There has been a recurring theme over the past 12 months as major retailers across the U.S. are continually hit with malware attacks to their POS systems, compromising tens of millions of credit and debit cards, costing consumers and the industry hundreds of millions of dollars.
Recurring merchants are especially hit hard. Adding to the normal 30% annual churn rate of credit cards, recurring merchants can expect significantly more accounts to be closed. Tools available to help combat churn include account updater from Visa and MasterCard, and updater program from Discover, and a comprehensive decline recycling strategy combined with well-timed submissions to account updater programs can save scores of subscription customers. However, it will add to the overall cost of processing and there will remain some fallout with those issuers who don’t participate in the updater programs. Businesses who are not employing those tactics stand to lose about half or more of their customer base.
Beyond the immediate impact of card reissuance, card-not-present merchants are at risk of experiencing increased fraud down the road. Why? The proposed solution that is moving forward – and being pushed into play by many retailers more quickly than the October 2015 Visa and MasterCard mandate – has proven to drive up fraud for online merchants. EMV cards (aka chip cards or smart cards) have been in existence in Europe for many years. Since their rollout in the EU in 2002, fraud in card-not-present channels increased by more than 100%. While offline fraud was reduced to almost nothing, the fraud itself did not decrease; it merely shifted to less secure channels. This same pattern has been seen everywhere EMV technology has rolled out, including Asia and Latin America.
As retailers in the U.S. are moving to EMV, it is increasingly important for CNP merchants to have a strong anti-fraud strategy in place. The basic checks, such as AVS and CVV screening, will likely not be sufficient. There are a number of fraud screening and filtering technologies on the market. The right choice for your business will be determined by a number of factors, including cost, ease of integration with your existing providers, and your overall risk of fraud.
Of course, the increase in CNP fraud has many merchants asking why the push for EMV? Additional measures to help combat fraud in other channels could include standardized tokenization, which is exactly what some merchant groups are advocating. Likely, a combination of measures will be required to help combat the extensive data breaches that continue to happen.
by Melanie Stout Manuel