transactions. The major difference, of course, is that the physical card is not used to transmit data.
Much of the rest of the world already uses EMV, or “chip”, technology to mitigate counterfeit card fraud at the point of sale (POS) – and has for many years. Resulting predictions are that the upcoming conversion to chip in the US will decrease counterfeit fraud as we have known it, but only to then shift fraudsters to other fraud types. This has been seen in other EMV-adopted countries such as Australia, Canada, and many countries in Europe. Most see that the shift will follow the path of least resistance – CNP transactions. Today, CNP fraud currently accounts for nearly one-third of payment card fraud in the United States. Expect to see the numbers shift dramatically as merchants roll out chip payments and technology. Compounding the problem, credit and debit card purchase volumes in the US are expected to grow by more than 150% over the next three years, and mobile commerce sales are predicted to continue growing at a double-digit pace.
The Road Ahead to EMV Migration
But there is still a long road ahead before the US is fully migrated to EMV chip technology. About 15 million point-of-sale terminals, 360,000 automated teller machines, and 1.1 billion payment cards all need to be upgraded! While many retailers and financial institutions have been ready for this change, experts predict that it will be well into the 2020’s before we reach over 95% of POS terminals fully enabled. It will be greater than five years before we see tokenization payments having an impact on fraud, but tokenization does have the promise to help mitigate fraudulent CNP transactions. And as we saw with Apple Pay, while tokenization wasn’t compromised, fraudsters did use social engineering to gain appropriate credentials and make fraudulent transactions.
Both approaches, EMV and tokenization, are undeniably strengthening the payments chain, and FI’s should absolutely take advantage of these fraud fighting capabilities. At the end of the day, fraudsters will always find ways to exploit the weak spots and FI’s should be ready to circumvent these attacks with a multifaceted approach that includes not just EMV chip and token technology but one that also includes real-time transaction monitoring. Monitoring behavior and patterns of transactions will always be one of the best defenses against fraud and is part of the FFIEC guidance around security of payment channels.
Take the work begin done at FIS as an example. FIS is addressing these by continuing to build out a comprehensive and holistic fraud detection and resolution solution set. To keep pace with today’s ever-changing world, the FIS fraud prevention system as a whole is being transformed into a multi-form factor behavioral profiling analytics solution. The system currently supports Device Profiles, Merchant Profiles and as standard cardholder profiles. Incorporation of tokenization will be a future-model build into the Neural Network.
FIS is also exploring machine learning capabilities, which will supplement the current system as well that are a different form of authentication and monitoring. Additionally, FIS has the flexibility and agility to defend against fraud, leveraging technologies like Adaptive Analytics, substantially increased flexibility in decisioning, improved capabilities in fraud strategy management, and increased integration with cardholder controls, alerts and enhanced two-way messaging, enabling a smooth, seamless and confident customer experience.
And you? What steps are you taking in the fight against payment fraud?