Three years after the switch to new chip-based credit and debit cards, a study by the National Retail Federation says payment card fraud is still a top concern for large retailers in the United States as criminals move their activities online.
“The implementation of EMV [Europay-MasterCard-Visa] chip cards and chip card readers was supposed to dramatically reduce credit and debit card fraud,” the State of Retail Payments report said. “So why is fraud still the top concern for merchants?”
The report finds that fraud is still the foremost payment-related challenge retailers face, and was cited by 55% of those who were surveyed. EMV chip cards have moved payment card fraud away from stores and toward online transactions, the report said, citing a study showing a 13% increase in Internet fraud last year.
“In a post-EMV world, fraud is shifting from in-person to ecommerce channels, so retailers have been busy bolstering their defenses to mitigate the increasing costs and risks of ecommerce fraud,” the NRF report explains.
To help fight fraud, retailers want better authentication of purchases no matter where they take place. and 33% have implemented 3-D Secure, a system marketed as Verified by Visa or MasterCard SecureCode that is intended to help better authenticate online purchases.
For in-person purchases, 51% of merchants said biometrics would be the best way to verify transactions, and 53% expressed interest in implementing forms such as the fingerprint and facial recognition available on smartphones.
But with that technology limited to phones rather than cards, 46% said the personal identification numbers (PIN) is the best method currently available to approve card transactions.
For purchases made with cards, 95% of retailers said requiring PINs would improve security and 92% would implement it if it were available.
While EMV cards in other countries are chip-and-PIN, virtually all EMV credit cards issued by U.S. banks have been chip-and-signature with PIN available only on debit cards. The major credit card companies stopped requiring a signature last year.
“The chip in an EMV card makes it very difficult to counterfeit the card, but it does nothing to show whether the person trying to use the card is the legitimate cardholder,” says NRF Senior Vice President and General Counsel Stephanie Martz. “If we want to stop card fraud, we need a better way of authenticating users and it should be one that’s affordable, easy and safe.”
Someday the answer might be biometrics or technology that has yet to be invented, she says. “In the meantime, we know PIN can stop criminals dead in their tracks. With no signatures, no PIN and no biometrics, what we have right now is no authentication at all.”
NRF argues a PIN is needed because the EMV chip only prevents the use of counterfeit cards, not lost or stolen ones, and a PIN also provides a backup when the chip malfunctions or is tampered with.
In addition to the focus on cards, retailers have also been installing technology to fight data breaches that allow criminals to steal card data that can be used to commit fraud. The report found 89% of the retailers polled expect to have tokenization in place by the end of next year, and that 80% plan to do the same with point-to-point encryption.
The second-biggest concern was the cost of accepting payment cards, including the swipe fees banks charge to process transactions, cited by 45%.
About 49% of retailers took advantage of routing options required by a cap on debit card swipe fees, rising swipe fees for credit cards remain the subject of litigation between retailers and the card industry.
Chargebacks of disputed purchases, which rose after implementation of EMV by some retailers, is the third-biggest concern, cited by 35%.