October 1st represents the deadline for most merchants to accept Europay, MasterCard, and Visa (EMV) chip-equipped credit cards at their terminals. Should a merchant only process payments with the familiar magnetic stripe reader, and end up taking a counterfeit card, liability for that transaction falls upon the merchant.
At first glance ecommerce pros may see this as an issue for only their brick-and-mortar counterparts. However, several industry leaders told EcommerceBytes of how the shift to EMV on the physical side could bode ill for online sellers. Some entrepreneurs on Etsy voiced their liability concerns, which were later addressed by Etsy.
“The good news is that Etsy is the merchant on record for all Direct Checkout sales (including those processed using the Sell on Etsy card reader), and Etsy will absorb the liability for credit card losses (including chargebacks) when we find that they resulted from third-party fraud,” the company said.
Payment processing businesses like PayPal and Square have been working to inform and prepare their customer bases for the forthcoming EMV shift. A PayPal spokesperson noted the company’s outreach began earlier this year, providing US merchants with information to facilitate the shift.
Also, PayPal’s new Here card reader supports EMV chip and mag-stripe cards as well as the growing number of contactless payment methods “like Android Pay, Apple Pay, Samsung Pay and whatever else comes next.” (Be sure to read more information about your liability on the PayPal website.)
At Square, that payment processor is also offering to mitigate the liability shift for its customers. A Square spokesperson told EcommerceBytes that the company “will cover EMV liability shift-related charges for Square sellers who pre-order the new Square Reader.”
“Our new reader for contactless and chip cards is our flagship reader because it promotes authenticated, more secure payments for our sellers and its NFC capabilities are faster and more efficient than EMV for customers,” Square said. Sellers can pre-order it for $49.
Near-field communication, or NFC, is the technology enabling contactless payment methods.
Such advances in technology offer opportunities beyond the expected legitimate uses. Industry professionals at security-oriented firms like LexisNexis and Kount warn of the unintended yet potential consequence of EMV technology prompting criminals to shift focus to more online crime.
LexisNexis recently released their annual True Cost of Fraud study, which held a number of disconcerting insights.
“The study shows fraud is eating up most of the retail gains made this year, merchants lost 1.32 percent of revenue to fraud in 2015, up 94 percent from 0.68 percent in 2014. This is big news as the shopping season, when merchants tends to see increases in fraud losses, is right around the corner,” the company said. They also provided these ecommerce findings:
- Large eCommerce merchants spending $115 thousand annually on fraud mitigation while losing 1.39% of revenue to fraud
- Mobile Commerce merchants hardest hit, spending $133 thousand annually on fraud mitigation while losing 1.68% of revenue to fraud
- Online merchants saw fraud spike 13% while brick and mortar saw a 15% drop
- Debit card fraud surged to 30% as fraudsters make a last-ditch effort before the EMV implementation Oct. 1
Aaron Press from LexisNexis told EcommerceBytes his firm has already seen some positive and negative effects of the shift to EMV, and they anticipate “the process will accelerate in the coming months.”
Regarding the move by merchants to properly-implemented EMV processes and their effect at reducing fraud, Press noted, “EMV, is likely, however, to have the opposite effect on Card Not Present (CNP) fraud, such as ecommerce. Experience in other countries has shown that when fraudsters can no longer use stolen credentials in the store, they will switch their efforts to CNP.”
LexisNexis advises ecommerce pros to add “additional layers of protection such as robust identity validation, risk scoring, and device fingerprinting to their process.” Press recounted how recent data breaches underscore the “need for high quality identity data.”
Don Bush, VP of Marketing at Kount, told EcommerceBytes of a brutal number behind surges in CNP fraud. “We know this because CNP fraud has increased in every market that EMV has been implemented (the UK experienced a 350 percent increase in CNP fraud losses from the adoption of EMV in 2001 until 2008).”
Bush also noted, “The usual trend during the EMV process is for CNP fraud to double in the announcement phase, double in the implementation phase, and then continue to increase. The potential amount of CNP fraud for the US will likely be even greater as it is undergoing this transition after ecommerce has matured over the past few years and ecommerce retailers have worked to minimize online transaction friction.”