07 Jul EMV Cards and Your Business: What You Really Need to Know
With compromised credit cards and credit card fraud dominating the news these days, credit card issuers have taken things into their own hands and switched from magnetic stripe cards to EMV compliant credit cards. EMV, which stands for Europay, Mastercard and Visa, represents a global standard for card chips and the technology that enables the seamless and secure interaction between the chip-cards and electronic card terminals.
Traditional cards use a magnetic strip with data that never changes throughout the lifetime of the card. Once a fraudster gets the data held on the card, it can be used over and over again. With EMV cards, however, every time the EMV card is used for a transaction, a new transaction code is created that can only be used once. Thus, if a hacker were to gain access to the transaction terminal data and transaction codes, that data would be useless since no further transactions could be processed. In such cases, the card would automatically be declined.
The introduction of EMV cards greatly reduced the prevalence of card counterfeiting fraud, which was the type of fraud in the traditional chip cards era. However, another chip card fraud variant is on the rise with the introduction of EMV technology –Card Not Present (CNP).
How to Ensure Your Business Is Protected from CNP Fraud
Verify the Customer’s details and transaction information
Before shipping goods ordered through a CNP transaction, make sure you have the customer’s phone number and call to verify the transaction information. Hackers are unlikely to be able to provide such verification, due to the fact that in their rush to get the most out of the credit line before the fraud is exposed, they usually order randomly and do not save this type of information.
Carry out due diligence on priority shipment orders
An expensive priority shipment request may likely end up being a fraudulent transaction. Your senses should become even more alert if a free shipping option has not been exercised. When you get such suspicious orders, it’s important to properly check everything out BEFORE shipping.
Examine orders from existing customers that vary from known patterns
If you receive an order from a repeat client that does not fit the pattern of past transactions, contact the customer and confirm the transaction.
Use Fraud Protection Tools
The following is a list of the most established card chip fraud prevention tools available:
- Address Verification Service (AVS) – AVS lets you compare the billing address provided by your customer with the billing address on the card issuer’s file. Both addresses should be the same.
- Card Security Codes – Card Security Codes are the 3-digit numbers located on the back of every MasterCard (CVC 2), Visa (CVV2), and Discover (CID) cards, close to the signature panel, and the 4-digit numbers on the front of American Express (CID) cards, positioned above the card account number. Card Security Codes allow you verify that a cardholder is actually in physical possession of the card being used for the CNP transaction. Recurring transactions will usually not have a CVV since this information cannot be stored, however do send the CVV in with the initial transaction if possible.
- Verified by Visa and MasterCard SecureCode – These are services offered by the two Credit Card Companies to better secure online financial transactions and prevent card fraud. MasterCard SecureCode and Verified by Visa allow cardholders to authenticate themselves with their card issuers by making use of personal passwords created upon registration with the programs. In addition to protecting e-merchants and online shoppers from fraudulent unauthorized use of cards, the programs also reduce the possibility of chargebacks. However, adoption of these technologies in the US has been limited due to the additional security steps involved.
- PCI Compliance – Businesses accepting card payments must be compliant with the regulations specified by the Payment Card Security Data Security Standard (PCI DSS). The PCI DSS includes protective including data security management, network architecture and software design.
Maintain a Fraudulent Transactions File
Finally, you should develop and maintain a “negative” internal file recording fraudulent transactions that you were not able prevent. If your system spots a new transaction containing information that matches data in this file, your system should be designed to draw your attention to that fact and warn you of a likely risk. Once you’re in-the-know, you can then carry out an examination of the transaction to verify it’s legitimacy. Third-party fraud services aggregate the negative file across thousands of merchants, thereby multiplying its effectiveness.
EMV cards have reduced the overall incidence of credit card fraud, especially when the cards are used physically. When the cards are used for card-not-present (CNP) transactions, however, the protection EMV cards offer is greatly diminished and the EMV card can be fraudulently manipulated in the same way as its predecessor, the magnetic strip card. The good news is that by following the steps listed above, you can ensure that your business is, to a large extent, protected from CNP fraud.