Account Takeover Fraud on Debit Cards Surge
By Ryan Wilk
As the US continues it conversation to EMV (Europay Mastercard and Visa), it will be interesting to see how this technology will affect an already mature e-commerce market. Unlike its European counterparts that felt the instant onslaught of e-commerce fraud once EMV was implemented, the US is in a far different position. The American market has had the benefit of 14+ years of e-commerce risk technology enhancements that did not exist when Europe made the transition. Along with this the US has been in the unique position having to absorb the effects of EMV being implemented worldwide.
A major trend that we have been seeing is the massive surge in fraudulent account creation. Just since February of this year we have observed a 100% increase in accounts being created for nefarious means. Between May – June, nearly half a billion accounts were flagged as fraud, up 28% from the first quarter of 2015. This highlights the growing value fraudsters are seeing in using aged accounts in an effort to circumvent traditional fraud detection systems that place a level of trust in an aged authenticated account.
Unlike other examples of EMV deployment around the world the US is taking a far different approach. Many issuers have decided to implement chip and signature as opposed to the more secure chip and pin technique being used by most other EMV deployments. While switching to chip and signature makes card cloning far more difficult, it has done nothing to make the POS transaction any safer. Overall we have simply converted from an inexpensive mag-stripe to a far more expensive embedded chip. On top of this, many US merchants have not yet switched over to EMV even as the October 2015 deadline has come and gone. Some merchants are even publically saying that they will disable EMV during the holiday season due to the added time it takes for the transaction to process, again showing that ease of use and speed of checkout is trumping security. All of these developments continue to point to a far reduced post-EMV e-commerce impact in the United States.
While EMV is something that e-commerce merchants should be concerned about, a far greater threat to their business is the continual risk of Account Takeover. We continue to see fraudsters spending huge amounts of effort to take over existing customers accounts and reaping great rewards. As e-commerce merchants work to build a full service ecosystem within their web properties, the risk of valuable personal and financial information being stolen out of these accounts is on the rise.
Once compromised, the fraudster has access to personal information, stored digital products, and the greatest prize, access to stored payment information that can simply be used to transact at will. It really begs the question: If you are a fraudster, why go to the trouble of stealing one credit card, when one account can give you a far greater value? Because of this, merchants must be vigilant in protecting their user’s data, and the trust and safety that their users have placed in their brand. All the more reason for merchants to switch from traditional single point fraud detection systems that are regularly circumvented by fraudsters, to real-time continual behavioral analytics that can identify their trusted good users and mitigate the risk all at the same time.