The two-year anniversary of the EMV liability shift has arrived, and we’ve already covered some of the consequences. The basic truth is clear: EMV has solved what it set out to solve. Fraud is down significantly in the in-store realm at retailers who have adopted the technology.

But that’s only half the story. Yes, merchants with EMV are safer. But criminals haven’t given up just yet.

Fraud Moves Online
Now, many of the criminals who would’ve attempted to commit fraud in-store, have moved into the card-not-present world.

There are plenty of reasons for it. In the today’s world, the amount of e-commerce transactions is growing by the minute, and many in the industry still don’t know how to fully secure the process. Not only that, with the huge amount of sensitive information now stored online, many criminals have been able to acquire everything they need for simple identity theft. In person, the task might be more difficult—but online it takes only a few clicks of a mouse.

And the numbers prove the trend. EMV has certainly benefited retailers—Ovum, for instance, found that more than 80% of retailers with EMV have seen lower fraud costs. Both Visa and MasterCard reported online fraud dipping by significant percentages.

Online, by contrast, One estimate from Boston Retail Partners has the spike at 137% since the arrival of EMV. So while the card-present decrease is great news, in many ways the major trend is a shift, rather than a victory. Now, the major battlefield is the card-not-present world.

What Should Merchants Do?
Every merchant that uses e-commerce needs to step up and take serious measures, because it looks as if this trend will only grow.

First, merchants should be sure to use all possible verification techniques. The classics, of course, are address and CVV, and if merchants don’t already use these they’re behind. But payment companies have invented many new strategies of verification that go far beyond just CVV, and it’s important for businesses to explore which will be best for their industry.

Next, companies should be sure they partner with a payment provider that offers the cutting-edge in security. Boston Retail Partners lays out the most crucial features in payment security today. (The most crucial, of course, is for a merchant to have EMV for in-store transactions.)  In the e-comm realm, merchants need to be sure they proper encryption and tokenization tools in place. Tokens should be card-based, but they must eliminate card numbers wherever possible. BRP also suggests an annual security audit outside of PCI and other standards.

E-Commerce is the future of retail, and merchants shouldn’t be afraid to conduct transactions online, or else they could be left behind. But it’s crucial to work hard and remain on the cutting-edge of security in card-not-present transactions.

​​2 Years After EMV, Fraud Grows Online