Acceptable fraud losses is no longer good business: A call to implement EMV in the U.S.
24 December, 2008
category: Contactless, Financial, NFC
By Paul Beverly, president, Gemalto North America
Here are some interesting statistics from 2008:
-
The Federal Trade Commission estimates that as many as nine million Americans have their identities stolen each year.
-
The Privacy Rights Clearinghouse estimates 245 million records have been compromised due to security breaches since January 2005.
-
The sting operation by security software provider Symantec showed stolen credit card accounts are sold like commodities online, at a quantity discount of one dollar if you buy 100 or more. These are for full packages with name and address, card expirations and CVV2 security numbers.
-
Gemalto’s own “Digital Trust Barometer” survey showed 57% of Americans are afraid someone will steal account passwords when banking online, 38% do not trust online payments, 74% are afraid of identity theft and 44% are afraid of online bank account hijacking.
I think it’s time executives in financial services; retail and online services start questioning a well-worn mantra that fraud losses are an acceptable cost of business.
When fraud and fear are undermining consumer confidence in e-commerce, as it is today, at some point that logic becomes bad business.
One of the most encouraging events in 2008 was when Donald Campbell, vice chairman of TJX, urged banks and other retailers to consider smart card technology for U.S. bank cards. Speaking to a Boston Globe reporter in August, Campbell proposed that the U.S. payment system should follow countries in Europe and Asia that have rolled out EMV standard-based credit and debit cards embedded with computer chips. If the cards were in use worldwide, he correctly told the Globe’s Ross Kerber, EMV bank card technology would have ruined the scheme in which thieves stole as many as 100 million account numbers, because they would be harder to use.
I agree with Mr. Campbell.
The rest of the world is well on the way to EMV implementation. Europe and Asia have long been issuing cards, and are now using them with small, inexpensive readers to generate one-time security codes to prevent fraudulent use of stolen card numbers for online transactions. Latin America, faced with exploding credit card skimming fraud, is fully committed to EMV smart cards and has put in place a pan-regional liability shift for retailers or issuers who fail to migrate. Canada is on track to complete EMV migration in 2010.
Yet stakeholders in the United States still find fraud losses and identity theft risks acceptable. I hope in 2009 we start to see more influential executives like Mr. Campbell speaking out on this issue and gaining some serious traction towards encouraging EMV implementation in the U.S. It is disappointing that U.S. companies are trailing the rest of the world in this area.
Yet, even after stakeholders agree, the EMV migration path is a long one. That’s why we need to start moving in that direction now.
About the AVISIAN Publishing Expert Panel
At the close of each year, AVISIAN Publishing’s editorial team selects a group of key leaders from various sectors of the ID technology market to serve as Expert Panelists. Each individual is asked to share their unique insight into what lies ahead. During the month of December, these panelist’s predictions are published daily at the appropriate title within the AVISIAN suite of ID technology publications: SecureIDNews.com, ContactlessNews.com, CR80News.com, RFIDNews.org, FIPS201.com, NFCNews.com, ThirdFactor.com, and DigitalIDNews.com.