Fraudsters Evolve to Tackle EMV Technology

The move to EMV technology is designed to reduce counterfeit credit card fraud. However, as merchants and other businesses prepare for the EMV liability shift, fraudsters are taking notice and evolving their tactics to “beat” the new security measures. In sum, a move meant to improve security may, in the short-term, move fraudulent behavior to the online environment or identity fraud such as application fraud and account take over.

According to Javelin Strategy & Research, a new case of identity fraud occurs every two seconds. With this as a backdrop, institutions need to take extra measures to verify the identity of the customers they serve. For starters, merchants must maintain tighter controls of the consumer data they distribute as this provides an easy way for organized criminals to purchase the data and misuse it for monetary gain.

The first interaction with a customer provides the most opportunity for fraudulent behavior as companies do not have any baseline information on which to compare the consumer’s information. At the same time, the preventative steps companies take at this entry point to identify verification are often viewed as intrusive, leading to customer abandonment and increased operational costs.

Even with advanced technology, fraudsters remain inventive in their approach to cracking the fraud prevention code. To prepare for the shifting fraud landscape in the U.S., institutions need to understand how fraudsters operate and implement fraud prevention measures that work, yet create minimal friction in the customer experience.

The EMV Evolution
The EMV liability shift encourages the use of chip credit and debit cards to reduce counterfeit transactions – an unfortunately common occurrence in the traditional magnetic stripe cards arena.

While chip cards improve security for in-person transactions, they are far less dependable when it comes to online purchases. Institutions have seen a decrease in traditional counterfeit, and after the EMV liability shift is implemented, these incidences will continue to go down. With this decrease, though, comes the migration of fraud into applications and account takeovers.

Fraudsters are misrepresenting themselves, either by constructing a synthetic identity or taking over an existing one, and transacting online more aggressively than they have before. Experienced criminals can manipulate a phone agent into giving away an individual’s personal information. By changing an email or physical address on an existing account, fraudsters can hijack the account and make unknowing consumers victims of collections efforts for fraudulent accounts opened in their names.

While it cannot be confirmed that the increase in identity fraud we have experienced is caused by the EMV shift in October, there seems to be a strong link. When the European Union and Canada underwent EMV liability shifts, they experienced the same phenomenon – a decrease in traditional counterfeit and a trend toward online and identity fraud.

Impact on the Customer Experience
Institutions cannot rely fully on consumers to take additional measures to protect themselves from online and identity fraud and merchants are loathe to employ measures that diminish the experience of their customers and result in lost sales. It remains imperative therefor for institutions to protect their customers’ identities in a manner that doesn’t diminish the customer experience.

Institutions benefit when they employ technology that does not intrude on customer interactions. Passive identity and fraud checks that go on in the background without direct customer participation are most likely to provide a positive experience for the customer.

By using technology to verify and authenticate identities, recognize patterns of behavior across customer touch points, and corroborate sources, institutions can reduce fraud risk, which improves the customer experience and protects their reputations.

Institutions Need to Leverage Big Data
Companies have started to move toward a trend in corroborating data across multiple sources to increase security when interacting with customers. The more data they can pull together to verify an identity, the better. In order to improve the customer experience while reducing their risk for identity theft, having the most up-to-date and accurate data is extremely important.

As we enter a new era of identity theft and fraud, consumers and companies must make a concerted effort to make it more difficult for fraudsters to obtain and misuse consumer information. The EMV liability shift provides a technology platform that in the long-run will reduce counterfeit fraud. This shift also requires organizations to take a closer look at their identity fraud prevention and identity theft practices to ensure their account applications and transaction processes are consumer friendly, yet safer for all parties involved.

About the Author: Andy Smith is senior vice president of Enterprise Fraud at Equifax and has been with Equifax since 2011. Andy currently oversees enterprise fraud solution development at Equifax for both private and public sector customers. He previously lead the analytical team that develops custom fraud models and scoring tools. Before joining Equifax, Andy was a vice president at Capital One in a number of analytical leadership roles covering fraud, credit, and marketing. He has a demonstrated record of accomplishment in all aspects of fraud, credit risk management, consumer financial services, and profit and loss accountability. Andy holds a B.A. in Criminal Justice from Temple University and an MBA from the Pamplin School of Business at Virginia Tech.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.