With the rapid adoption of non-cash payments, we’re also seeing a rise in frauds
According to a Frost & Sullivan report published last year, India is the 13th largest non-cash payment market in the world, with a high potential to grow significantly as more merchants accept card payments and install contactless terminals. Increased disposable income and government incentives for greater financial inclusion and cashless society are driving the growth of not only debit and credit cards, but also innovative online and mobile payments. According to the Reserve Bank of India (RBI), the value of credit card and debit card (point of sale) transactions in May 2015 saw almost an 80 percent increase from the same month last year, amounting to INR 190 billion and INR 123 billion, respectively.
With the rapid adoption of non-cash payments, we’re also seeing a rise in frauds. According to the “Cyber and Network Security Framework” study by ASSOCHAM-Mahindra SSG, in the past three years, cybercrimes in India have grown six fold with credit and debit card frauds topping the chart. What makes matters worse is that the number of cybercrimes are expected to cross 300,000 this year, a value that is almost double that of last year.
To combat frauds, the RBI has directed banks to migrate to EMV based chip and PIN cards across the country to ensure that all cards are EMV based by December 31, 2018. EMV, also known as the EuroPay, Mastercard and Visa, is a global standard for the inter-operability and authentication of payment cards such as credit, debit and ATM card transactions.
Why is there a need for EMV?
There are several reasons to implement the EMV technology, from both consumers’ and banks’ standpoint. For users, the rise in mobile and online payments may mean that they are more vulnerable to frauds. They rarely check for security certificates of websites, and are often downloading applications from third-party or unsecured sites. This makes it easier for fraudsters to access the sensitive data stored on the mobile device through malwares. India has over 21.4 million credit card and 570.8 million debit card holders, with new users being added every day. It is important that these users and their data are protected from sophisticated fraudsters looking to steal sensitive information through phishing, skimming and other nefarious ways.
Another more compelling reason to immediately deploy EMV enabled cards is the migration of fraud. EMV provides greater security than the currently prevalent magnetic stripe cards. As more and more countries adopt the EMV standard, fraudsters are likely to shift their operations to more vulnerable countries where EMV standards are not implemented.
EMV cards can also play a critical role in helping India’s shift towards contactless payments. Usually, the devices used for EMV chip cards can also be used for contactless transactions. This means that merchants are already prepared to support contactless payments, and do not need any additional investments.
For banks, issuing cards with the EMV technology could mean a shift in the liability to cover the cost of frauds. Currently, if a fraudulent transaction occurs on a card, banks are usually responsible for it. However, once EMV cards are rolled out, if a merchant uses the magnetic stripe to conduct transactions and does not have an EMV compliant device, this could mean that the onus is on the merchants to incur the losses.
How can EMV help in reducing frauds?
As mentioned earlier, EMV cards are far less vulnerable to security breaches. This is because the data stored on the card is encrypted in a chip. Multiple countries and global retailers, including Target in the US, have recognized the benefits EMV offers, and are already migrating to this security standard. Those countries that have already deployed EMV chip cards have experienced a decrease in frauds and fraud losses. For example, after implementing the EMV chip and PIN cards in Canada, fraud losses from skimming have been at an all-time low since 2003. This has translated into a drastic reduction in the value of frauds from CAD 142 million in 2009 to CAD 38.5 million in 2012.
Besides physical or card-present transactions, EMV also secures online and mobile transactions:
• Offline/ card-present transactions: The EMV standard helps combat frauds from cloned, lost or stolen cards at physical points of sale, such as ATMs and retail outlets. The EMV card securely stores sensitive information and security credentials in an encoded format in the chip. During a transaction, a unique code is generated using dynamic encryption, which helps in preventing fraudulent transactions, skimming and counterfeit cards.
• Online/ Phone transactions: EMV can help secure online and phone transactions that continue to gain traction in India. Dynamic encryption, where a unique code is generated to authenticate users during transactions, makes online and phone transactions much safer. EMV uses two-factor authentication, in this case a one-time password (OTP), to secure transactions. Users can generate an OTP using the combination of the EMV card and through a handheld device to authenticate an online or phone transaction.
The benefits of using an EMV enabled card for both users and banks are clear. For users, they can transact online or offline, without worrying about fraudulent activities, even if the card is lost. While for banks, there is a larger opportunity for them to improve their relationship with their customers by enabling secure transactions and creating a safe and trusted environment to transact.
by – Atul Singh, Director-Banking, Transport & Telecom Solutions, Gemalto
