In October this year, there will be significant changes to the payment networks, with the introduction of EMV in the US.
For those that don’t know, EMV stands for Europay, MasterCard and Visa. EMV is the new worldwide standard for chip cards (technically called integrated circuit cards).These debit and credit cards are integrated with a chip that allows for the use of EMV protocol when used with an Integrated Circuit Card compatible point of sale or an ATM (automated teller machine).
If you’re based in the UK, chances are you have already got an EMV-enabled chip card in your wallet. In the US, banks have been slowly rolling out chip cards this year, in time for the proposed changes on 1st October.
What’s so great about EMV?
Since the 1970s, banks have issued debit and credit card with magnetic strips that contain all of the necessary information to process a purchase made in a store. The problem with these cards is that they leave payment information pretty vulnerable and make it fairly easy for criminals to steal it using their own card readers.
The great thing about EMV chip cards is that they make it much more difficult for criminals to steal this data and use it to produce counterfeit cards that they can use in a store. They’re much more secure, as they use a unique one-time code that is generated behind the scenes to approve the transaction, as it is processed by the POS or ATM.
Whilst the chip cards being issued will still have a magnetic stripe on the back for merchants who have not updated their terminals, it is hoped that this move will encourage them to do so in the very near future.
What’s happening in October?
Something else that should encourage merchants to update their payment terminals is the proposed change for October. As it currently stands, if a criminal commits debit or credit card fraud, it is usually the card issuer that will be held responsible for the loss. This results in card issuers making significant losses every year.
However, from October the rules will change and make merchants responsible for card present fraud. In order for them to be held responsible, the credit card used for the purchase by the criminal must have been issued with a chip. The merchant must also process the purchase as a card swipe or key entered transaction (because they have not updated their payment terminal or failed to use it) and the account owner of the credit card must claim the transaction as fraudulent.
How will this affect eCommerce?
Card counterfeiting currently accounts for 37% of all US credit card fraud, however the introduction of EMV is expected to lower this figure significantly, as this has been the case for all countries that have implemented EMV, including the UK.
The trouble is that it doesn’t mean the end of payment fraud. Unfortunately making card present fraud more difficult for criminals actually makes online fraud or ‘card not present’ fraud more attractive. As a result of EMV, the US is likely to see a sharp rise in online fraud, just like the UK did.
According to Aite Group, the UK saw a rise of 79% in card not present fraud in the first three years after it switched to chip cards. Online fraud also doubled in Australia and Canada for the same reason.
What does it mean for your Magento implementation?
A likely rise in eCommerce fraud means that Magento merchants really need to step up their game and ensure the necessary measures are taken to decrease the chance of criminals making fraudulent purchases. It is essential that you keep your Magento installation up to date and that you make use of payment and security plugins to help eliminate the work of fraudsters.
Those who are prepared for the backlash of EMV and have a good risk management strategy in place will find it much easier to prevent online fraud and manage risk effectively.
For more information on how to increase the security of your Magento implementation, feel free to get in touch with the Magento eCommerce Agency.