Credit Card Fraud Could Peak In 2015 As the US Moves To EMV

dkatana writes Some analysts expect fraud to increase this year as thieves will step up their efforts to capture more credit card details before the Europay, MasterCard and Visa (EMV) standard conversion goes into full throttle. The next time U.S. cardholders receive a new card it will probably be equipped with an EMV chip, and most likely be contactless. The U.S. is finally making the transition to secure cards based on the European EMV standard, mostly because the liability shift imposed by the three big credit card brands — Visa, MasterCard and American Express. The European Union, where EMV became standard ten years ago, has the lowest level of credit card fraud in the world, while the U.S. accounted for 47.3% of the worldwide payment card fraud losses but generated only 23.5% of total volume.

Re:someone explain for the ignorant

[Hadlock]

I got a warning message in Spanish when I took out money from the ATM in Cartagena, Colombia (Caribbean edge of northern South America). Since my money came out ok I didn't pay it much attention. My buddy who spoke Spanish, however, was pretty amused.
 
He said,
"Did you see that warning message," "Yeah?" "That warning message is telling you your card only has a magnetic stripe, and no secure chip-and-pin system which is really insecure and you should ask your bank to upgrade it for you. This is the same system the Europeans use. Fuckin' Colombia's banks, in South America is a decade ahead of the United States banking system when it comes to technology. Typical."

Liability shift to merchants

[bradley13]

My wife has a small company that accepts credit cards. As the parent comment points out, the credit cards want to push liability for fraud onto the merchants. This has two aspects

- First, the physical card: Chip and pin is standard here, which would be fine, but don't think your fees go down when they hand you the liability. My wife has, to my knowledge, never had a case a fraud in 20 years, but that doesn't matter either. Mastercard/Visa are completely in collusion, there is no competition, they can demand whatever fees they want.

- Second, the Internet: I wrote her first web-shops, including the payment processing. This has become completely impossible. The credit card companies impose ever more impossible rules. Ultimately, if you handle credit card numbers electronically, they began insisting on quarterly audits of your IT infrastructure. We used an ISP - so they were going to insist on auditing the ISP infrastructure. Our ISP was - shockingly - actually ok with this, but the whole nightmare just got too complicated. In the end, the rules appear to be nothing but a way of forcing you to use their approved payment processors - yet another way to suck money out of merchants.

Will some Internet payment service please, please spring up and actually give Mastercard/Visa some real competition? Paypal has been largely co-opted, Bitcoin is a joke - we need something that your average Joe can and will use. So far, nothing...

Re:someone explain for the ignorant

[AmiMoJo]

Saying NFC has been "cracked" is like saying that ethernet has been "cracked". It doesn't make any sense. NFC is just a transport layer, it doesn't have any encryption or security at all. You have to build that in at the application level that uses NFC to transfer its data.

NFC payment cards are secure. They have been in use in other parts of the world of ~15 years now. Japan started using them around 2000. There have been no mass thefts by people with big antennas or readers hidden under their jackets. The hacks you heard about were attacks on the phone's NFC software stack, similar to a bug in the TCP/IP stack of some desktop operating systems. Again, we didn't say that ethernet was "cracked" when that happened, we recognized that the implementation of the TCP/IP stack was broken.