Payment Card Roll Call: “Not Present” fraud likely to increase as EMV takes hold
No retailer wants to become the next Target (pun intended). Payment card fraud costs businesses and consumers billions of dollars every year. What’s even more frightening, many of the breaches in the news are the result of innocent participants inadvertently granting access to the bad guys. The Target breach in 2013 exposed the data of 110 million payment cards. Hackers got into the network using perfectly good credentials of the HVAC company. Sometimes password security just isn’t enough, which might bring in to question the security of all those SaaS subscriptions and online shopping sites folks use these days.
EMV chip technology, the standard around the world which has just recently become a standard in the United States, has done a lot to stem the tide of credit card fraud in other countries. As it was implemented in various countries, guess where it pushed the fraudsters? Where the anti-fraud technology wasn’t, of course! The United States was among the laggards in requiring EMV chip technology for payment cards, opening the door for bad guys and turning the US into a veritable haven for credit card fraud, “accounting for nearly 50% of global fraud losses, according to the Nilson Report[1]”.
EMV chip (or chip and pin) technology will go a long way to prevent credit card fraud for businesses accepting payment cards… in-person and counterfeit card fraud, anyway. Online retail, on the other hand, not so much. A chip on the card doesn’t really help when the transaction is completed with the card not present (CNP). Some industry analysts suggest that CNP fraud losses will exceed $6 billion within the next few years, making e-commerce and online payment security a high stakes game for even the smallest of retailers. As it gets more difficult to hack the payment system when the card is presented, bad guys will fall back in even greater numbers to the card-not-present model to find their victims.
Online retailers and service providers must take additional steps to secure their systems and protect customers and business partners, and face the challenge with the understanding that effort must be ongoing as new threats emerge. Tokenization is a prime method of layering the system with security, making the merchant system somewhat less of a worthy target by not storing the card data in the system. Even if the system becomes compromised, the bad guys wouldn’t find customer payment card information. There are numerous other steps a business can take to secure the CNP sales, including applying behavioral analytics which might identify rogue activities, or using 3D Secure to authenticate a cardholder’s identity at the time of purchase. The point is that CNP fraud is likely to spike as EMV technology takes a firm hold in the US.
Card fraud is already escalating rapidly for ecommerce retailers and other card not present channels – it didn’t take EMV to start on that roll but it will surely give it a push. Paperless payment systems, SaaS subscription services and online application service usage are increasing dramatically and there’s no chip to get in the way of these transactions. Sellers of any and every service utilizing online payments need to now pay particular attention to system and information security. The risk has always been there, and EMV chips and other shifts in pay card technology simply give it a push.
Make Sense?
J
[1] Chipping away at Credit Card Fraud with EMV; Information Week Tech Digest powered by Dark Reading, Nov 2015; NilsonReport http://www.nilsonreport.com/publication_newsletter_archive_issue.php?issue=1071
In today’s business world, risk, uncertainty and volatility are just par for the course – everyday realities of simply being in business. Nothing is certain, they say, except death and taxes. Yet there is a fine art to driving profitable growth in a business, and adapting to existing and emerging risk takes a great deal of experience, information and agility. While planning and process development may occur at many levels within the organization, it is the FP&A (financial planning and analysis) capability which helps top performing businesses be top performers.
In most regions around the country high-speed broadband is readily available, and using the Internet for working and playing online is a part of everyday life. Facebook and Twitter and Instagram are household names and just about every conversation starts or ends with a reference to a 
Make Sense?
Information technology and the “cloud” is amazing. With the right IT resources and connectivity, individuals and small businesses are able to compete at global levels with much larger organizations, and are proving that placing focus and attention on the right aspects of the business helps the business perform better. The right IT approach is to use technology to make the business smarter so more gets done in less time and with fewer resources – this is wearing the bunny slippers. The goal is leveraging systems, software and connectivity to be more efficient and effective, creating the time to stop and think for a while, innovate, or simply relax.
When I first started my business, like many start-up operations, I decided to 
When Intuit introduced QuickBooks Online, however, the tried-and-true solution known as “QuickBooks” became something very different at first glance, creating the need to educate the market about the continuing existence of desktop QuickBooks products as well as the newer online QuickBooks product. Differentiation of the two is not really the “desktop” versus “online” moniker – Commercial Hosts for QuickBooks, who essentially 
Cooper Mann Consulting 