FIS Modern Banking Platform
Advance your bank with a modern core platform.
The State of EMV: Card Not Present Fraud Escalates Globally
August 08, 2017
Maria Schuld I Group Executive – Financial Services Group
Implementing EMV has cost issuers and merchants billions – $22 billion just in the United States, according to industry researcher Aite Group. While that money is a positive when it comes to cutting down on fraud at the point-of-sale and other card-present situations, it also has served to increase the amount of card-not-present (CNP) fraud. In the U.S., EMV enablement has soared during the past year on the credit side of the ledger. However, debit enablement still trails significantly due to the additional complexity associated with debit transactions.
Currently, 97 percent of FIS’ credit issuers are issuing EMV cards, while just under 70 percent of debit issuers are issuing EMV cards. Despite the complexity of dealing with both global and regional networks, the percentage of FIS’ debit issuers issuing EMV cards has doubled since a year ago.
Issuers have not converted 100 percent of their customer bases, but instead, are generally waiting until cards expire to save on costs. As a result, less than one-fifth of card-present transactions last year in the U.S. were EMV, according to EMVCo.
Mass Enablement Programs Drive EMV Penetration
While the U.S. has lagged other nations in adopting EMV, mass enablement programs for smaller issuers are helping their efforts to catch up quickly. For example, FIS worked with its customers in mass to move through the adoption cycle quickly and reduce costs associated with implementation. All of the database preparation was conducted as one massive project vs. hundreds of individual ones thereby enabling community institutions to get EMV to market faster and more affordably.
- Statistics from Nilson show the enormous costs of card fraud: Losses reached nearly $22 billion globally in 2015, up more than 20 percent from a year earlier.
- Global, general-purpose cards – American Express, Diners Club, Discover, JCB, Maestro, MasterCard, VISA and UnionPay – account for 86 percent of global card volume and 90 percent of gross fraud losses.
- Nearly three-quarters (72 percent) of card losses are suffered by issuers.
- Fraud losses suffered by merchants are mostly related to CNP transactions and are growing rapidly as more consumers purchase online.
- In 2015, the United States accounted for 23 percent of global purchase volume but a whopping 39 percent of global card fraud losses, which underscores the price of lagging behind other countries when it came to adopting EMV.
Lessons from Canada and the United Kingdom
With only one debit network, Canada came on board with EMV quickly. Card fraud rose but not significantly until 2014 – 2015, when it jumped from $360 million to $537 million, according to a report from the US Payments Forum. CNP fraud accounted for 76 percent of all card fraud in 2015.
The United Kingdom has seen the same pattern of fraud. According to the US Payments Forum report, 70 percent of the country’s £618 million fraud loss in 2016 was due to CNP fraud. Digital e-commerce fraud surged nearly 20 percent from the previous year.
What’s Needed Next: A Fix for CNP
It’s easy to see that even as some types of card fraud are tamped down with chip cards, CNP fraud will continue to escalate until new fraud-fighting tools are harnessed to reverse the trend. Unfortunately, there is no quick fix.
What’s needed are solutions to mitigate fraud for CNP transactions in the same way that EMV has reduced fraud for point-of-sale transactions. For that to happen, the industry must enlist consumers in the battle, while simultaneously adding new strategies and tools to shut down fraudsters rather than sending them to another access point.
To that end, FIS has conducted mass enablement for tokenization alongside customer adoption of the mobile “pays,” such as Apple Pay and Samsung Pay. Other potential fixes include dynamic, risk-based authentication tools – tools to track and verify data elements such as IP addresses, geolocations, and device IDs, for instance.