We've been discussing EMV credit cards a lot these days because by October 1, 2015, most card issuers will have sent out these chip-enabled cards to customers. That's important for a few reasons:
- Financial institutions are switching from magnetic stripe cards to EMV cards (aka chip cards) to help reduce card-present fraud and bolster security for customers.
- Merchants are expected to be EMV-compliant by October 1.
- Merchants who don't have chip card readers by that date will inherit the liability for card-present fraud made possible by swiping the magnetic stripe of a chip card.
In case you missed all the talk, our infographic can help get you up to speed, and the post "3 Things that Can Make You Liable for a Data Breach" can give you a better idea about when you can be held liable for in-store credit card fraud.
The shift to EMV cards is expected to reduce in-store fraud, but according to research by Trustev, an online fraud prevention tech provider, it won't do anything to protect against online fraud. In fact, Trustev predicts e-commerce fraud will rise 106 percent in the United States three years after the EMV switch. That prediction is based on what happened in other countries three years after they became EMV-compliant:
- Online retail fraud rose 100 percent in Canada and Australia.
- E-commerce fraud rose 89 percent in the United Kingdom.
But that doesn't mean your online shop is doomed to be hacked left and right. To prevent as much fraud as possible, e-commerce businesses should take the following precautions.
1. Use the available fraud prevention tools.
That may mean using an address verification service (AVS), which allows you to compare the billing address to the address the card issuer has on file for the card. If the addresses don't match, it may be a stolen card. You should also request card security codes for a card-not-present (CNP) transaction. This extra step ensures the buyer has the physical card in hand at the time of payment.
2. Watch out for red flags.
Unlike your legitimate customers, thieves tend to not care if they are charged a premium for shipping costs. You may want to verify when buyers chose pricy next-day shipping options.
And if you see a repeat customer make an unusual purchase, validate the order. It's an opportunity to connect with the customer and look out for their security, too. For more low-tech ideas, check out UniBul's card-not-present fraud prevention tips.
3. Invest in authentication services.
Sometimes high-tech risks call for high-tech management. If you process a high volume of online sales and can't take the time to personally validate all orders that may or may not be fraudulent, it may make sense to use a service that monitors CNP transactions. For example, RSA Adaptive Authentication for eCommerce scopes out threats in real time by looking at more than 100 fraud indicators.
Other related services can tokenize data so that if criminals capture it, they can't do much with it. Essentially, tokenization removes the account number on the payment card from your database and replaces it with a string of random letters and numbers. You can learn more about these advanced e-commerce fraud prevention techniques in RSA's whitepaper "Card-Not-Present Fraud in a Post-EMV Environment: Combating the Fraud Spike" [PDF].
5. Carry Cyber Liability Insurance.
The hard truth: criminals may still find a way around your fraud prevention measures and your best cyber security defenses. That's why it's smart to have a response plan in place that can help you manage the cost of a data breach. Cyber Liability Insurance can help pay for credit-monitoring services, customer notification, and good-faith advertising after your e-commerce business has been hacked or compromised. To learn more about data breaches and how they impact small businesses, read "Data Breaches Cost 2.5x as Much as Burglary."