CYBERSPACE – Compared to the rest of the world, the U.S. has lagged behind in preventing of credit card fraud. Unlike in Europe and Australia, most credit cards issued in the U.S. continue to employ encoded magnetic stripes to hold personal and banking data. The stripes can be scrambled, erased or copied; thanks to rapid advancements in criminal technology, the data can be stolen even while a credit card remains in a consumer’s wallet.

EMV technology puts a stop to the problem by encoding the cardholder’s information on an RFID chip and requiring a personal identification number (PIN) when the card is used. European card issuers have employed the system for several years and have found it to successfully combat information theft and credit card fraud.

Until recently, U.S. card issuers, banks, merchants and consumers saw no need to dispense with the magnetic-stripe system everyone was accustomed to using. However, major data breaches at Target, Home Depot and other retailers over the past few years brought comfort to a screeching halt. Card issuers began quietly implementing EMV chips some time ago; by Oct. 1, an estimated 500 million chip-enabled credit and debit cards will have been issued to U.S. consumers.

“Chances are you already have one in your wallet,” said NETbilling President Mitch Farber.

With that in mind, on Oct. 1 MasterCard, Visa, Discover and American Express will begin shifting liability for credit card fraud to brick-and-mortar merchants that are not EMV-compliant. By the end of 2015, all merchants, card issuers, banks and processors must be EMV-compliant or shoulder any fraud losses themselves.

The shift has enormous implications for transactions in the real world and cyberspace.

“In a nutshell, if a customer uses a magnetic swipe card and it is a fraudulent transaction, the merchant is not liable; the card issuer will continue to be responsible for the loss,” explained Mobius Payments spokesman Lloyd Brown. “If, however, the consumer is using a chip card but the merchant is not using a terminal that accepts the EMV technology and a transaction is fraudulent, then the merchant will be found liable because the card issuer invested in the chip-and-pin technology but the merchant failed to upgrade [his equipment]. If a fraudulent transaction is made with a chip card at a chip terminal, then the card issuer is responsible.

“The nice thing about it is that in-store credit card fraud is virtually eliminated when both parties are using the chip-and-pin technology,” Brown added.

However, according to Farber, a decrease in brick-and-mortar fraud likely will lead to an increase in online credit card fraud.

“With in-store transactions presumably safer as more consumers use EMV-enabled cards, criminals will surely increase their efforts at targeting online retailers,” Farber said. “In the [European Union] and Australia, online fraud has increased 10 percent since they implemented EMV.

“This is an important reason for online merchants to tighten up their scrubbing,” he added.

Both men encouraged online merchants to examine their processing systems to ensure sufficient safeguards are in place to protect both consumers’ data and their revenues. The card associations will not be relaxing their chargeback ceilings, so the onus is on merchants and processors to ensure the predicted increase in online fraud doesn’t damage their ability to process electronic payments.