Visa said last week that two years after US retailers started deploying terminals that could read chip-based credit and debit cards, reports of counterfeit card fraud have dropped by 70%.
While modern chip-based payment cards —also known as EMV (Europay, MasterCard, Visa) cards after the three organizations that promoted the new technology— are the standard payment card issued in most regions of the globe, the US has always lagged behind.
The reasons are many, but most banks and retailers cited that it would be more costly to issue new EMV cards and replace classic magnetic strip payment terminals with modern devices that could also accept EMV cards.
The US started an EMV push in 2015
But US banks and retailers got a kick in the behind in 2015 after a series of hacks at high-profile retailers such as Home Depot and Target.
Hackers stole a large number of card numbers during those incidents, which fueled a sudden rise in counterfeit magnetic strip cards that criminal groups used to buy products in the names of legitimate account owners.
At the pressure of the US government, US card issuers began a huge push to replace classic magnetic strip cards with EMV chip-based credit and debit cards in October 2015, which eventually forced shop owners to invest in EMV-compatible gear as well.
EMV cards now a force in the US
According to statistics released by Visa last week, EMV adoption among US retailers soared from 392,000 shops in September 2015 to over 2.7 million stores in December 2017, accounting for 59% of all US storefronts.
Similarly, the number of EMV chip-and-PIN cards grew in the US from 159 million in September 2015 to over 481 million in December 2017.
According to Visa, 67% of all Visa cards in the US are EMV-based and have a chip inside it. Furthermore, most of these account for cards associated with active users. Visa says EMV chip cards accounted for 96% of all US payments in December, showing that EMV has already taken over the US market.
FBI: EMV cards are not 100% secure
But while chip-based cards are harder to counterfeit, they are not 100% safe. The FBI warned users in 2015 not to consider themselves safe just because they’re using a chipped card.
Crooks can sometimes create counterfeit EMV cards, albeit harder, but in most cases, EMV users are prone to card-not-present (CNP) fraud.
CNP refers to situations where attackers steal all the card details except the data stored on the chip. These are the details that users enter in online forms when they shop online, such as card number, holder’s name, expiry date, and the card’s CVV code. So instead of using fake magnetic strip cards to empty accounts and buy goods at brick-and-mortar stores, crooks are using EMV card details to shop online, and later resell products for a profit.
Financial and security firms have warned against the rise in CNP fraud, driven mainly by web-based malware installed on online stores, meant to steal payment card data as users enter it in a shop’s checkout/payment page.
Furthermore, another type of CNP fraud has appeared in recent years —called account takeover (ATO) attacks. Due to a large number of breaches at third-party services, crooks are using leaked passwords to gain access to accounts at online shops. If the user has saved his payment card details in his account profile, crooks use it for fraudulent transactions even if they don’t ever get their hands on the card data in the first place.
To read the original article:
https://www.bleepingcomputer.com/news/security/visa-emv-cards-cut-down-counterfeit-card-fraud-in-the-us-by-70-percent/