Fraud Losses Increase as U.S. Lags on EMV Chips

Fraud losses on U.S. credit and debit cards, after years of decline, now appear to be on the rise again. And one key culprit, according to experts, is this country's slow adoption of technology that will improve security.

Last week, Discover Financial Services (DFS) disclosed in its annual report that its fraud losses in fiscal 2012 totaled $93 million — or 70% higher than they were two years earlier, even after adjusting for rising transaction volumes.

While industry-wide data is scarce, there are signs that other card issuers are seeing similar trends.  Capital One Financial (COF), for example, reported a 20% increase in volume-adjusted fraud losses, between 2010 and 2011. It has yet to release fraud data for 2012.

"I am hearing this story across the board from all major issuers," says Julie Conroy, a research director at Aite Group who advises financial institutions on how to combat fraud. "And unfortunately, most issuers I speak to expect this to get worse before it gets better."

By historical standards, U.S. fraud losses remain low, industry sources emphasized. And the loss rates are still small enough that stock analysts generally shrug them off. Even so, the recent trend suggests that criminals have at least temporarily gained the upper hand in the cat-and-mouse game they play with U.S. card issuers.

One major reason for the rising losses here, according to experts, is that it has become harder to commit fraud in countries that have switched over to EMV cards. Those new cards rely on computer-chip technology that makes counterfeiting difficult. So criminals around the world are looking more often to the United States, where magnetic stripe cards remain more vulnerable to breaches.

"We're the weakest link around the world," says Sanjay Sakhrani, a card industry analyst at Keefe, Bruyette & Woods.

Doug Clare, vice president for fraud solutions at Fair Isaac Corp., agrees. "The fraud comes here. And so this is the place fraudsters focus their efforts, because it's easier," he says.

EMV stands for Europay, MasterCard and Visa, the networks that set the global standard for security chips embedded in payment cards.

The major U.S. card brands have all announced that they will require most U.S. merchants to use terminals that can handle EMV cards by October 2015. Those cards are more secure than their predecessors. But the United States lags far behind the rest of the world in making the switch.

The rising U.S. fraud losses could help galvanize industry support for making the switch to EMV cards, which also are expected to encourage the adoption of mobile payments. "Fraud wasn't the initial driver, but it certainly is part of the business case now," Conroy says.

She noted that fraudsters often hold onto stolen credit card data for some amount of time before using it to make illegal purchases, so the October 2015 switchover date also serves as a deadline for the criminals.

"The bad guys are very motivated to use all this counterfeit card data that they have before it becomes much harder to use," she says.

Firms in the card industry are often reluctant to speak publicly about fraudulent transactions, the costs of which they generally cover.

Discover declined to comment for this story. In a document filed with the Securities and Exchange Commission last week, the company stated: "The risk of fraud continues to increase for the financial services industry in general. Additionally, our risk of fraud continues to increase as acceptance of the Discover card grows internationally and we expand our direct banking business."