October 1, 2015. This was the key date by which the liability would shift from the merchant processor to the merchant if a card present transaction was fraudulent because the merchant used a magnetic swipe versus the chip on the card to make the sale. One of the main goals of the EMV conversion was to decrease Card Present Fraud. Since the chip changes for each transaction and it is harder to replicate, thieves can no longer use skimmers to copy the card information off the old fashioned magnetic stripe on the credit card. As such, retailers now need to make sure their Card-Not-Present (CNP) transactions are as secure as possible, since hackers are most likely turning to this avenue to steal sensitive card information. Consequentially, CNP fraud tools have been introduced in the marketplace. The move to EMV has more merchants looking closely at these and emerging tools. Here’s a rundown of the most commonly used CNP tools (www.greensheet.com, issue 16:08:02):
- Address Verification Services and Card Verification Numbers, supported by card companies and issuers.
- Proprietary and shared data on customers, high-risk cards, email and IP addresses, and similar information.
- Tokenization, in which card values are replaced with different values (tokens), so there is no need for merchants to store sensitive data.
- Device authentication, critical when customers use mobile devices, this tool confirms devices are legitimate as well as users’ locations, based on things like IP geolocation information and device fingerprinting.
- 3-D Secure, a secure communications protocol promoted by the card brands, requires consumers to enter unique PINs to verify that customers are who they say they are. Adoption to date has been lackluster, although it may be poised to grow. CyberSource’s 2016 benchmark report indicated that 23 percent of merchants use this validation method and that an additional 20 percent plan to use it.
As you process credit cards at your business, be sure to always use the chip card to run the transaction using the EMV terminal given to you by Credomatic Merchant Services. In the event that the transaction is CNP, be sure to use the above mentioned tools as well as Address Verification and CVV2 verification to prevent fraud. Contact Credomatic Merchant Services if you have any doubts in adopting these fraud prevention tools at your business.
