After Target Heist, Credit Cards Set for an Overhaul

by Luke Jones  on Monday, Jan. 27, 2014 12:00 am  

Last year banks issuing Visa and MasterCard absorbed around $3.5 billion in fraudulent charges, Wigley said.

As the big players — card companies and the government — swoop in to investigate frauds, banks like Arvest are left to deal with the victims, and that usually means losing money.

Most of the time, Wigley said, Arvest writes off the fraudulent transaction. It’s just the cost of doing business.

Sometimes a settlement will trickle down a few years later, but they are usually very small — “pennies on the dollar,” Wigley said.

“We may or may not make money off of them,” he said. “So we budget, on the card side, a percentage of our sales as a loss we’re going to take as fraudulent transactions.”

So will the switch to EMV fix this problem?

Somewhat.

Oxman noted that the Target incident was actually a cybercrime involving installation of malware and would have had the same result even if EMV tech was in use.

“Forty million people shopped at Target during the breach,” he said. “All 40 million of those cards were captured regardless of whether it was a chip or stripe. It was a breach of a server, not of the card.”

Still, EMV would have made the criminals’ task more difficult if their aim was to copy the stolen cards.

“The easiest thing to do with stolen card numbers is to make counterfeit cards and go to retail,” Oxman said.

“With EMV cards, it’s much harder to counterfeit. The unique codes generated by the chips are matched by the unique code of the server side, and they don’t have access to that, so they can’t counterfeit the card.”

As for Arvest, Wigley said the EMV transition would take care of “a lot” of the bank’s point-of-sale level fraud issues.

But, “unfortunately,” Arnold added, “most of our fraud is card-not-present,” meaning transactions where the merchant never sees the card, usually carried out on the Internet, and even EMV can’t provide much defense against that.

 

 

Please read our comments policy before commenting.