Why those chips in your credit cards don’t stop fraud online

In This Article:

Chip cards haven’t slowed down online credit card fraud.
Chip cards haven’t slowed down online credit card fraud.

My wife and I recently marked the third anniversary of the credit card industry’s formal transition to “EMV” smart-chip security in the lamest way possible: by having to get two of our cards replaced after a $970 purchase at Lenovo’s online store that neither of us could remember placing.

This wasn’t the first time since the advent of circuitry in U.S. cards that we’ve had a fraudulent transaction happen online despite the chip’s added security. And it almost certainly won’t be the last.

Why? Because most of the card industry’s work to lock down in-person purchases has done very little for online transactions. Meanwhile, a bout of data breaches has given fraudsters more material for phony purchases.

Pushing fraud from offline to online

To card issuers’ credit, they warned us that this exact thing could happen. EMV—originally short for Europay, MasterCard and Visa—is designed to stop card counterfeiting, in which a thief copies the account data stored on a card’s magnetic stripe and uses that to make a new card.

It’s worked exceptionally well at that: In June, Visa (V) announced that at merchants accepting EMV purchases, counterfeit card transactions plunged by 75% from September 2015 to March 2018. But that hasn’t made a real difference in the larger universe of fraud.

As the share of in-person transactions decline and digital transactions increase, the overall fraud rate is inching up—a three percent increase in 2017,” said Margaret Reid, a senior vice president on Visa’s global risk department. She noted that this overall rate “remains near historic lows – less than one-tenth of one percent.”

Visa did not release figures on fraudulent “card not present” transactions online and over the phone, but a third-party research firm’s numbers show that’s soaring. U.S. CNP losses went from $3.2 billion in 2015 to an estimated $4.4 billion 2018—and by 2020, they will have more than doubled to hit $5.9 billion, said Aite Group spokeswoman, Julie Conroy.

In other words, making one kind of fraud harder has yet to lead fraudsters to make an honest living.

If you were to think about fraud traditionally, think of a balloon. You could squeeze/reduce the air in one part and it would flow to another part,” MasterCard (MA) spokesperson Robyn Cottelli said in an email. “That’s what you’ve seen as new technologies are introduced in-store or online”

Rivka Little, research director for payment strategies at IDC Insights, credited a flood of data breaches of personally identifying information (PII). “We have seen the largest amount of PII data matched with card data in the black market in history in the last 18 months,” she said. “It’s crazy, it’s just everywhere at this point.”