Why we need more than EMV alone to tackle the cost of CNP fraud

Last updated: 31 October 2019

CNP fraud tops the list of concerns for payment and card industry executives according to a 2015 survey – and it’s not hard to see why.  In the US alone, CNP fraud has resulted in $3.1 billion of losses this year and is projected to cause $6.4 billion by 2018. Worldwide, the situation is even more alarming, with CNP fraud making up around 70% of crime on EMV markets.

CNP fraud affects a variety of stakeholders:

  • Consumers – being a victim of CNP fraud can undermine consumer confidence in the online transaction system. It can also cause a lot of stress and inconvenience due to the impact of claim resolution, as well as card number and security credential changes.
  • eMerchants – some merchants might not have a liability shifting protection measure, which means they will have to take responsibility for the cost of fraud, hitting them hard financially.
  • Acquiring banks are also affected by CNP fraud due to the expenses induced by claim and chargeback processing.
  • Issuing banks – not only do issuing banks have to deal with the costs of claims, processing chargeback and organizing the re-issuing of bank cards, they may suffer significant reputational damage.

Clearly, it’s crucial that security solutions address this threat – as multiple parties are affected. Not only are these losses unsustainable, but the scale of crime jeopardizes consumer confidence in online transactions at a time when enthusiasm should be sky-high given developments in the IoT.

CNP fraud can be difficult to prevent due to the problem of verifying whether the user who inputted the card details is the genuine cardholder. One potential (albeit partial) solution is a wider introduction of EMV cards, which minimizes the dangers of in-store payments. EMV card payment brings multiple advantages, but can’t stop the online threat adequately, though.

EMV cards also cost significantly more than magnetic chip cards. This higher cost is understandable as EMV cards are more secure thanks to an embedded microprocessor, which is virtually impossible to copy or edit. The chip contains more information than a magnetic stripe, and boasts significant processing power – hence the higher price (a stolen EMV card is 3-4 times the value of a normal card). Consequently, they’re effective at preventing counterfeit fraud. However, as we’ve mentioned, they do not eliminate the threat of cybercrime, since attackers are still capable of gaining sensitive information and completing online transactions on behalf of unknowing cardholders. EMV payment can prevent fraud, but needs to be supplemented by effective digital security solutions.

To supplement EMV, we’ve developed a Dynamic Code Verification system which provides an effective solution by creating a security code that evolves continuously. Every twenty minutes, cardholders will see a different security code on the back of their card, which they can enter when completing a transaction online. This makes it far more difficult for fraudsters, who rely on collecting static card information. DCV prioritizes consumer convenience and security. You can find out more in the videos below.

What do you think about the rising cost of CNP fraud and prevention measures? Let us know by tweeting to us @Gemalto or post a comment below.