The introduction of EMV chip cards made huge strides in decreasing fraud, but only for in-store transactions. The increased security of credit and debit cards using chip technology has driven fraudulent traffic to CNP transactions and e-commerce. Card Not Present (CNP) Transactions are those that occur when the card is physically not present (online, over the phone, mobile transactions, etc), and therefore do not utilize the chip feature that EMV cards have. According to Visa, fraud has decreased 70 percent from October 2015 (when chip cards were introduced in the United States) to December 2017. However, chip cards are just as susceptible to CNP fraud as magnetic stripe cards.
Over the course of the year, the number of merchants using chip-enabled terminals more than doubled, with 39 percent (or 1.81 million) of all merchant locations using EMV technology. The majority of these merchants - 82 percent of them - were small and medium-sized businesses. Chip transactions comprised just about half (49 percent) of total payment volume in card present transactions.
With CNP fraud on the rise since the EMV chargeback liability
ALERT: If you use a gateway or virtual terminal for payment processing --- Pay Special Attention (Remember, most integrated POS systems connect to a gateway).
EMV in the US has made life only slightly more difficult on fraudsters, finding the new security too cumbersome to overtake. So instead of wasting time hacking POS systems, hackers have taken to bypassing them altogether and focusing their criminal efforts on hijacking merchant Gateway accounts. They are accomplishing this simply by "acquiring" Gateway API credentials and Gateway user credentials, and are finding merchants to be ideal prey.
Do you remember the magic eight ball as a kid? Does he/she like me? "It is decidedly so!" Will I pass my exam next week? "Ask again later." Will the Browns win the Superbowl? "Outlook not so good."
But we are no longer in high school, and while some of those questions and answers are still surprisingly relevant, today's questions for merchants should without a doubt be about credit card security. Because in today's world of card transactions, merchants cannot be too careful. We are constantly bombarded with news from retailers, both large and small, of hacks and attempts that can cost both consumers and merchants dearly. It warrants taking a minute to analyze your existing card security, and ensure your payment processor is "on the ball" (no magic required).
Here are 3 questions every merchant should be asking their payment processor: