By Jack Lynch
Great progress has been made by issuers and merchants in the adoption and deployment of EMV technology, and EMV cards have been largely successful in deterring and preventing fraud in card present transactions. Presently, more than 50% of U.S. cards are chip-enabled, about 40% of U.S. merchants accept chip cards and counterfeit fraud at chip-enabled merchants has declined 52%.
That is all positive news, but some new trends are now driving the fraud environment. Innovation is one such force, as fintech companies increasingly gain access to account data through their relationships with their financial services client companies. In doing so, they are attracting the attention of criminals as potential targets. The increasing incidence of data compromise events, coupled with the rising rate of fraud globally, are other factors influencing the payments fraud environment.
Fallback transactions have experienced resurgence with the adoption of EMV chip cards. Where the term used to refer to any alternative method to process a card transaction, such as manually keying an account number, EMV fallback refers to transactions that revert to magnetic stripe mode when the terminal cannot process the EMV chip data. Fallback minimizes cardholder inconvenience when POS terminals malfunction, but fallback transactions can present risk for covering chargebacks or fraud losses.
2 Types of EMV Fallback
There are two types of EMV fallback: Implementation Fallback and Standard Fallback. Implementation fallback represents two thirds of all fallback transactions and refers to transactions that revert to magnetic stripe or signature mode due to terminal hardware or software issues. Standard fallback represents one third of fallback transactions and means the chip terminal is functional, but the chip was inserted improperly or “disguised” in an attempt to force a fallback to a magnetic stripe transaction.
Credit unions should fully understand fallback transactions and their implications on chargeback and fraud loss expenses. If there is counterfeit fraud involving a chip-issued card at a non-chip-enabled terminal, then the merchant who did not upgrade the terminal is responsible for any fraud, meaning the issuer can chargeback the fraud to the merchant. However, if the terminal is enabled to read chip cards, but the transaction is conducted using magnetic swipe, then the issuer is responsible for the liability for fraudulent transactions if the issuer authorizes the fallback transaction.
One best practice for mitigating risk from EMV fallback transactions is to use analytics tools to identify which members are experiencing fraud on their EMV cards, why it is happening and which merchants are associated with the fraudulent transactions. This analysis and reporting can help identify the members’ cards with faulty chips and get those cards replaced. The analytics can also isolate particular merchants that experience a high incidence of fallback fraud to better inform the credit union’s fraud detection algorithms.
Valuable Insights
Monitoring reports from your processor for fallback transactions will provide valuable insight. Several fallback transactions on a single cardholder may indicate a defective card, or the need for member education, or it may indicate a counterfeit card in use. Several fallback transactions from a single merchant may mean a terminal, processor or a PIN debit network not properly configured. Fallback fraud aside, fraudsters have set their sights on the more lucrative opportunity available with Card Not Present (CNP) transactions.
With CNP transactions, industry fraud experts recommend the use of 3D Secure 2.0 technology and adopting risk-based authentication to replace static passwords. Using dynamic authentication methods optimized with Verified by Visa (VbV) presents less challenges and better fraud protection.
Savings, Plus a Better Experience
Another component of CNP fraud is the cost to recover losses. Aite Group estimates these losses are on track to rise from $2.9 billion in 2014 to $6.4 billion in 2018. Fortunately, new tools are entering the market to help issuers reduce losses from CNP fraud. For example, PSCU recently partnered with Ethoca for an alternative to more rapidly and efficiently recover these losses – including low value transaction write-offs and 3-D Secure transactions.
Confirmed fraud transactions reported by PSCU Owner credit unions are sent to Ethoca for immediate distribution to more than 5,200 leading ecommerce merchants worldwide, covering more than 205,000 merchant descriptors. These merchants act on alerts immediately by stopping the fulfillment of fraudulent orders and issuing cardholders a refund. This faster, more efficient process takes just hours instead of weeks, preventing criminals from monetizing their crimes. Credit unions can now expedite the recovery of fraud losses – all while ensuring a better experience for cardholders.
Jack Lynch serves as Senior Vice President, Chief Risk Officer leading PSCU’s Fraud and Risk Management Operations Area. Jack has over 25 years of leadership experience delivering operational services, project management, client implementations, process re-engineering, account management, training and technology services.