Credit Card Processing Blog
Are You EMV Ready? Growth Opportunities And Fraud Prevention Checklist
As of October 2015, U.S. merchants are financially responsible for any card fraud resulting from them not having properly implemented EMV technology. Despite significant coverage of this regulatory change, an American Express survey of small businesses revealed that found that almost 50% of respondents were unaware of the fraud liability shift. The same survey found that more than two-thirds (67%) of small merchants indicated that protection against and prevention of payment-card fraud was very important to running their businesses.
There is a cost attached to installing EMV payment systems, but the potential financial liability of not doing so could be significant and particularly damaging to small businesses. If a customer pays with an EMV chip card, and your business does not have an EMV compatible system in place, and fraud occurs, you will be liable for all resulting losses. Adopting EMV opens up opportunities for success for Ecommerce entrepreneurs. A readiness checklist can also help entrepreneurs handle the new fraud-related challenges of the technology.
EMV Growth Opportunities
As well as the additional security EMV technology provides cardholders, merchants also benefit from a number of significant advantages and growth opportunities:
• New EMV-enabled POS systems are standardly available on a SaaS subscription model. This reduces upfront costs for merchants and offers greater flexibility due to no long-term contractual commitments. Cloud-based EMV-compatible systems also lead to a mobile POS experience that is not tied to a back office server. This also facilitates easier and more regular system updates as new releases can be downloaded to all connected devices remotely, allowing them to adapt to new requirements, like EMV, far more seamlessly than the traditional systems.
• EMV-chips can also be embedded in mobile devices. This means that merchants who have adopted EMV technology can take increasing advantage of payments via mobile wallets and payment options. An improved, and secure, customer experience on payment from mobile devices offers great potential to boost sales.
• Tightened card and PIN security and the fact that payments are verified locally, rather than being sent to the credit card processor when using EMV compliant POS systems will likely result in fewer fraud-related chargebacks for merchants as the number of lost and stolen credit cards, and the prevalence of skimming decline.
• Seventy percent of U.S. credit card holders have EMV chip cards, according to CreditCards.com. However, according to research by cardhub.com, 42% of retailers are still not able to accept these cards. Having already integrated EMV POS systems, therefore, gives merchants a significant competitive advantage. They can take their customers’ payments.
Fraud Adapting to the EMV Environment Puts Ecommerce Merchants at Risk
EMV-technology makes it very hard for fraudsters to counterfeit cards or use stolen cards in store due to the necessity to input a PIN rather than swipe and sign. As a result, one side effect of EMV integration is an increase in online ‘card not present’ fraud.
The following checklist outlines the most important processes online Ecommerce businesses should implement in order to substantially reduce their vulnerability to the card not present fraud within the new EMV environment.
1) Train Staff to Manually Review Suspicious Transactions
All of these clues may be present in legitimate transactions but are an effective way to flag potentially suspicious transactions. Have you trained your staff to consistently review orders that display the following signs of potential fraud?
Orders significantly over the average transaction value
• Different billing and delivery addresses
• Small orders with expensive expedited delivery charges
• Unusual destinations for orders eg. 90% of your orders are shipped to in-state addresses and you receive a shipping address in Europe.
Transactions which exhibit a combination of these telltale warning signs should be particularly prioritized.
2) Update Gateway Settings to Reject CVV & AVS Errors
Banks may still sometimes approve transactions where there is a CVV or AVS discrepancy. However, merchants still have the choice as to whether they will then let the transaction go through. A wrong CVV almost certainly means the card being processed is not in front of the buyer. A mismatch on the AVS is more common due to changes of address etc. Neither necessarily means any particular transaction is fraudulent, and merchants are understandably hesitant to lose legitimate orders by employing too strict a policy. Nonetheless, adjusting settings to reject transactions with CVV and AVS errors certainly goes a long way to preventing instances of fraud.
3) Upgrade to Advanced Fraud Services
The majority of gateways offer an additional screening of transactions beyond CVV and AVS matching, designed to flag potential fraud. Inexpensive solutions tailored to the needs of small businesses are now standard and should be taken up by all Ecommerce merchants. Additional checks include, though are not limited to, irregularly high use of the same card, multiple failures within a particular time period, and international orders which qualify as high risk.
Tokenizing customers’ credit card data, a security system which replaces crucial parts of the data with ‘tokens’ via mathematically irreversible proprietary algorithms, protects an E-commerce business from potential database hacks. This both keeps the merchant’s server free of card data, de-incentivizing hackers, as well protecting clients’ card data. Multi-use tokens mean that repeat transactions can still be made by customers without them having to input their card details for each new purchase.
Simple but Effective
Protecting your Ecommerce business from avoidable instances of online fraud does not have to be either an onerous or expensive process. By implementing the above checklist of simple processes and screens, you will have gone a long way to achieving a secure level of card, not present fraud prevention. You will then be able to concentrate on the positives and growth opportunities that EMV adoption provides.