October 1 marked the credit card industry’s ‘soft deadline’ by which U.S. retailers should have transitioned to Europay, MasterCard and Visa (EMV) chip-enabled card technology. Although many businesses have yet to make the switch, the pressure is now on: starting last Thursday, all merchants that are not equipped for the new cards are responsible for any losses due to credit card fraud. The microchip technology in EMV cards generates a unique, encrypted code for each transaction, making them more secure and protecting against some types of card fraud, such as counterfeiting. Other parts of the advanced world have used this system for years and have seen some success. According to Aite Group, an independent research firm, counterfeit fraud losses in the United States are expected to decline by about 51% after EMV implementation.
However, other types of retail fraud, such as card-not-present (CNP) fraud, are expected to increase. As a result of the tightened security around purchases at the checkout counter, criminals will begin to go the easier route of making fraudulent payments via the Internet or phone instead.
Employees must be prepared for this about-face in fraud behavior. In addition to point-of-sale software training on the new EMV terminal systems, employees should be educated and trained on the new areas of vulnerability. Defensive behaviors and compliance with the Payment Card Industry Data Security Standard (PCI DSS) requirements must be encouraged. Examples of compliance include:
• Verifying the identity of a cardholder who places an order online or via phone
• Notifying supervisors about suspicious card-related activity
• Protecting stored cardholder data and encrypting transmitted data
A new era of data security is coming. A thoughtfully designed risk awareness training program can ensure that employees understand and will exhibit the fundamental defensive behaviors against payment fraud.