Beyond EMV: Actions Retailers Must Take Against Fraud

Years ago, fighting fraud meant plastic cards and cops and robbers. Someone made fraudulent use of a plastic card, and all the effort was spent chasing the paper trail.

Nowadays it’s all about technology. Companies need to employ the latest technologies that can help them proactively forecast, analyse, identify and mitigate fraud.
As “smarter” devices and broader access to the internet expand to every corner of the world, consumers are increasingly living a digital life, including shopping more online. Just as the infamous American Willie Sutton robbed banks “because that’s where the money is,” today’s fraudsters look for ways to take advantage of the growing impact and use of online banking and payments.

Today’s fraudsters are very different from the adversaries of five or 10 years ago. Interpol noted that more criminals are “exploiting the speed, convenience and anonymity of the Internet” to commit their crimes and recognise a financial gain.

This is why the industry is continuously evolving security solutions to support and provide additional peace of mind for the next generation of payment products and services.

EMV/Chip Technology

This year, news reports of major retail data breaches seem to surface on a weekly basis. In the wake of these events, Europay, MasterCard and Visa (EMV) chip technology has gained even greater interest.  The EMV global technology standard was created more than a decade ago and is already widely used in Asia and Europe.  

The importance of the standard is that it makes data much more secure. Even if the transaction data is obtained, it is much more difficult, if not completely useless, to attempt to replay that information and create fraudulent cards or transactions.

The US is now migrating to this technology. It is estimated that more than 575 million chip-enabled credit and debit cards will be in the hands of US consumers by the end of 2015.
The message is clear – the move toward enhanced security for cardholders and merchants is real and tangible.

Beyond EMV

But while chip is important for payment card security, there is not one silver bullet or one single solution to drive further security. It will be a planned intersection of solutions and technologies, such as point-to-point encryption and tokenisation. EMV is simply the foundation of these activities.

Simply put, tokenisation is when the traditional account number is replaced with a “token” or unique identifier for online or mobile payments. When deployed, tokenisation removes the need for merchants, digital wallet operators or others to store account numbers.

Last fall, MasterCard and others announced the industry tokenisation standard to ensure consistency for merchants across the globe. This allows for the security of the physical point of sale to be upgraded, while building a foundation that allows secure, contactless in-app online payments. They’ll use the same methodologies and technologies online that are being used in physical cards.

Activating the Security – Retailers

Retailers – and businesses of all types – must remain vigilant at all times, constantly monitoring the safety processes set in place and security of their systems by conducting security audits, have a company incident management process,  and keep abreast of the latest technological advances.

Ensuring compliance with PCI (Payment Card Industry) security standards is a vital first step. From there, retailers should look to set up a strong defensive perimeter with traditional security technologies such as firewalls, intrusion detection, and antivirus software.

Retailers should also know about the different types of card fraud and how to be on the lookout.  But, this cannot happen only at the corporate level. The employee that interacts with your customers on a daily basis needs to know how they play a role, including:

  • Incorporating fraud prevention into employee training
  • Posting fraud prevention reminders and materials in employee areas
  • Offering incentives for employees who prevent a fraudulent transaction.

Activating the Security – Consumers

Consumers also have a role in protecting their information. Fraudsters try to dupe unsuspecting individuals into disclosing personal data through phishing efforts that involve phone calls, SMS messages and emails purporting to be from a legitimate financial institution.

Should a phone call, SMS or email appear suspicious, do not respond without making some independent verification. Many people also don’t think twice about sharing their personal information on social media. Fraudsters often gather important pieces of personal information on social media websites, thus helping them to commit fraud with greater ease.

Consumers should also monitor their banking and payment card statements to identify and flag any fraudulent or unauthorised purchases. If anything outside of the norm appears, they should contact the bank that issued their card to help address the matter.

Bottom Line

Building a 10-foot-high wall around financial data is no longer enough, because fraudsters are scheming to devise even taller ladders. Criminals will always try to steal your money. It will take a collective effort from banks, retailers and consumers make sure they’re never successful. As technology evolves, security must evolve with technology in tandem.


Related reading