Aite Group published a report in March 2010, titled “Card Fraud in the United States: The Case for Encryption. The full report is only available for purchase, but some of the key highlights are below:
• Aite Group estimates that the total cost of fraud in the United States is $8.6 billion per year, or 0.4% of the $2.1 trillion card payment industry. Of that total, just 15.9%, or $1.35 billion represents counterfeit card fraud, only 0.06% of annual card transaction volume.
• Those seeking to mitigate card fraud today should focus on encryption technologies, cutting off the source of card data for the carding networks.
• Upgrading of card technologies to EMV chip cards in the United States will not occur while U.S. Issuers and networks remain married to signature interchange. Fraud has not stopped since the introduction of EMV in the UK, but the type if fraud has moved.
• Aite Group estimates that the total cost of fraud in the United States is $8.6 billion per year, or 0.4% of the $2.1 trillion card payment industry. Of that total, just 15.9%, or $1.35 billion represents counterfeit card fraud, only 0.06% of annual card transaction volume.
• Those seeking to mitigate card fraud today should focus on encryption technologies, cutting off the source of card data for the carding networks.
• Upgrading of card technologies to EMV chip cards in the United States will not occur while U.S. Issuers and networks remain married to signature interchange. Fraud has not stopped since the introduction of EMV in the UK, but the type if fraud has moved.
• The report looked at three broad categories of solutions to combat fraud today. These were requiring additional information as part of the authorization, devaluing the magnetic stripe data and deploying higher level card technology.
• The following technologies were looked at as ways to require additional information as part of the authorization message to reduce fraud
o Address Verification Service
o Card Security Code
o 3D Secure
o Physical 2 Factor Token
• For devaluing magnetic stripe data, the following technologies were studied
o End to End Encryption
o Dynamic Card Data
o Magnetic Stripe Fingerprinting
•
Two technologies were reviewed for deploying higher level card technology
o EMV
o Contactless
• Of these technologies, end to end encryption would have the greatest impact on reducing fraud. Aite Group states: “End-to-end encryption, if fully implemented nationally, would be likely to prove extremely effective in reducing counterfeit and card-not-present fraud, materially impacting the availability of U.S, Card data on the black market. Carding gangs would be forced to turn to easier pickings in less well-armored countries. We estimate that a national E2EE deployment would cut 90% of card-not-present and counterfeit cards in the United States.”
• Based on the…degree of fraud elimination, time to return in investment, time for deployment and the level of friction to adoption, end-to-end encryption provides the most thorough and feasible form of card fraud prevention today. Deployment costs would fall primarily on merchants, but this may be seen as acceptable in the context of removing some key areas of liability within the PCI DSS framework. Payback would take less than a couple of years, approximately the same time as it would for deployment.
0 comments:
Post a Comment