Banks know technology is often the key to providing their customers and clients with a seamless and secure commercial experience. However, like any established anti-fraud solution, chip-and-PIN technology stacks its fair share of benefits and drawbacks.
Nearly twenty years on, has Chip-and-PIN lived up to its hype? Is there an alternative?
This article will reexamine chip-and-PIN technology: how it works and why merchants need it, despite its shortcomings. It will also divulge why a multi-tiered approach to fraud prevention is the best approach one can take.
How Does Chip-and-PIN Technology Work?
“Chip-and-PIN” is shorthand for using EMV microchip-enabled credit and debit card technology in conjunction with EMV-compliant hardware and software and a PIN code. This technology is designed to improve the security of credit and debit card transactions.
Chip-and-PIN technology benefits most transactions as it limits the use of stolen or manipulated cards. It’s been around for years, but with the addition of mobile wallet technology, it’s become an increasingly convenient procedure for brick-and-mortar merchants.
Mobile wallets combine the tokenization software embedded in EMV microchips with near-field communication (NFC) to enable secure contactless payment technology. This technology is generally the safer option for merchants who accept contactless payments. It’s far from a universal solution, though.
There are still some situations in which manual PIN entry is an absolute necessity. It’s important if:
- payments are over the contactless limit ( £100 in the UK)
- the card is used for numerous back-to-back contactless transactions
- a customer is using their card for the first time
- a customer exceeds the contactless payment limit of £300
Before chip-and PIN, fraudsters often used skimmers or other methods of card copying to steal legitimate card details. Magnetic swipe cards feature static data that is relatively easy to replicate or counterfeit during checkout.
Since EMV technology was deployed using a chip-and-PIN method, there is no static data to steal. Dynamic encryption software embedded in the microchip changes each time the card is used, making it exceedingly difficult for fraudsters to crack or replicate.
How Can Chip-and-PIN Transactions Benefit Merchants?
To better understand why the technology is a vital component of any fraud prevention strategy, it’s essential to recognize chip-and-PIN’s positive impacts on eCommerce.
First, chip-and-PIN is more secure. While it is true that contactless payments are the preferred use of this technology, chip-and-PIN cards are more secure no matter how they are used. The reason is due to the dynamic encryption software hardwired into each chip.
Magnetic stripe cards often hold the same information regarding the cardholder’s account. They ultimately lack the encryption required to secure those payments, though.
68.16% of the global market shops with chip-enabled debit. If a customer does not input the correct PIN information, their transaction will be denied, preventing many instances of fraud.
Second, it can be faster and more convenient when combined with contactless technology.
Contactless cards are up to ten times faster and more efficient than cash or traditional swiped or inserted cards, which invariably increases the speed and accuracy of consumer payments.Customers may still insert or swipe chip-and-PIN cards to make purchases. However, adding the contactless variety diversifies merchants’ payment options and encourages customer loyalty and confidence.
While this data is encouraging, be aware that no prevention solutions are ever 100% effective against fraud. Chip-and-PIN authentication is a vast improvement over previous technology, but it still features vulnerabilities of which you should be aware.
Downsides of Chip-and-PIN
Despite how swift, practical, and sophisticated chip-and-PIN technology is, it will never prevent every act of fraud. There is no program or platform on earth capable of such a feat.
Chip-and-PIN cards and contactless terminals are indeed more secure than their predecessors, but there are still points of weakness to consider.
Fraudsters are Moving Online
Unfortunately, EMV encryption isn’t as effective against eCommerce fraud as it is in the brick-and-mortar retail space. Terminals can utilize NFC data and EMV encryption to authenticate a cardholder with card in hand, but neither is effective when card details are imputed online.
It should be noted that accounts of card-not-present fraud escalated after the EMV liability shift in 2015. By 2019, CNP fraud accounted for approximately 76% of the total value of all card fraud in the UK.
In the US, for every dollar spent online, $3.60 will be lost to CNP fraud, bringing the average fraudulent CNP transaction value from $126 to $155 between 2020 and 2021 alone. This is a spectacularly large issue that chip-and-PIN technology is ill-equipped to stymie on its own.
Digital payments present far fewer challenges for cybercriminals to surmount. In a post-chip environment, opportunistic fraudsters view eCommerce as the path of least resistance.
Chip-and-PIN is Useless Against Friendly Fraud
Of additional concern is that first-party threats like friendly fraud and cyber shoplifting aren’t as straightforward as traditional credit card fraud. Seemingly-legitimate customers commit first-party fraud. And, unlike direct credit card fraud, friendly fraud occurs post-transaction.
When fraud is committed after the fact, it’s nearly impossible to stop or predict. Yet, the act of friendly fraud will likely be responsible for up to 61% of all incoming chargebacks by 2023.
Friendly fraud is not a concern that any fraud-predictive or pre-transactional software can remedy. Therefore, it stands to reason that its solution oscillates between technology and prevention.
We Recommend Multi-Tiered Solutions
Chip-and-PIN technology is not perfect, but it is diversifying. Encouraging merchants to include contactless payments with their POS systems and CRM software can significantly impact the efficacy and convenience of in-store payments.
While there is less certainty involving CNP transactions, these insecurities can be mitigated by integrating contactless EMV chip technology with other fraud tools like AVS, CVV, and geolocation is a fantastic place to start. Combining these factors into a dedicated and cohesive fraud prevention strategy would double the merchant’s odds of stopping CNP fraud in its tracks.
Including a comprehensive chargeback prevention and management strategy in this plan could bridge the gap between contactless payments and CNP fraud prevention. How? Simply put, by increasing the accuracy and speed of the authentication process, merchants would also be armed to respond to and manage incoming first-party disputes and fraud. With more accurate decisionsing and faster response times, many acts of CNP and friendly fraud might be avoided altogether.