Last updated: 19 March 2014
To continue our discussion about popular myths and misconceptions about EMV payment cards, let’s talk about card-not-present (CNP) fraud – the kind where the merchant never sees you or your card. In other words, the merchant never verifies that the person making the transaction is the legitimate cardholder by checking the signature or seeing that a PIN was validated by the terminal.
Myth: EMV payment cards don’t help to reduce ecommerce and online CNP fraud.
Truth: EMV payment cards enable powerful CNP fraud solutions.
With EMV chip technology, it is widely accepted that card-present transactions, the kind where you pay in-store, will become much more secure.
However, card-not-present transactions, when consumers buy online, inherently carry additional risk for fraud because a stolen card number could be used to conduct transactions illegally.
Currently, merchants tackle card-not-present fraud by asking for a billing address and for the 3-digit security code on the back of the card, which, as most in the industry agree, does little to deter fraudsters. With EMV payment cards, new, more secure options for card-owner verification will be possible, even for card-not-present transactions.
This is because EMV payment cards are often equipped with features meant to add security to card-not-present transactions, such as one-time-passwords, on-card displays, or features accessible via personal card readers. Using an EMV card with one or more of these authentication tools effectively ensures that the card-owner and the card are both present during the transaction.
While in America we are still in the early stages of adopting these types of card-not-present security measures, ecommerce and CNP fraud has been reduced using such tools outside the US.
However, progress is being made. American banks are steadily embracing these more secure payment cards. MasterCard and VISA each currently offer card-not-present solutions for customers (namely, CAP and DPA). If you are interested in upgrading your card’s security, ask your card provider about its solutions. You may be surprised to find that your bank is already offering some advanced card security.
A popular solution for large American banks has been issuing “display cards”, which use a one-time-password coupled with an EMV chip to add a layer of strong security to online banking transactions.
Both card-present and card-not-present fraud need to be tackled together to provide comprehensive security to our payment ecosystem, and we’re still in our infancy for both. It’s up to merchants and banks to implement new protections, and with EMV payment cards, a new arsenal of tools is at their disposal.