And the good news is that card fraud losses at terminals in the EU are at their lowest level since 2005. It looks like much of it is down to EMV, which limits the effectiveness of card skimming strategies, although the excitable clever people are telling us that it’s down to geo-blocking, fraud monitoring and fraud detection. I am not sure how true this is as I would think that these techniques are more suited to preventing fraud on non-EMV transactions.
Since the ability to clone and create a usable EMV card is non-existent, the opportunities for fraud using EMV cards are seriously limited. It is well established that there can be no duplicate EMV cards. If this is the case, then an EMV card must either be in the hands of its rightful owner, or it must be lost or stolen. If it is in the hands of its rightful owner, then there is no fraud, and if it is lost or stolen, there is essentially a four hour window of opportunity for any would-be criminal. Adding geo-blocking, fraud monitoring and fraud detection is not going to identify lost and stolen EMV chip cards.
Geo-blocking, fraud monitoring and fraud detection are more suited to payment ecosystems that rely more on mag stripe, and can be effective in the e-commerce world. The reduction in fraud that we have seen over the years is due primarily to the introduction of EMV – in the UK – back in the early part of this century. It is now spreading out and we are reaping the benefits. If you want to see how much benefit we are reaping, look at the card fraud levels in the US.
The impact of reducing the opportunity for fraud in one sector is to increase its presence in others. We are inevitably going to be seeing a growing number of social engineering attacks, as the vulnerability of people is now greater than the vulnerability of the card payment systems. We need to be looking at finding ways of preventing the growing financial losses associated with current accounts.