Light Dark
December 29, 2016 By Rick M Robinson 2 min read
Fraud Protection
Retail

The U.S. was not an early adopter of chip-and-PIN credit cards, lagging behind major European countries and others. But more than a year after the official mandatory shift to this technology, the transition has reshaped most credit card transactions. As a result, the rate of credit card fraud is down sharply.

Catching Up With Chip-and-PIN Credit Cards

The compliance standard associated with these cards is known as Europay, MasterCard and Visa (EMV), after the card issuers that originally came up with it. The standard is now independently administered.

EMV became mandatory in the U.S. in October of 2015, at which point liability for fraudulent transactions using non-EMV cards shifted from banks to retailers. While most large retailers, which account for the majority of credit card sales, have adopted compliant card-reading technology, many smaller retailers have not yet shifted. That puts them at risk of fraud — and they could be left holding the bill for any monetary losses.

Chip-and-PIN credit cards contain a chip that communicates with EMV-capable card readers at the point of sale, generating a unique transaction code that makes fraud involving physical credit cards much more difficult.

The good news is that, a year after the shift in liability, chip-and-PIN credit cards are now widespread and used in most transactions. According to Arc, a study by MasterCard found that 88 percent of MasterCard-issued credit cards now contain the chips, and about 9 out of 10 cardholders use them. This represents a 38 percent increase since the new standard went into effect.

A Long Way to Go

Many retailers, however, continue to lag. MasterCard registered some 2 million EMV-compliant merchants, which represents about 33 percent of U.S. retailers. Some of the remaining two-thirds may not take MasterCard, but it’s clear that many retailers still have not adopted EMV-compliant card readers at their checkout stands.

That said, 1.3 million of the compliant merchants are described as “regional or local merchant locations,” representing a one-year increase of 159 percent. These merchants are making substantial progress toward compliance, even if they still have a long way to go.

The effect on fraud is striking. The level of fraud among compliant retail merchants is down by 54 percent, according to the MasterCard study. Meanwhile, the cost of fraud to noncompliant merchants increased by 77 percent in the period between April 2015 and April 2016.

As the reality of this divergence sinks in, retailers of all sizes will see a continuing incentive to adopt EMV technology to gain the full protection of chip-and-PIN credit cards.

Download the 2016 IBM X-Force Report on Security Trends in the Retail Industry

 |  |  |  |  |  | 
Rick M Robinson

More from Fraud Protection
October 30, 2023

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

August 23, 2023

Remote access detection in 2023: Unmasking invisible fraud

3 min read - In the ever-evolving fraud landscape, fraudsters have shifted their tactics from using third-party devices to on-device fraud. Now, users face the rising threat of fraud involving remote access tools (RATs), while banks and fraud detection vendors struggle with new challenges in detecting this invisible threat. Let’s examine the modus operandi of fraudsters, prevalence rates across different regions, classic detection methods and Trusteer’s innovative approach to RAT detection through behavioral analysis. A rising threat As Fraud detection methods become more and…

August 17, 2023

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature