A year after the much-heralded deadline to better safeguard consumer transactions with new chip-equipped payment cards and systems, we’re left with disappointing results due to several deployment lapses by the credit card industry. As expected, fraudsters have found new ways to plague the American public despite the earnest effort of merchants.
According to the recently released Global Fraud Attack Index, fraud attacks in the United States have increased 26 percent since the October 2015 deadline. Predictably, fraud grew at its highest pace in the digital goods category — a staggering 186 percent increase — as those transactions are predominantly conducted online where newly issued chip cards are useless as currently configured.
The transition to chip cards was supposed to do more to curtail fraud. While some instances of fraud have declined, chip cards have driven thieves to target other consumer transactions like online purchases.
How did we get here?
The global card brands and banks erred from the get-go by first issuing chip-enabled cards — otherwise known as EMV cards — that require signatures instead of PINs. Then they were ill-prepared to do their part in facilitating the transition to new EMV payment terminals.
Chip and PIN is a proven technology that has been used by most of the developed world for years. Rather than relying on signatures, chip and PIN employs a more secure two-step verification process: after the microchip embedded in the card encrypts account information, consumers enter a secret PIN to authenticate the cardholder.
Chip and PIN presents the best viable solution available today to authenticate a consumer during in-store or online card purchases. Web-based PIN authentication technology is a readily available tool that can be deployed to better secure online transactions. If your card is lost or stolen, it would be useless unless the fraudster also knew your PIN. It’s the tool the public deserves to combat runaway fraud in e-commerce.
Unfortunately, it seems unlikely card brands will rise to the occasion and do the right thing by arming consumers with better payment technologies like chip and PIN. Instead, they remain stubbornly committed to using signatures — the one thing almost anyone can forge, if it’s not outright ignored in the first place — to try to stop sophisticated thieves.
In reality, signatures have been successful in doing only one thing — providing the basis for card networks to offload their fraud-related costs associated with their own lackluster products onto both banks and merchants through an archaic chargeback process. Merchants bear anywhere from 70 to 100 percent of all e-commerce fraud losses according to multiple Federal Reserve studies. More worrisome, consumers are still left unnecessarily vulnerable to common forms of fraud that can disrupt their lives and cause untold headaches.
In the absence of more secure credits cards and broader use of PINs online, merchants have long tried to fill the void by safeguarding online transactions as their popularity continues to grow. The Department of Commerce recently reported that e-commerce sales reached $97.3 billion — a nearly 16 percent increase compared to last year’s second quarter.
That’s why merchants have been at the forefront of creating and implementing their own risk-based assessments to improve online security, like algorithms which look for fraud and risk scoring techniques behind the scenes. What’s more, merchants long ago employed tools like encryption and tokenization that credit card networks are just now coming around to.
While progress has been made, there is still more work to do. The menace of fraud continues, but merchants are committed to providing a more secure, frictionless payment ecosystem for all consumers even if the card brands remain reluctant to improving the security of their financial products.
Mark Horwedel is CEO of the Merchant Advisory Group – an organization representing most of the largest merchant and franchisee businesses in the United States. Thinking of submitting an op-ed to the Washington Examiner? Be sure to read our guidelines on submissions.
