ISOs and agents could use fraud data to convince merchants to take security seriously, observers say.
As it now stands, retailers and consumers may not be pushing for stronger card security because they feel protected by the systems already in use. But today’s security measures are not protecting the public from the real costs for fraud.
Consumers who fell victim to fraud experienced an average loss of $240 per incident in 2011, a year in which nearly 5% of U.S. adults were affected by identity fraud, according to Javelin’s 2012 Identity Fraud Report.
On average, consumers lost $141 if their debit card was used fraudulently and $306 if criminals attacked a credit card account, the report stated.
And advocates for chip-and-PIN security raise the issue of consumer costs when arguing against chip-and-signature security for the U.S. switch to the EMV card standard.
Tim Rohrbaugh, chief information security officer at the identity risk management provider Intersections Inc., says chip-and-PIN is safer for consumers.
“When is the last time someone verified a signature [on a card transaction]?” he says. “We all know the answer to that.”
Steve Schwartz, who also works at Intersections, says using a PIN eliminates some of the opportunity to steal data during individual transactions because the card isn’t easily separated from its owner.
“I like it better when the transaction is taking place right in front of me, which you do with chip-and-PIN,” says Schwartz, the company’s executive vice president of consumer services.
Consumers absorb out-of-pocket costs more often for existing card account fraud, meaning the consumer opened an account and a criminal somehow got a hold of it, says Jim Van Dyke, president and of Javelin Strategy and Research.
Zero-liability policies protect consumers if they alert the issuer within 60 days of a fraud incident, and Regulation E of the Electronic Funds Transfer Act protects debit card users from most fraudulent charges if the cardholder reports a lost or stolen card within two business days.
Zero liability is essential, but certain sectors of the card industry have fewer protections for consumers, Van Dyke says. “Networks do a good job of protecting consumers, but closed-loop, store-branded cards are not as safe,” he says.
In 2011, 8% of credit card fraud victims reported having their store-branded credit card misused, according to the Javelin study. On average, consumers lost $591 per incident when criminals stole their store-branded closed-loop card account.
In addition, consumer fraud costs increase because of “friendly fraud,” or cases in which a family member or friend is involved in the fraudulent purchases and the cardholder isn’t willing to sign an affidavit on the crime, Van Dyke says.
Regardless of how consumers end up paying out of pocket because of card fraud, the card brands should make consumers aware of how far network and federal protections really go, says Mark Horwedel, CEO of the Merchant Advisory Group.
The advisory group says merchants and their customers would be far safer if card brands and issuers all insisted on chip-and-PIN, rather than chip-and-signature, when EMV smart card use begins in the U.S.
“The Merchant Advisory Group and its members continue to plead the case for PIN versus signature,” Horwedel says. “I believe our collective efforts are slowly gaining traction despite the fact that merchants continue to have little real control over what happens with payment card rules and policies.”
Mike Urban, Fiserv Inc. director of financial crimes risk management, says merchants push for chip-and-PIN because a PIN provides better protection.
“But there is a push [by some networks] to keep chip-and-signature as an option,” Urban adds. “My problem with that is in the case of lost or stolen cards, the criminal who has a signature card and can still use it. With a PIN card, he can’t use it without the PIN.
