Digital Transactions Authoritative, insightful and timely information for payments professionals
The coming of Europay-MasterCard-Visa (EMV) chip cards to the U.S. has many American merchants worried about the inevitable shift of credit and debit card fraud from the point of sale to online channels. EMV cards, while highly effective in thwarting counterfeiting and related card-present fraud, offer no more fraud protection on the Internet than the magnetic-stripe cards they will eventually replace. In the United Kingdom, card-not-present fraud shot up to 62% of all card fraud in 2010 from 30% in 2004, the year the U.K. began its big EMV conversion. And Canada, which converted to EMV later in the decade, saw online fraud jump from 31% of all card-fraud losses in 2008 to 50% in 2010, according to processor First Data Corp. Online channels remain the major sources of card fraud in those countries today.
Today, U.S. payments executives are abuzz with talk about how to mitigate the expected spike in online fraud after a major EMV deadline in October 2015, with proposed solutions ranging from more use of existing but underutilized anti-fraud services to tokenized transactions, biometrics, and other remedies. But merchants experienced in combatting online fraud suggest better use of in-house data may provide the most effective remedies.
For example, Southwest Airlines has reduced its online fraud by 75% since it began implementing new controls and deploying software about five years ago that mines its internal data for fraud indicators, according to Chris Priebe, director of payment strategies in Southwest’s treasury operation. The reduction is especially significant since 83% of the Dallas-based carrier’s bookings are made online, according to Priebe, who participated in a panel about card-not-present fraud Monday at the BAI Payments Connect conference in Las Vegas.
Priebe tells Digital Transactions News that Southwest as well as other online merchants began buying solutions from Kount Inc., Accertify Inc., and other vendors in 2008 and 2009 that help them analyze their customer data and put it to use in rejecting potentially fraudulent transactions. In Southwest’s case, the carrier had plenty of data about which routes had high fraudulent booking levels, which times of day tended to have the most fraudulent transactions, and the like.
“Most of them get back to the same principle—do you know your customer?” he says. He adds that the return on investment in the fraud-prevention applications “was in a matter of months.”
In contrast, some of the fraud-prevention measures available from the card networks, such as card verification values (CVVs), the codes on the back of a bank card, and the Address Verification Service (AVS) can help but are not as effective as in-house data in preventing fraud, according to Priebe. Fraudsters, for example are now sophisticated enough to know that they need an address associated with the stolen card credentials they’re using, he says.
Southwest will be on the alert as EMV takes hold in the U.S., according to Priebe, but he’s not expecting the online fraudsters to run wild. “It won’t be as bad as what we’re seeing in Europe,” he told the BAI audience.
Priebe and other panelists grappled with the issue of securing Internet transactions while still making payments fast and easy for consumers. No one had any magical answers. “We can make something as secure as you want to, but it will be a really crappy user experience,” said Peter Tapling, chief executive of Authentify Inc., a Chicago-based authentication-services vendor.
