Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Comments are moderated and will not appear until the moderator has approved them.
Please submit appropriate comments. Inappropriate comments include content that is abusive, harassing, or threatening; obscene, vulgar, or profane; an attack of a personal nature; or overtly political.
In addition, no off-topic remarks or spam is permitted.
The Future of Fraud in a Post-EMV Chip Environment
"Doug: Your conclusion has me worried about credit-push in an environment where payments are irrevocable." I received this brief email a few days after my latest paper was published on the Atlanta Fed website. In this paper, I explore fraud trends in countries with a fully mature, or close to it, EMV chip card environment—trends we are likely to see in the United States as our EMV chip card implementation matures.
When the topic of EMV chip card fraud comes up, the conversation nearly always makes its way to the documented shift from counterfeit card fraud to card-not-present (CNP) fraud. While that is a fair and valid conversation, times are changing, and we just may need to refocus the fraud conversation, as this email indicates—my emailer was referring to credit-push payments and the fraud that can happen, and is happening, in this environment.
Data clearly show that when countries such as the United Kingdom, France, and Australia migrated to EMV chip cards, CNP fraud rose—in some instances, dramatically. And where the data are available, we can see that the fraud rate for CNP transactions also initially rose. But over the last several years something interesting has happened. Both absolute CNP fraud and CNP fraud rates are declining in some of the countries. While these countries did not have many CNP fraud prevention techniques and tools at their disposal when they first migrated to EMV chip cards, the technology is catching up and they have more tools now. If there was any benefit for the United States from being an EMV laggard, perhaps this is it: we are better equipped to deal with CNP fraud.
But back to push payments. Authorized push payment (APP) fraud, which is a form of credit-push fraud, is a growing problem. In the United Kingdom, the real-time payment system is being used extensively to carry out this type of fraud. Just as other countries didn't have many tools to fight CNP fraud in early EMV chip adoptions, we don't have all the tools yet to mitigate APP fraud.
At the heart of APP fraud is business email compromise, which we've covered in this blog and which was the featured topic in the Atlanta Fed's most recent Economy Matters podcast episode . To read more about this particular fraud trend and other trends the U.S. payments industry should be wary of as our EMV chip card environment matures, be sure to read the paper .
Back to the email I received—it was short, but my reply was even shorter: "You should be worried."