SEATTLE—As expected, card not present fraud (CNP) has increased post EMV, but it’s not an alarming concern, asserts PSCU.
Many payments experts have predicted that as crooks are thwarted at the point of sale by chip cards, online fraud will skyrocket.
But Steve Ruwe, PSCU chief risk officer, said that when current U.S. CNP levels are compared to those of Europe and Canada following their chip card implementation, the U.S. levels of CNP are lower. Ruwe, speaking at CUNA’s America’s Credit Union Conference, also believes the U.S. is on the verge of experiencing a decline in the overall rate of fraud.
One of the reasons Ruwe believes fraud is declining is the effectiveness of EMV.
“What is encouraging,” said Ruwe, “is over the last six months, in looking across PSCU’s portfolio and comparing it to the previous six months, I see a decrease in the rate of fraud. So there is light at the end of the tunnel. Credit unions that have embraced EMV and got moving early are seeing decreases in fraud. EMV will stop counterfeit fraud, that is not rocket science. We’ve seen this all over the world,”
Ruwe pointed out that fraud rates rise and fall over time, hitting lulls, climbing again, and then going back down as merchants and issuers employ preventive measures. As an example, he noted the introduction of CVV codes on the back of plastic in the early 2000s led to a marked decline in fraud.
“Then, of course, the breaches began, Target being the start,” said Ruwe. “Again I think we will start to see fraud go down again, just like in earlier years.”
Ruwe noted that in Canada, following its EMV implementation deadline, the country’s card present fraud went down 40% and CNP has now increased by 140%.
“But it took three years for CNP in Canada to climb by 140%. So Canada did not really see a dramatic increase in card not present fraud for three years. It means we have three years to figure this out,” said Ruwe, adding that fraud prevention technology, and simply fraud prevention knowledge, has increased since Europe and Canada migrated to chip cards. “Do I think the sky is falling now with card not present fraud? No. Do we need to act now collectively on CNP? Yes.”
Ruwe said that Visa’s (Verified by Visa) and MasterCard’s (MasterCard Secure Code) current CNP solutions are not answers.
“However, Visa and MasterCard are coming out with new generations of these efforts—switching from a password environment to a neural environment,” Ruwe explained. He added that tokenization does not yet exist in the online environment.
What is most interesting, said Ruwe, is actions merchants are taking around knowing their customers.
“They are saying I know my customers and I know when the bad guys are online on my site. Merchants are on a mission to build their system. They believe they can ID their customers when they are online,” said Ruwe, about a merchant fraud detection system that would likely rely on neural technology to learn customers’ spending patterns.
But Ruwe cautioned that issuers should be ready to address what may be a compromised online user experience from the merchant effort.
“My concern as an issuer is what does that mean for my cardholders’ experience, such as a more (unnecessary) card declines,” said Ruwe.