After years of debate, speculation, confusion and rejection, EMV is finally being adopted by the Payments Industry’s single largest market; the USA.
Merchants everywhere, from small single terminal/knuckle duster under-the-counter-just-in-case used books stores, to the World’s largest retailers, service providers, banks and acquiring institutions are making the appropriate changes to their payments systems to be EMV ready for when the mandates will start being enforced in October 2015. This is arguably the single biggest change to happen to the industry since the introduction of electronic payment terminals, over 30 years ago.
Like with any change of such great magnitude, merchants have been mostly focused on EMV-related projects, dedicating the prioritization of budgets, resources, time and man power to the EMV cause. As a result, many merchants are making the same mistake and oversight that their fellow British, Canadian, Australian and Singaporean counterparts made and neglecting to address the single biggest risk that will challenge their businesses post-EMV; online fraud.
There is no denying the heightened security of marrying card to terminal in a post-EMV world reduces the risk of fraud and positively reduces fraud rates in a card-present POS environment. This can be clearly seen in data from other countries who adopted EMV in the last 3-5 years. But what do the fraudsters do when one of their primary channels for card fraud is made increasingly harder to exploit? They search for other channels to profit from and e-commerce/online is where they will inevitably turn their focus in the US, just like they did in other markets, post-EMV.
It is well publicized how strong the growth of e-commerce channels has been in the US and abroad for merchants, as consumers become more comfortable with the perceived security and convenience of shopping online. The rub is in many cases is that trust and comfort has taken years to earn as slowly but surely sceptics became neutrals, neutrals became advocates. But with fraudsters lurking in the shadows ready to prey on online merchants in a post EMV-world, merchants, service providers and banks need to acknowledge the looming threat and put plans in place to secure their online/e-commerce channels. The question of online fraud is not if but when.
The need to reevaluate, replan and retool one’s risk and fraud management strategy is here and now, however many are struggling to just keep up with mandated changes forced upon them, be it EMV, PCI or whatever the powers-at-be come up with next. This evil game of catch up inevitably makes a merchant’s ability to implement more 3rd party services, allocate more IT resources, dedicate more budget and spend to such projects almost impossible.
A new wave of online fraud is coming. The fraud mitigation answer for merchants will be finding new and efficient ways to position their businesses in a proactive state of change; one where adoption of new services, stronger and more manageable business rules and the resultant reduction of manual review queues etc. is achieved at the click of a button vs. years of heavy development, implementation and prioritization.