EMV (Europay, MasterCard and Visa) credit and debit cards have finally seen widespread adoption in the USA, at least on the consumer side, with 70% of people now owning one. America is still in the transition phase towards universal adoption of chip cards, especially given the fact that a sizable number of retailers still don’t accept them, but is nevertheless making steady progress.
Although retailers have been liable for fraudulent card transactions since October 2015, this elongated transition is presenting a growing problem with ‘card not present’ (CNP) fraud. Since credit card fraud at the POS (point of sale) is much more difficult to execute with EMV technology, criminals are instead beginning to more heavily target CNP transactions, particularly online payments. The key to this approach is that it’s difficult to verify the authenticity of a credit card transaction when the retailer is not present to inspect the card itself, as is the case in a store for example.
Consequently, a recent study by Tender Armor found that 78% of online shoppers want more protection for their card data, and that 56% of cardholders shop less and cut back on card usage following a fraudulent transaction. The study also indicates that this blow to consumer confidence in online security is directly affecting the prosperity of the ecommerce industry:
“Consumers stated that their online shopping declines after a fraud event. Lower card usage, card account attrition, and less shopping are the silent revenue killers for FIs and merchants alike. Avoiding these long-term ramifications, is in the industry’s best interest. It ensures consumers feel safe clicking the ‘buy’ button.”
How, then, can we ensure consumers feel safe when clicking the ‘buy’ button? There are already measures in place to achieve this, usually related to data protection. SSL Certificates in particular are important to this end, and have become a universal signal of trustworthiness in ecommerce, while remaining accessible for smaller online retailers to install via companies like this one. A padlock logo in the address bar is a simple, clear and effective way to comfort shoppers that none of the information they are inputting is being redirected away from the ecommerce site.
Phishing is also a key battleground, in security terms, to combat fraud and tighten ecommerce security, but must cut both ways. In other words, it’s not enough for an ecommerce retailer to promote vigilance against scams internally, they must also make the dangers as clear and plain as possible to their customers. Unfortunately not all consumers are equally tech-savvy, so it’s vital to help them understand what to expect from your correspondence, and therefore how to identify a phishing scam.
There is one more crucial aspect to this security concern, however, and one that information security experts have no control over. That is, the old fashioned variety of identity fraud whereby the details required to authenticate a CNP transaction on your credit card are stolen ‘offline.’ A criminal may still look through your trash, steal your mail, and so on. No amount of digital security measures can prevent credit card fraud if someone has already acquired all the necessary data. Therefore, developments in security on the internet must come hand in hand with increased consumer awareness and responsibility for information security.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.