This October
marks the first anniversary of the official adoption of EMV chip-enabled credit
and debit cards. The move away from traditional magnetic swipe cards is
intended to minimize fraudulent transactions. Now 88% of MasterCard U.S. consumer
credit cards have
chips, a 105% increase since the October 1, 2015 adoption deadline. However,
only about one-third of retailers have chip-active terminals. After the
deadline had passed, liability for fraudulent credit card transactions has
shifted from credit card companies to merchants.
While not
many merchants have adopted EMV technology, the chip cards are already helping
cut down fraudulent in-store purchases where the technology is present.
MasterCard reported a 54% decrease in counterfeit fraud costs at U.S. retailers
that have adopted the technology, or are close to completing the implementation.
This decline in fraudulent activity represents why merchants should make the
switch to EMV. For U.S. merchants that haven't implemented the technology,
counterfeit fraud costs increased by 77% year-over-year.
Although the
adoption of EMV technology is keeping fraudulent activity down in stores with
chip-enabled payment terminals, it's leading to a soar in online fraud. According
to a report from Forter, online fraud attacks rose 137%
between the second quarter of 2015 and the first quarter of 2016. Criminals are
going digital to cash in on counterfeit swipe cards before they're obsolete.
Even then, chip cards only really boost security in-stores, where the card has
to be present.
To mitigate
the risk of online fraud during the move to EVM, these tips for e-tailers will help them defend their business
and customers against fraudsters.
Maintain PCI Compliance
To ensure
the security of customer data, all merchants are required to comply with the
Payment Card Industry Data Security Standard (PCI DSS). But, once you achieve
compliance, you have to work to maintain it. The PCI DSS standard continually
evolves to react to new threats, and your business must adapt with it. Stay
updated on the latest requirements to ensure you are employing the best fraud
prevention strategies and policies to safeguard your business.
Match the IP Address
and Credit Card Address
If your company operates globally, look out for international
IP addresses that don't match the address associated with the credit card being
used. Addresses that don't match up are a red flag. If the person is the real
owner of the card, then they will contact their credit card company to let them
know that are traveling or moving abroad. Prevent fraudulent transactions by
restricting purchases from IP addresses where you don't offer shipping.
Always Require a
Security Code
The security code is the number printed on the back of the
credit or debit card. Requiring your customers to submit the security code
ensures they have the card in their physical possession. In most cases,
fraudsters do not have the card in hand. Since the magnetic strip does not
store the security code, criminals do not have this number.
Monitor Card Entry
Attempts
It's not uncommon for customers to mess up their credit card
information one or two times when entering it on your site. But, when it
happens more than a few times, it's a red flag. Many fraudsters will enter
multiple credit card numbers in a row until they get a hit. Restrict the number
of times a customer can enter their credit card number incorrectly and prohibit
them from the site once they've reached that number. Your online credit card
processing service may automatically restrict the number of incorrect entries.
Use Credit Card Verification and Address Verification Services
These services may be included with your online credit card
processing service and also come as independent solutions. A Credit Card Verification system uses
reported trade line activity to confirm that the credit card number matches the
consumer's identity. The Address Verification Service (AVS) matches the numeric
address and zip code entered by the customer as the billing address with the
information on file at the bank.
By being proactive about cybersecurity, online retailers can
minimize the risk of fraud and keep their customer's information safe and
secure.