As the United States makes its long-awaited move to EMV, there has been a lot of discussion about the inevitable rise in card-not-present (CNP) fraud. And with good reason—the organized crime rings behind so much of the industry’s financial fraud will not simply sit back and take the hit to their profits as the opportunity to commit counterfeit card fraud dries up. They will adjust their tactics. Virtually every other country that has made the move to chip cards has seen a precipitous rise in CNP fraud, and the same will likely be true for the United States.
Another fraud spike is lurking, however: application fraud, which has also seen significant increases in many countries as they moved to EMV. With the U.S. arrival of EMV removing the opportunity to perpetrate massive amounts counterfeit fraud, criminals will instead use synthetic and stolen identities to obtain their own cards. As the below figure shows, Canada saw application fraud rise threefold during the first few years of the migration to EMV, as did Australia.
The U.S. application fraud spike has the potential to be more dramatic. Why?
The U.S. banking market is much more fragmented than others, with fierce competition for new credit and debit card customers sometimes leading to more relaxed onboarding criteria than used in other countries. Further, when other countries such as the U.K. and Canada migrated to EMV, they saw a considerable increase in cross-border counterfeit fraud, as fraudsters counterfeited cards and brought them to the mag-stripe dependent U.S. to use. Since the United States is the last G-20 country to move to EMV, no equivalent non-EMV card market will exist to serve as an outlet for cross-border counterfeit fraud. As crime rings seek to recoup the US$3 billion in losses that will result from the gradual elimination of U.S. counterfeit fraud, the relative lack of cross-border fraud opportunity will put more pressure on application and CNP fraud.
FIs planning to change to EMV need to assess their own application fraud controls. Some key questions that U.S. FIs should ask before the shift:
- How current are our current processes? How do they compare with the best-in-class solutions?
- How robust is our ability to detect synthetic fraud? Ring-based bust-out activity? True name fraud?
- Do we have a solid feedback loop in place to allow us to not only detect an uptick in application fraud but also to also adjust front-end controls as needed?
With just 10 months remaining before the EMV liability shift takes effect, the clock is ticking.
If you were fascinated by this topic and wanted to hear more from Julie Conroy, she’ll be speaking at Deluxe Exchange 2015 on this very topic. Her session is called “Cybercriminals Are Standing By to Take Your Customers’ Order, Data, and Identity” where she’ll examine the latest threats and ways in which FIs can defend themselves while preserving the customer experience.
Reserve your spot by registering for DX15 today and if you this discount code, BLG6254, between today and 12/24/14 at midnight you can save $250 off our full registration price.