Vicious Cycle: EMV Adoption Leads to CNP Fraud

At the end of last year, Target seemed like an unfortunate choice of name. When criminals stole credit card details on up to 40m cards from the US retail giant, a great brand was tarnished. Target wasn’t the only high-profile fraud victim last year, but it seemed to symbolise the fraud threat.

For retailers, card issuers and cardholders, the adoption of the EMV standard in the US, due to take effect in October 2015, is coming none too soon. With its dynamic authentication protocol that can’t be skimmed and copied like a magnetic stripe, EMV (short for Europay, MasterCard and Visa) has proven to be brilliant at reducing “card present” fraud in Europe, Brazil and other markets. As the technology moves into the US market, similar results can be expected.


That’s the good news. The bad news is that while EMV should make a big dent in card fraud, criminals continue to innovative.

Fraud is like a water-balloon. Quashing it in one place means it will pop up somewhere else. With EMV adoption in the US, an uptick in card-not-present (CNP) fraud is to be expected – mirroring the experience of other markets that have already made the transition.  

For example, when the UK rolled out chip-and-PIN and aggressive antifraud measures, overall card fraud losses dropped by almost 30% – from £610m in 2008 to £440m in 2009.

But fraud has been creeping back up ever since. Since 2011, fraud losses have increased by £110m annually, and 27% of that (£80m) has been attributed to CNP fraud. Only £9m was a result of lost or stolen cards.

In the UK, CNP losses dropped sharply after the roll-out of EMV, from £320m in 2008 to £221m in 2011, reflecting continued improvements in issuer and merchant defences, improved fraud analytics and general consumer awareness. But then they began to rise again, and hit £301m in 2013. CNP also grew as a percentage of UK card fraud losses.  

CNP fraud such as e-commerce fraud is quick, easy, anonymous, and leaves scant evidence – making it a favourite of organised criminals and weekend hackers. The widespread popularity of online shopping, and the proliferation of goods and services available via the Internet, continues to create tempting targets for fraudsters.

While it may be less painful given the lessons learned from those who went before us, history suggests the US will go through a similar cycle. Fraudsters will find alternate avenues and CNP fraud will likely rise for a period. With this learning, retail banks are likely to increase their investments in fraud management technologies to figure out the most appropriate and innovative ways to improve their customers’ protection and experience.


Real-Time Communications

Chip and PIN isn’t the only technology change in the fraud space. Advances in big data analytics for fraud management are continuous, in order to keep up with the ingenuity of criminal rings.

But the final frontier in fraud prevention may be the human element. Better communication with consumers is key. Many retailers and credit issuers are starting to enhance their fraud detection solutions with automated customer communications.

In a recent research survey of more than 2,000 consumers, FICO found that 43% of consumers want their banks to engage with them more frequently on account updates, potential fraud and other non-marketing matters. Proactive fraud intervention, handled in a timely, personalised manner, can quickly generate goodwill and loyalty. Technology is a key factor in this new era of customer communications.

When a suspicious transaction is detected, banks can reach out to customers instantly, using the channel of each customer’s choosing, to confirm whether or not a transaction is legitimate.

This improvement in a bank’s ability to absorb feedback provides a dual benefit. Adaptive analytics systems automatically adjust to new fraud threats; and they automatically loosen their grip when today’s fraud scheme dissipates next week – providing a distinct advantage over rules-based systems that tend to become clogged with outdated fraud rules designed to deal with yesterday’s issues.

For suspicious card transactions, instead of customers receiving a one-way communication hours or days later requesting they call a fraud hotline, most suspicious transactions can be addressed within minutes or even seconds. Instead of a legitimate transaction being declined, customers immediately confirm they are the one using the card, and they are able to continue spending.

Use Analytics to Stay Ahead of Cybercriminals

Advanced behavioural and streaming analytics, coupled with auto-resolution that eliminates both resource and false-positive constraints, make a powerful defense against cybercrime. While an expert analyst is often able to resolve fewer than 20 cases per hour, a virtual analyst can resolve a nearly unlimited number with no staffing increase while keeping customers happy. By proactively intervening in more instances, even where a transaction might be considered moderately suspicious but not highly suspicious, banks catch more fraud.  

Reducing false positives goes a long way towards customer happiness and longevity. Customers frustrated and embarrassed by blocked transactions will eventually take their business elsewhere. The advantage of automated contact systems is that they add real-time communication and verification to real-time detection.

The next step, and one which many retail banks are exploring, is to link card fraud protection with other channels to build enterprise fraud protection, powered by a holistic view of the customer. This has been something of a “holy grail” for years, but advances in technology are making it more possible than ever.

EMV adoption will no doubt have a positive impact on the US fraud landscape. And despite the expected increase in CNP fraud, EMV is likely to hasten the adoption of even more antifraud technologies and help usher in a new era of customer service in banking that strengthens consumer trust in financial institutions.


Related reading