By the end of 2015, 70 percent of U.S. credit cards and 41 percent of U.S. debit cards will have security chips — called EMV for Europay, MasterCard MA +0.71%, Visa V +0.78% — according to the Aité Group.
While Europe, Canada and Mexico have had chipped cards for years — usually with a chip and a PIN (personal identification number), the U.S. card issuers have studiously avoided the more secure, but more expensive, cards. To some extent American issuers didn’t need the card-based security. Unlike Europe, the American card industry had grown up with cheap telecommunications, so merchants could check cards in real-time as they accepted a card in payment. American technology vendors also developed very sophisticated, if sometimes alarmist, tools to detect fraudulent card use. Really, should a New Jersey resident’s $30 gas purchase in Massachusetts trigger an alert just because she rarely ventured so far from home?
Anyway, as other countries went to chip and PIN cards and the U.S. continued to rely on a less secure magnetic stripe, the predictable occurred. Just as having two loud German shepherds makes it likely thieves will move to the house next door, America’s continued reliance on mag stripes has made it an attractive target TGT +1.26% for card fraud.
“The fraud rate has doubled from 5 basis points to 10 basis points now,” said Julie Conroy research director in retail banking at Aité Group. “It speaks to the fact that criminals are targeting the U.S. because we are the weakest link in the chain.”
Even now most American card issuers aren’t going with chip and PIN, preferring chip and signature.(The dearth of chip and PIN cards from American issuers has caused problems for Americans traveling in Europe — see story on left). Conroy said that the American card issuers have mostly gone for chip and signature which is less expensive and less complicated to issuers than chip and PIN, where the PIN has to be mailed separately and lost PIN card replacement becomes more complicated.
“Last year about half [of issuers] were leaning to chip and signature, 25 percent chip and PIN and another quarter undecided,” Conroy explained. “Now the vast majority is chip and signature, one is going chip and PIN and four are undecided.”
Lost/stolen cards, which is where PIN is most valuable, make up only 13 percent of U.S. fraud, she added, while cyber-criminals have shown with incidents like Target, Neiman Marcus and other card data thefts that they can do vast damage without possessing the actual card.
“Issuers are addressing the biggest point of pain with chip,” Conroy added. “I had so many issuers tell me that if you look at the business case, and the attrition risk if our user experience is more cumbersome than that of our competitors. They are going with the numbers [chip and signature] and I think that makes sense.”
At the same same, time card networks have been pushing hard to get their cards accepted at unmanned kiosks, such as train stations in Europe, where PINs were required in the past That will help avoid inconvenience to American travelers who don’t have PIN cards. (I still find it hard to understand why American card providers didn’t offer chip and PIN to their cardholders who traveled to Europe frequently. And when they did provide chip and PIN cards, they didn’t show them on their Web sites or inform call center reps that such exotic devices existed.)
Two rather widely separated catalysts have accelerated the adoption of EMV in the U.S., according to Conroy. The 2010 eruptions of Eyjafjallajökull, the Icelandic volcano, stranded many Americans in Europe for weeks, forcing them to rely on cards that weren’t always widely accepted in businesses like restaurants and train stations at night where unmanned terminals required chip and PIN. Then came the Target card breach which exposed 40 million card holders.
Still, said Conroy, at Charles deGaulle airport in Paris Americans can expect to find long lines at the two agents who take signature cards, while PIN cards can be used in kiosks.
“Visa [which last year told me rather vehemently that chip and signature was quite enough for the American market] has pushed PIN in other geographies. The investment is already there. If you look at the U.S. market, we have a unique set of consumers. As one issuer put it —’We are not convinced Americans can learn to do two new things at once.’ ” Sadly she did not name the source of that comment.
“As you look at the competitive pressure in the U.S., it is so much more significant than in other countries. We have 14,000 banks and credit unions competing for consumers’ business. Nobody wants consumers, who have 3.4 other credit cards in their wallet, to have a bad experience with one card and then send it to the back of their wallet. A number of issuers said they wish it had been done five years ago because they are getting killed by the fraud; the counterfeit card fraud is increasing 20-30 percent year on year. We are the last G-20 country to go to EMV and the fraud rings behind it are organized crime rings with P&L demands.”
The transition will be challenging, she added.
“We are going to have all these different permutation of transactions at point of sales (POS). Some will be EMV-enabled with EMV terminals, some terminals will be ready and some cards will have fraud assessment challenges. It will be a big task for issuers and you can be sure fraudsters are aware of it and will prepare attacks.”
Some companies are using traditional analytics to confront fraud, while others are looking at big data capabilities to improve insight into customer behavior, she added.
“They want to understand this is the behavior of my customer to avoid declines. Some issuers have the capabilities to leverage the same big data stack for marketing, although many of the capabilities of the issuers are still pretty siloed.”
While Europe, Canada and Mexico have had chipped cards for years — usually with a chip and a PIN (personal identification number), the U.S. card issuers have studiously avoided the more secure, but more expensive, cards. To some extent American issuers didn’t need the card-based security. Unlike Europe, the American card industry had grown up with cheap telecommunications, so merchants could check cards in real-time as they accepted a card in payment. American technology vendors also developed very sophisticated, if sometimes alarmist, tools to detect fraudulent card use. Really, should a New Jersey resident’s $30 gas purchase in Massachusetts trigger an alert just because she rarely ventured so far from home?
Anyway, as other countries went to chip and PIN cards and the U.S. continued to rely on a less secure magnetic stripe, the predictable occurred. Just as having two loud German shepherds makes it likely thieves will move to the house next door, America’s continued reliance on mag stripes has made it an attractive target TGT +1.26% for card fraud.
“The fraud rate has doubled from 5 basis points to 10 basis points now,” said Julie Conroy research director in retail banking at Aité Group. “It speaks to the fact that criminals are targeting the U.S. because we are the weakest link in the chain.”
Even now most American card issuers aren’t going with chip and PIN, preferring chip and signature.(The dearth of chip and PIN cards from American issuers has caused problems for Americans traveling in Europe — see story on left). Conroy said that the American card issuers have mostly gone for chip and signature which is less expensive and less complicated to issuers than chip and PIN, where the PIN has to be mailed separately and lost PIN card replacement becomes more complicated.
“Last year about half [of issuers] were leaning to chip and signature, 25 percent chip and PIN and another quarter undecided,” Conroy explained. “Now the vast majority is chip and signature, one is going chip and PIN and four are undecided.”
Lost/stolen cards, which is where PIN is most valuable, make up only 13 percent of U.S. fraud, she added, while cyber-criminals have shown with incidents like Target, Neiman Marcus and other card data thefts that they can do vast damage without possessing the actual card.
“Issuers are addressing the biggest point of pain with chip,” Conroy added. “I had so many issuers tell me that if you look at the business case, and the attrition risk if our user experience is more cumbersome than that of our competitors. They are going with the numbers [chip and signature] and I think that makes sense.”
At the same same, time card networks have been pushing hard to get their cards accepted at unmanned kiosks, such as train stations in Europe, where PINs were required in the past That will help avoid inconvenience to American travelers who don’t have PIN cards. (I still find it hard to understand why American card providers didn’t offer chip and PIN to their cardholders who traveled to Europe frequently. And when they did provide chip and PIN cards, they didn’t show them on their Web sites or inform call center reps that such exotic devices existed.)
Two rather widely separated catalysts have accelerated the adoption of EMV in the U.S., according to Conroy. The 2010 eruptions of Eyjafjallajökull, the Icelandic volcano, stranded many Americans in Europe for weeks, forcing them to rely on cards that weren’t always widely accepted in businesses like restaurants and train stations at night where unmanned terminals required chip and PIN. Then came the Target card breach which exposed 40 million card holders.
Still, said Conroy, at Charles deGaulle airport in Paris Americans can expect to find long lines at the two agents who take signature cards, while PIN cards can be used in kiosks.
“Visa [which last year told me rather vehemently that chip and signature was quite enough for the American market] has pushed PIN in other geographies. The investment is already there. If you look at the U.S. market, we have a unique set of consumers. As one issuer put it —’We are not convinced Americans can learn to do two new things at once.’ ” Sadly she did not name the source of that comment.
“As you look at the competitive pressure in the U.S., it is so much more significant than in other countries. We have 14,000 banks and credit unions competing for consumers’ business. Nobody wants consumers, who have 3.4 other credit cards in their wallet, to have a bad experience with one card and then send it to the back of their wallet. A number of issuers said they wish it had been done five years ago because they are getting killed by the fraud; the counterfeit card fraud is increasing 20-30 percent year on year. We are the last G-20 country to go to EMV and the fraud rings behind it are organized crime rings with P&L demands.”
The transition will be challenging, she added.
“We are going to have all these different permutation of transactions at point of sales (POS). Some will be EMV-enabled with EMV terminals, some terminals will be ready and some cards will have fraud assessment challenges. It will be a big task for issuers and you can be sure fraudsters are aware of it and will prepare attacks.”
Some companies are using traditional analytics to confront fraud, while others are looking at big data capabilities to improve insight into customer behavior, she added.
“They want to understand this is the behavior of my customer to avoid declines. Some issuers have the capabilities to leverage the same big data stack for marketing, although many of the capabilities of the issuers are still pretty siloed.”
No comments:
Post a Comment