EMV makes it harder for a person in a store to fake their identity via a counterfeit card. Online, it’s starting to look like the Wild West. In The March edition of the PYMNTS Digital Identity Tracker™, powered by Socure, we talk to TransUnion’s Rurik Bradbury about the seismic shift fraud is making to the digital world – and the need for better solutions to separate the good guys from the bad. This, along with the latest notable news and highlights from 110 Digital Identity players (including 9 new additions).
In a recent survey focused on how U.S. consumers are handling the shift to EMV-compliant POS systems, the responses revealed that consumers have little incentive to choose safe and secure payment options. Perhaps even more notable, the survey, which was conducted by the online fraud prevention company Trustev, indicates that while in-store transactions may be more secure as a result of EMV but, as a result, online fraud, which is unaffected by EMV adoption, seems to be ramping up faster than it had prior to the shift to chip-enabled credit and debit cards.
Of the survey participants, only 1.1 percent indicated the use of mobile payments — widely considered to be the best defense against fraudsters — as the payment method most often used to pay for purchases, while almost 61 percent and 29 percent said they primarily use debit cards and credit cards, respectively. On the heels of the survey release, PYMNTS spoke with Rurik Bradbury, Trustev’s CMO (and now VP, Identity Solutions at TransUnion, which recently acquired Trustev), to discuss the ramifications of the shift to EMV and the general state of digital payments fraud.
The ripple effect of EMV, Bradbury said, is what he’s focused on this year. As more stores start enforcing the use of chip-enabled cards, he said, the spike in online fraud has been remarkable. “That’s the seismic aftershock effect of that October (2015) rule change,” he said. The same happened in countries preceding the U.S. with EMV. “With the EMV adoption, what has happened in other countries – Australia, Canada, the U.K. – has been a big rise in online fraud.” Fraudsters, he said, are professionals, and they readily adapt to the changing marketplace. By making it more difficult to commit fraud in-store with EMV, the shift to online (“the next easiest place”) has accelerated. “So what happened after EMV came in countries? Online fraud increased by 80-to-100 percent in the three-year period following.”
Prior to EMV (and still today where still in use), swipe card payments in stores, Bradbury said, were extremely weak against fraud. “You sign for something and they barely check the signature and it could be anything. You could write, ‘Mickey Mouse,’ in many cases and you would just walk out with the goods.” EMV, Bradbury said, offers very strong protection in-store against fraud. But that doesn’t mean consumers like it, he said. And, he added, the chip cards are “prohibitively expensive” for card companies to both produce and replace old cards with.
On top of that, he said, the switch to EMV has been costly to monthly subscriber services, like Spotify and Netflix, as well as other companies and services that have consumers’ card information on file for automatic payments. Bradbury referred to this type of recurring auto payment setup as “the holy grail” for businesses. But, with all the card turnover recently, he said, “that kind of business model of billing a credit card on file is less of a sure thing.”
As far as consumers and chip-enabled cards go, Bradbury said, anything that even slightly makes a purchase experience less convenient or easy is “unpalatable” for consumers. And now, with chip cards, in one store a consumer may swipe and in another they may use the chip and, he said, “most consumers seem to find it rather annoying.”
Traditionally, he said, banks and merchants have held the liability for card fraud, “such that consumers don’t care that much about security, because they’re not liable.” As a result, he said, “It’s conditioned consumers to place convenience far ahead of security and created this strange ecosystem where consumers don’t do very much to stay secure, because they don’t have very much skin in the game.” He added that for consumers, “I think convenience trumps basically everything.”
By extension, what goes for consumers goes for fraudsters. Because EMV is strong against fraud in-store, it has pushed more fraud online, Bradbury said. “It’s kind of like a balloon with air,” he said. “If you squeeze one side, it only gets bigger.”
Before EMV even kicked in, he said, the fraud rate for eCommerce transactions almost doubled from 2014 to 2015. In 2014, he said, .68 percent of total revenues for eCommerce transactions were lost through fraudulent transactions; in 2015, it was 1.32 percent. With the EMV shift and the identity shift, he said, “the amount of money spent online goes up 15 percent each year, and fraud just gets bigger and bigger. So the real question is: Are there ways for merchants of banks to let consumers do business in a hassle-free way that are also more secure?”
The hassle for merchants, Bradbury said, is manual review of transactions. For example, he mentioned one large retailer that has 300 people conducting manual reviews. While this is an extraordinary case, he said, it is common for online merchants to have many people dedicated to manual reviews, which is time-consuming and costly. “All of these companies have reached a kind of breaking point where they’ve got just far too many people doing manual reviews,” he said.
With software integrations like TransUnion/Trustev, he said, data such as email behavior, IP addresses, browsing behavior, device and speed of purchase, is checked automatically and quickly. “It’s really kind of detective work,” he said.
But, while fraudsters are the perpetrators of costly detours, consumers are still in the driver’s seat and, Bradbury said, there’s no reason to expect consumers to take on any additional risk burden in the future. So the focus needs to be on staying ahead of the fraudsters and beating fraud.
In part, he said, new payment technology may help in the long run, but widespread adoption will take time. “I think that Apple Pay, Android Pay and Samsung Pay are chipping away,” he said. “They’re finding more use cases where it actually makes sense to use them. Consumer adoption is growing very slowly, but is growing. It’s a long-term process.”
When it comes to fraud, time equals major losses. The race is on.
To download the March edition of the Digital Identity TrackerTM, powered by Socure, click the button below.