It would not be unfair to compare some of today’s black hats to the illusionists of yesteryear, as the Target and Neiman Marcus data breaches were tricks of almost Houdiniesque proportions – they occurred right before our eyes, while being almost unbelievable. These massive breaches have since inspired a backlash from bankers, consumers, government officials, and the media; all of which are demanding action to prevent these types of crimes from continuing to occur.
The clamor for improved security has created a groundswell of support among stakeholders for the EMV transition in the U.S. Based on previous experiences overseas, it is expected that EMV will eliminate counterfeit card fraud, while removing the incentive for criminals to compromise card data from POS merchants. Yet, in our attempts to anticipate fraud after EMV is broadly adopted, we are again putting ourselves in a position to be misled. EMV is now closer than ever to being part of the everyday payments experience for U.S. consumers. This has drawn attention and action in response, to the CNP-fraud experience in the U.K. from both the financial industry and merchants here in the U.S. Like following the magic wand, the expectation is that criminals will shift focus from POS to CNP fraud after EMV finds its footing in the U.S. If we were to look more closely, we would notice indications from U.K. card fraud data that we are in for more surprises. Card ID Fraud, the combination of account takeovers and fraudulent applications, more than doubled in the U.K. between 2002 and 2008 (according to the U.K. Cards Association). If the combined total losses attributable to fraudulent new accounts and account takeovers in the U.S. grew similarly over a comparable period (2013 to 2019), fraud losses could exceed $12 billion. While attempting to make an $11 billion problem disappear (which represents the total losses attributable to fraud on existing card accounts in 2013), a larger one could seemingly materialize out of nowhere.
Everyone remain in your seats and stay focused. Despite there being only so much budget-money to go around for fraud prevention, FIs and credit-card issuers need to remain vigilant in protecting card accounts from takeover and in preventing fraudulent new accounts from being opened. For recommendations (#Javelinmagic) on how to protect your customers and your institution, see the 2013 Banking Identity Safety Scorecard, the 9th Annual Credit Card Issuer's Identity Safety Scorecard, and How to Upgrade Online and Mobile Account Opening for an Omnichannel Era: 2013. Post-EMV fraud trends are like a puff of smoke that makes you look to the left as the magician takes the watch from your right wrist. This is not to say we shouldn't prepare for CNP fraud, but let's not get so distracted that we are robbed right before our eyes.