Merchants See Dip In Fraud Thanks To Chip Cards

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
Chip cards seem to be making a positive difference. Counterfeit transactions have supposedly decreased as much as 18% from merchants who have updated their systems.

Among the 25 merchants who were suffering the most instances of counterfeit fraud at the end of 2014, five that began processing credit and debit cards equipped with the new EMV technology saw those infractions fall 18.3% as of the final quarter of 2015, says Stephanie Ericksen, vice president of risk products at Visa. Meanwhile, five of those merchants who were not yet equipped to handle chip-enabled cards saw an increase in fraudulent transactions of 11.4%. “We’re seeing EMV is having a positive impact on counterfeit fraud,’’ Ericksen says. “Merchants who implement chip, their counterfeit fraud is going down, while those still finalizing plans, their counterfeit fraud is going up.’’
 
Fraud is going up really high on the merchants that haven't done the switch because the fraudsters know the free ride is about to end, so they're using it hard before they lose it.
 
The US is so far behind at this point they might as well just skip chip cards and just move on to whatever replaces them. 20 years guys, you're 20 years behind and you're not even implementing the pin part of chip and pin.
 
Literally no place I shop uses it yet. Then again, outside of gas stations, and the grocery store, I almost never use a CC in person.
 
i got my new chipped card from chase... 3 weeks later someone is charging on my account in california, im in florida. chase caught it, but 4 charges were all chains, 2 mc donalds, 1 riteaid, 1 autoparts store.
i still hold both cards from the account.
 
They were having a number of issues wth the chip for a wile, some seemed to have it fixed though. I used it for like a week with a failure at certain places, then they disabled it at the registry, then like a couple moths later it came back working...

I think all the kinks are ironed out as far as usage goes... at least in the big places. But still quite a few places that don't.
 
The US is so far behind at this point they might as well just skip chip cards and just move on to whatever replaces them. 20 years guys, you're 20 years behind and you're not even implementing the pin part of chip and pin.
The chips alone defeat cloning, but chip cards are still being shipped with magnetic strips and can be cloned as not all merchants have adopted chip readers.
 
The US is so far behind at this point they might as well just skip chip cards and just move on to whatever replaces them. 20 years guys, you're 20 years behind and you're not even implementing the pin part of chip and pin.

Yup finally catching up to 15 years ago in any modern society. I was totally surprised when i moved to the states how much behind on integrating IT it is over here. They still use physical papers in the government. it takes longer for my wife (Born American) to get her tax papers for the country she is in than it did for me to get them 1/3 around the globe.
5mins vs 5 days. I had to physical go to the water company to give them a void CHECK ( yes one of those 60is things). The first apartment we lived in, we had to pay the rent every month, as in actual doing the action of paying. They didn't support an automatic payment system.

Automatic payment are often bound to your card instead of your account so lost CC or a replaced CC (because you get the new with chip), means you have to redo all the automatic payments you set up. It's crazy unoptimal
 
Yup finally catching up to 15 years ago in any modern society. I was totally surprised when i moved to the states how much behind on integrating IT it is over here. They still use physical papers in the government. it takes longer for my wife (Born American) to get her tax papers for the country she is in than it did for me to get them 1/3 around the globe.
5mins vs 5 days. I had to physical go to the water company to give them a void CHECK ( yes one of those 60is things). The first apartment we lived in, we had to pay the rent every month, as in actual doing the action of paying. They didn't support an automatic payment system.

Automatic payment are often bound to your card instead of your account so lost CC or a replaced CC (because you get the new with chip), means you have to redo all the automatic payments you set up. It's crazy unoptimal

Indeed. Canada has had chip and pin for 10 years(?). You can make automatic payments through your credit card, or more appropriately, they can be made through your bank account. You simply enter all the transit and account digits for your bank account. Cheques are still very much used, especially for small businesses, where costs are still much cheaper than service charges for credit cards. And, as always, cash is king.
 
Well, Europe has done this for a while. It took the US a long time catch up. But, of course, nothing is 100% safe.
 
I really wish data integrity and security had more of an emphasis in business rather than "Return On Investment" and "Increase Revenue, Reduce Costs". This is especially true in IT when you are considered one of the costs to be reduced! Anything that proves to be a barrier in the sale is eliminated, even if that barrier is for better security. I remember one news story involving Home Depot where the most memorable quote, when seeking new software and training in IT, was told, "We sell hammers.". In business school, they teach you about "Return On Investment", but kinda skimp on "Return On Not Investing". And, in many cases, IT upgrade decisions only get approved when it directly affects a member of the executive team.

I remember eating at a restaurant while I was on vacation in Canada back in Fall, 2012. A credit card terminal was brought to my table, where I swiped my card, signed on the terminal, and grabbed the receipt. That would require a wireless credit card terminal (a quick Google search shows that terminal costs $635) plus a WPA2 secured WiFi network plus monthly Internet access. A countertop machine is $160. Guess what the cost-conscious restauranter is going to do?

Often, the emphasis is on convenience and speed instead of security. I believe that two-factor authentication is better than just username and password, but guess what? It takes slightly longer to login. That's a barrier to convenience, and such a barrier might convince someone to switch businesses. Most (because I will get into trouble by saying "all") have the ability to do debit card transactions. However, many still take granny's checks, and granny counts on that check float.
 
This is extremely misleading. First of all the merchants don't pay shit for fraud. It's all passed onto financial institutions. The only reason they became chip compliant is because the government enforced the liability shift putting a little onus on the merchant for the first time ever. While the big boys can handle the fraud expense, it hurts your community banks and credit unions.

The criminals have just shifted to whats referred to as card not present (CNP) fraud. Card present fraud has seen a large decline, but CNP is SKYROCKETING. My FI has experienced 3x the volume of CNP fraud over the last quarter than we ever have. Guess who pays for it? Us.

The US made a huge mistake by a) not following the rest of the entire civilized f'in world and enforcing EMV a decade ago, and b) by not bypassing this stopgap and going straight to tokenization. The expense to become "EMV compliant" was massive and all it did is increase fraud.
 
Indeed. Canada has had chip and pin for 10 years(?). You can make automatic payments through your credit card, or more appropriately, they can be made through your bank account. You simply enter all the transit and account digits for your bank account. Cheques are still very much used, especially for small businesses, where costs are still much cheaper than service charges for credit cards. And, as always, cash is king.
A few things to mention.... The reason the US has been so late to chip and pin is due to cost. It is very expensive to convert over. I work for a national retailer (about 300 stores) and it cost us well over a million to do the conversion last year. During a time when retail sales are declining overall. We did the move for one reason. The liability on fraud shifted from the banks to the retailers for non-emv cards in the long run.

In the US you have always been able to use your checking account for automatic payments too. It is all down to the company you are making payments too. In 1985 I was making automatic payments on my first new car. Today, my Credit Card and car payments are all through my checking account using account and routing codes. I almost never need to wright physical checks. I go through maybe a half dozen checks a year.

It's also worth mentioning that EMV is not a panacea for credit card fraud. While it has lowered fraud over the 10 years that it has been wide spread in Europe (and about 4-5 years in Canada since the liability shift) There have been several notable instances of harvesting account numbers and PINs from European gas pumps and other locations. EMV is only useful against physical access to the card. It does nothing to enhance security for online purchases. It would not be shocking to see an increase in ways around the system once the US is fully EMV.

Don't count the fraudsters out either. Watch this video, it's short, but kind of sobering on how things are done.
 
Adoption rate of EMV terminals is only ~37% last I heard, additionally it doesn't protect against card-not-present fraud.

This - and the rate is actually a little higher now because most of the large merchants have migrated. Like you said it's the CNP that is killing us though. My CU's credit card portfolio is about 8,000 deep and debit around 12,000 (mid-sized CU) and we have extreme amounts of fraud. So much that I may need to hire another person in my card department to make sure that my rockstar back there doesn't have a nervous breakdown.
 
A few things to mention.... The reason the US has been so late to chip and pin is due to cost. It is very expensive to convert over. I work for a national retailer (about 300 stores) and it cost us well over a million to do the conversion last year. During a time when retail sales are declining overall. We did the move for one reason. The liability on fraud shifted from the banks to the retailers for non-emv cards in the long run.

If the liability shift didn't happen, no merchant would have ever become EMV certified. They literally pass all the cost on the FI's. There is a ton of reputation risk involved with a major breach (which I understand costs substantial amounts of money), but I would estimate less than 5% of fraud cases in my career have ever been charged back to the merchant.
 
The first apartment we lived in, we had to pay the rent every month, as in actual doing the action of paying. They didn't support an automatic payment system.

Automatic payment are often bound to your card instead of your account so lost CC or a replaced CC (because you get the new with chip), means you have to redo all the automatic payments you set up. It's crazy unoptimal

Someone I work with was complaining because their new apartment they where moving to REQUIRED automatic rent payments.

Personally I refuse to use automatic debit payments, just like I refuse to use a debit card. I don't want anyone taking money directly out of my bank account before I have a chance to review and if needed dispute the charge.
I'd rather the they charge my credit card (I have one card just for these type of payments to hopefully avoid the lost/stolen card problem). I'll even switch to paperless statements if they'll bill the credit card.
 
Someone I work with was complaining because their new apartment they where moving to REQUIRED automatic rent payments.
I wouldn't like that either. I am curious to know exactly how they require the auto payments to occur..
 
I wouldn't like that either. I am curious to know exactly how they require the auto payments to occur..

A standard auto pay authorization form gets filled out, and faxed to the tenants bank and they transfer the funds from their account to the apt complexes on the agreed to day of the month, for the agreed to number of months. Typically this is done via a checking account, and not by cc or debit card.

I only ever actually require it if the prospective tenant has super shitty credit, other wise it is simply the preferred method of payment. I waive half the deposit as incentive to do it that way.
 
I wouldn't like that either. I am curious to know exactly how they require the auto payments to occur..

You have to allow them to automatically debit from your bank account as a condition of renting the apartment.

My kids private school started doing the same thing. Tuition was mandated to be paid by directly from your bank account. I used a small free checking account and just put enough in it for the payment each month. No way would I give them access to my regular account. Luckily she only went there for a couple years.
 
Meh, I'm skeptical that this has anything to do with the chip. Since we didn't get chip and pin, our chip cards aren't really any more secure than our non chip cards. At this point they are nothing more than a hassle. I am still using all my non chip cards even though I received the chip ones because the transaction with the chips takes so stinking long. I'll continue doing this until they expire in a couple years. Having to sit there with your card sticking out of the stupid machine for the entire transaction is utterly stupid.
 
I am still using all my non chip cards even though I received the chip ones because the transaction with the chips takes so stinking long.

Huh? It should take a couple of seconds, tops. Don't tell me the shops you use use card readers with dial-up! Over here it's done over a secure internet connection.
 
Meh, I'm skeptical that this has anything to do with the chip. Since we didn't get chip and pin, our chip cards aren't really any more secure than our non chip cards.

So you're saying someone can skim your EMV card when you stick it in the chip reader and use it repeatedly for card-present fraud in other locations?
 
So you're saying someone can skim your EMV card when you stick it in the chip reader and use it repeatedly for card-present fraud in other locations?

No, because I'm not a dumbass and won't be putting my card in a skimmer. I've seen them, they are obvious if you pay attention. Honestly if you get your card skimmed you have no one to blame but yourself.

That said, I do support chip cards..If it was chip and pin. What we got instead is garbage.
 
I really wish data integrity and security had more of an emphasis in business rather than "Return On Investment" and "Increase Revenue, Reduce Costs". This is especially true in IT when you are considered one of the costs to be reduced! Anything that proves to be a barrier in the sale is eliminated, even if that barrier is for better security. I remember one news story involving Home Depot where the most memorable quote, when seeking new software and training in IT, was told, "We sell hammers.". In business school, they teach you about "Return On Investment", but kinda skimp on "Return On Not Investing". And, in many cases, IT upgrade decisions only get approved when it directly affects a member of the executive team.

I remember eating at a restaurant while I was on vacation in Canada back in Fall, 2012. A credit card terminal was brought to my table, where I swiped my card, signed on the terminal, and grabbed the receipt. That would require a wireless credit card terminal (a quick Google search shows that terminal costs $635) plus a WPA2 secured WiFi network plus monthly Internet access. A countertop machine is $160. Guess what the cost-conscious restauranter is going to do?

Often, the emphasis is on convenience and speed instead of security. I believe that two-factor authentication is better than just username and password, but guess what? It takes slightly longer to login. That's a barrier to convenience, and such a barrier might convince someone to switch businesses. Most (because I will get into trouble by saying "all") have the ability to do debit card transactions. However, many still take granny's checks, and granny counts on that check float.


You got it right on man. When I first took over 3 years ago, we were using 7-8 year old servers/san with no real backup solution. This is for a ~20m a year company. I quickly came up with a solution and put it on my "then" managers desk. Every 3 months I placed it on his desk for a year, 55k worth of backup. Denied each time! Q1 the second year, 4 drives failed at once...big hoopla over how and why it happened, and I was on the hot seat. Until, I brought out the proposal and the first date I tried for approval. They signed it that day. So f'in stupid, I stg. We got REALLY lucky and were down around 12 hours total. 6 Fri, 6 Mon. Recovered all data and servers. Now THAT is luck!
 
No, because I'm not a dumbass and won't be putting my card in a skimmer. I've seen them, they are obvious if you pay attention. Honestly if you get your card skimmed you have no one to blame but yourself..

Now you're saying there are skimmers that clone the EMV chips?

Why is it garbage to not have the PIN?
 
No, because I'm not a dumbass and won't be putting my card in a skimmer. I've seen them, they are obvious if you pay attention. Honestly if you get your card skimmed you have no one to blame but yourself.

Always with the victim blaming on this forum, your hubris is showing. They are getting very, very good with 3D printers these days. I doubt you would have seen this recent Bluetooth-enabled example:

dt.common.streams.StreamServer.cls


Credit card skimmer found on Vail ATM | VailDaily.com
 
I had no idea that sort of thing was happening. What happened to cash?

The payments are handled through Automated Clearing House (ACH) transfers, and interacts directly with your checking and savings account. For the merchant, it is much cheaper than the transaction fees charged by the credit card processor. For the consumer, however, there are a few less safeguards in case of a fraudulent transaction. Thus, I only use ACH transfers to deposit my paycheck and send money to my mother. It beats the "check float" because I'm one of those folks why hasn't balanced their checkbook since the late eighties.

Oh, guess which major merchant hates the CC transaction fees and the Apple Pay/Android Pay NFC service, and would prefer to use ACH and QRCodes in their huge coughed-up furrball called CurrentC?

That said, I do support chip cards..If it was chip and pin. What we got instead is garbage.

From what I heard, the cost of a non-chipped credit card for the financial institution was only a few centers, while a chipped card can cost about a dollar. That can reduce the executive teams payout for the year. To add a static PIN or (better yet) a dynamic PIN would require a major upgrade to the backend systems. Then, of course, how do you handle the CNP (Card Not Present) such as transactions with web merchants such as Amazon?


And, BTW, here is an article from the SJ Mercury News: Making a purchase at retail a confusing mess, thanks to tech transition.
 
Then, of course, how do you handle the CNP (Card Not Present) such as transactions with web merchants such as Amazon?

Use two factor authentication. They send a text with a code to your mobile like HMRC or an email with a code to your email address like Steam.
 
A few things to mention.... The reason the US has been so late to chip and pin is due to cost. It is very expensive to convert over. I work for a national retailer (about 300 stores) and it cost us well over a million to do the conversion last year. During a time when retail sales are declining overall. We did the move for one reason. The liability on fraud shifted from the banks to the retailers for non-emv cards in the long run.

In the US you have always been able to use your checking account for automatic payments too. It is all down to the company you are making payments too. In 1985 I was making automatic payments on my first new car. Today, my Credit Card and car payments are all through my checking account using account and routing codes. I almost never need to wright physical checks. I go through maybe a half dozen checks a year.

It's also worth mentioning that EMV is not a panacea for credit card fraud. While it has lowered fraud over the 10 years that it has been wide spread in Europe (and about 4-5 years in Canada since the liability shift) There have been several notable instances of harvesting account numbers and PINs from European gas pumps and other locations. EMV is only useful against physical access to the card. It does nothing to enhance security for online purchases. It would not be shocking to see an increase in ways around the system once the US is fully EMV.

Don't count the fraudsters out either. Watch this video, it's short, but kind of sobering on how things are done.

less than 2million for 300 stores? thats what? less than 10k a store?
 
You got it right on man. When I first took over 3 years ago, we were using 7-8 year old servers/san with no real backup solution. This is for a ~20m a year company. I quickly came up with a solution and put it on my "then" managers desk. Every 3 months I placed it on his desk for a year, 55k worth of backup. Denied each time! Q1 the second year, 4 drives failed at once...big hoopla over how and why it happened, and I was on the hot seat. Until, I brought out the proposal and the first date I tried for approval. They signed it that day. So f'in stupid, I stg. We got REALLY lucky and were down around 12 hours total. 6 Fri, 6 Mon. Recovered all data and servers. Now THAT is luck!

There's nobody so zealous as a recent convert.

There's nobody with such a hard-on for good backup strategy as those who've recently lost data (or nearly done so).
 
Why aren't we seeing chip readers at gas stations yet?

Profit margins at gas stations are razor thin, which is why they sell convenience groceries. I've noticed that a bunch of gas stations in my area have closed down during this recent significant reduction in gas prices. I think they just flat out don't have the money for the upgrade, even if it's just a few hundred dollars.
 
Someone I work with was complaining because their new apartment they where moving to REQUIRED automatic rent payments.

Personally I refuse to use automatic debit payments, just like I refuse to use a debit card. I don't want anyone taking money directly out of my bank account before I have a chance to review and if needed dispute the charge.
I'd rather the they charge my credit card (I have one card just for these type of payments to hopefully avoid the lost/stolen card problem). I'll even switch to paperless statements if they'll bill the credit card.


i can fully understand you issues with companies just pulling money out of your account, but this against show how far behind the states is with IT and payments system.
if you lived in Denmark you recieved a paper or digital documet that shows you what is about to be paid, and you can refuse any of them.
and its all gather in one document not differrent cards its so easy to do and check.

if you can you should try living in a modern country and then see how America is sadly more and more looking like a third world country. in average i would think america is aorund 30 years behind
in the 1990. all government document got digitized and a huge digital platform got developed for te goverment. i dont have to wait for a physsical paper arrive. i get an emial notificing me that there is a paper in my goverment inbox. i log on and it just like an email system just only for goverment and bank systems..

in the states the most digital i have seen so far in regards to the goverment i to download a pdf file print it out and write it with apen anf physscial send it back. that like beeing in the 80's
or start 90's.
hell even my tax report have to be send in physical form.... in denmark its again automatic you can go through and change it if you want to for months ana if you have no changes it just goes through easy peasy
no physical papers.

The US just need to take that step into the digital age
 
Back
Top