Alliance Activities : Publications : Fraud in the U.S. Payments Industry

Fraud in the U.S. Payments Industry: Fraud Mitigation and Prevention Measures in Use and Chip Card Technology Impact on Fraud

Publication Date: October 2009

Fraud is a growing and ever-changing problem for the payments industry. As new payment technologies are introduced and new fraud prevention and detection techniques are implemented, criminals look for the new weakest point in the system to exploit. The current weakest link for card fraud is the magnetic stripe payments infrastructure, which, as other countries implement EMV-compliant chip cards and infrastructure, is increasingly being attacked in the U.S.

The industry has implemented a variety of both preventative and mitigating measures to deal with card fraud. Unfortunately, the vast majority of U.S. payment transactions still move the same static account numbers, authorization codes, and transaction information across the industry’s private and semiprivate networks. While the networks that carry those data elements have changed–from dial-up to IP communications to wireless–the data hasn’t.
The solution to the fraud problem is not better protection of data nor better fraud detection techniques alone. The solution is to incorporate dynamic data into payment transactions, so that stolen account or transaction information is rendered useless.

The U.S. payments industry has already made a major first step in this direction. Contactless payments, as currently implemented in the U.S., help reduce card-based fraud. Current contactless payment devices generate dynamic cryptograms, similar to those generated by EMV payment cards, and the existing payment network infrastructure–as it is–can handle the current cryptogram. Merchants, acquirers, processors, payment brands, and issuers have all implemented the changes needed to accept the current generation of contactless payment cards and dynamic data. Generation and verification of dynamic data reduce the possibility of skimming, merchant server attacks, and use of counterfeit cards. Use of dynamic data, plus other existing fraud detection techniques, provides an effective solution to card-based fraud without any changes to the current infrastructure. Every additional contactless transaction reduces the possibility of fraud.

To further the momentum of current contactless deployments, the U.S. payments industry needs additional infrastructure investment. Merchants, acquirers, and issuers need to continue to invest in infrastructure that supports dynamic authentication. Contactless payments have been delivering benefit to payments process participants since their introduction in 2004 through improved convenience, faster throughput, increased number and size of transactions, and greater customer satisfaction. By also providing a solution to card-based fraud, contactless payments delivers an even more compelling business case for the industry.

Planning for these investments should be undertaken now to determine the optimal distribution of cost over time. These plans should also include the eventual migration of the U.S. to globally-interoperable EMV cards and terminals. Once EMV-enabled, the United States will benefit from the same highly secure and globally interoperable payments infrastructure as the rest of the world.

This white paper was developed to discuss how the changes to the payments infrastructure are expected to affect card-based fraud in the United States and how different technologies can address this fraud. The white paper provides an overview of current fraud levels in the U.S. and of projected trends based on anticipated changes to the payments infrastructure.

The different approaches used by the U.S. payments industry to combat fraud are described, including both preventative measures and mitigating measures. The white paper also examines the opportunity presented by new technologies and processes, particularly chip card-based technologies and processes, to help mitigate card-based fraud losses.

The white paper concludes with a discussion of U.S. contactless payments deployment and its impact on increasing the security of the U.S. payments infrastructure and reducing fraud, and describes how contactless chip technology can eventually lead to the deployment of globally interoperable EMV cards and terminals in the United States.

About the Smart Card Alliance Payments Council

The Payments Council is one of several Smart Card Alliance technology and industry councils. The Council was formed to focus on facilitating the adoption of chip-enabled payments and payment applications in the U.S. through education programs for consumers, merchants, issuers, acquirers/processors, government regulators, mobile telecommunications providers and payments service providers. The group is bringing together payments industry stakeholders, including payments industry leaders, merchants and suppliers, and is working on projects related to implementing EMV, contactless payments, NFC-enabled payments and applications, mobile payments, and chip-enabled e-commerce. The Council’s primary goal is to inform and educate the market about the value of chip-enabled payments in improving the security of the payments infrastructure and in enhancing the value of payments and payment-related applications for industry stakeholders. Council participation is open to any Smart Card Alliance member who wishes to contribute to the Council projects.

Payments Council members involved in the development of this white paper included: Dynamic Card Solutions, First Data Corporation, Gemalto, Giesecke & Devrient, IBM, INSIDE Contactless, KeyPoint Consulting, MasterCard Worldwide, Visa Inc., ViVOtech.