More Chip-Card Headaches, This Time for Merchants

Wall Street Journal – For millions of merchants that haven’t yet met the credit-card industry’s deadline for accepting more secure plastic, the bill is coming due.

As of last October, retailers who didn’t make the transition to chip cards are on the hook for counterfeit transactions that used to be covered by card-issuing banks. The costs of the fraud, known in the industry as chargebacks, are starting to stack up.


Chargebacks among small and medium-size merchants rose 15% in the fourth quarter from a year earlier, according to a recent survey by The Strawhecker Group, a payments consulting firm. The industry believes the volume of chargebacks has likely risen since then, because the fourth quarter included only a few weeks under the new rules and it often takes a while for the costs to flow through to merchants.


Financial institutions have been issuing the new cards to customers for more than a year, but just 22% of retailers are able to process them, according to a survey released last month by Boston Retail Partners. Another 53% of the merchants in the survey planned to install the systems within the next 12 months.

Read full article: More Chip-Card Headaches, This Time for Merchants

Merchants Without Chip Readers On The Hook For Tens Of Millions Of Dollars In Fraudulent Purchases

International Business Times – Your new bank card with the fancy, more secure chip might just be sticking your favorite store with a nasty bill, the Wall Street Journal reported.

In the past, when purchases were made using counterfeit cards, the bank picked up the tab, leaving the merchant and cardholder protected from the wiles of ne’er-do-wells.

But since October, U.S. retailers have been the ones who have to cover the cost of fraudulent purchases, not banks. October was the deadline for all U.S. merchants to be able to process payments made by chip cards; the banks backing the cards no longer make merchants whole if the store can’t process chip card payments.

That’s led to tens of millions of dollars in lost revenue for small- and medium-sized stores.

Although the credit card industry’s deadline was six months ago, only 22 percent of merchants actually are processing payments using the chip, the Journal said, citing a report from consulting firm Boston Retail Partners. The other 78 percent’s reasons for not having pulled the chip trigger yet vary from seasonal worries (not wanting to disrupt the holiday shopping season), to the new payment terminals not working correctly, to not being able to have their payment systems certified.

Read Full Article: Merchants Without Chip Readers On The Hook For Tens Of Millions Of Dollars In Fraudulent Purchases

How can retailers mitigate the risk of the rise in online fraud?

Last October, following the EMV liability shift BRP published a blog post outlining the increased security risk to card-not-present transactions and warning retailers of potential increased online fraud. Our warning was not without precedent, citing a publication by Trustev that reported increased fraud in Europe following the introduction of EMV there. In this blog post, we will follow-up on our October publication with an update on reported online fraud in 2015.

Online Fraud Doubled in 2015

HackerMultiple industry sources all show that, with a few exceptions, online fraud increased in 2015. Digital goods, luxury goods and clothing all saw significant increases in online fraud. Further, according to Forester and’s recent report, retailers lost an estimated 1.3% of revenue due to online fraud in 2015 –  double the rate of 2014. Fraud’s harm doesn’t stop with “bad” transactions, as up to 25% of transactions declined due to suspected fraud were actually legitimate transactions.

Interestingly, that same report showed that electronics and food/beverage saw a decrease in online fraud, 17% and 36% respectively. What do these contrasts mean for online fraud in general? Different retail verticals are at higher risk for fraud as their goods have higher after-market value. For instance, fraudsters may be taking digital goods (such as DVDs), where fraud is up 304%, and reselling the content. Further, while electronics saw a decrease in fraud and represented 4% of fraudulent transactions they represented 19% of fraudulent transaction dollars due to the high price of products. A deeper dive into the statistics offer greater insights and a fuller picture of the critical areas to address.

The Forester/PYMT.som report does not break out gift card sales from merchandise sales. However, our findings and client data make it very clear that one of the highest risk sales, both online and in-store, is gift cards. If retailers have not adjusted their fraud profiles to include gift card sales in their highest risk category, they should do so as soon as possible.

Hopefully, the pace of the upward trend of online fraud will begin to slow in 2016. However, it would be foolish to expect it to decrease. As EMV penetration increases, counterfeit cards have less and less value in brick and mortar stores, effectively increasingly their value in online transactions. Additionally, fraudsters have large amounts of stolen credit card inventory that they want to take advantage of before the cards expire or are replaced. For these reasons, online retailers need to expect 2015’s fraud rates to be the new normal and prepare accordingly. Retailers must utilize rules-based fraud detection tools allowing them to audit suspect transactions and authorize legitimate ones.

Recommendations to Mitigate Online Fraud

Differentiating between legitimate and illegitimate transactions can be difficult, but with robust tools and processes retailers can achieve high proficiency. The list of risk mitigation opportunities continues to be expanded and enhanced:

  • Customer Profiles – Profile your existing customers and leverage their existing data. This will allow you to understand which customers were legitimate in the past and identify common attributes.
  • Seasonal Adjustments – Season specific policies allow retailers to tailor their programs throughout the year. Fraudsters are very adept at flooding the market at peak times, when retailers’ processes are already overloaded, such as back to school, seasonal changes and holiday periods.
  • Impact of Accelerated Deliveries – Adapt your payment policies to support, or anticipate supporting, the growing trend of increased same-day and next-day deliveries.
  • Secondary Security Services – Expand your tools to include secondary services such as fraud guarantee services for higher risk transactions.
  • Budget for Financial Impact – Review and possibly update your internal organizational model to account for the increased financial impact that on line fraud is having on the overall corporate bottom line.
  • Continuous Monitoring and Adjustments – Retailers must monitor activity to identify trends and analyze what worked in the past and what didn’t. As a result of this continuous monitoring and hindsight, retailers should update and tweak their rules and parameters. By implementing a comprehensive fraud detection process can thwart fraudsters and meet their customers’ expectations.

With online fraud on the rise, retailers are making it a high priority. Unfortunately, retailers already have a full plate of payment security initiatives, especially those that haven’t implemented EMV yet.  Fraudsters are savvy and retailers need to stay one step ahead by implementing comprehensive security strategies.

For more tips on mitigating payment security risk, check out this white paper:

Beyond EMV: Best Practices for Payment Security

As always, I appreciate your opinions on this topic. Please share your comments below.


VIDEO: Tokenization and Encryption are Key Components of Payment Security

According to the 2016 POS/Customer Engagement Survey, only 22% of retailers support EMV transactions. Why has the adoption of EMV been so slow? For payment security, many retailers have focused their attention on tokenization and encryption to help prevent payment card breaches, which can cost a retailer far more than the chargebacks as a result of not deploying EMV.

Watch this video blog post to hear Perry Kramer, Vice President and Practice Lead, Boston Retail Partners, share his thoughts on tokenization and encryption and why retailers are making this a higher priority than EMV.

Tokenization and Encryption are Key Components of Payment Security

Visit our BRP Videos page to watch videos on other topics.

As always, I appreciate you thoughts on this topic. Please enter your thoughts and comments below.


Only 22 percent of retailers support EMV

The Paypers – A Boston Retail Partners survey has revealed that 22% of retailers support EMV, with another 53% planning to do so within the next 12 months.

The survey’s results also show that 16% of respondents say they have no plans ever to support EMV.

Ryan Grogman, Boston Retail Partners vice president, said the problem is that POS systems in the U.S. are relatively complex, making the EMV upgrade process more challenging than it might otherwise be. He cited long lead times for new payment terminals and certification, a limited set of payment switch development resources and payment provider support resources, and a scarcity of POS developers as factors contributing to a big backlog in EMV implementations.

EMV is not a panacea for payment fraud, according to Grogman, which notes that Trustev has predicted that online fraud will increase by 106% over the next three years in response to the shift to EMV. Online retail fraud surged by 100% in Canada and Australia, and by 89% in the UK, after those countries switched to EMV.

Read full article: Only 22 percent of retailers support EMV

VIDEO: Payment Security is Still a Top Priority for 2016

According to the 2016 POS/Customer Engagement Survey, payment security continues to be one of retailers’ top three priorities, as many retailer have not implemented EMV yet.

Watch this video blog post to hear Perry Kramer, Vice President and Practice Lead, Boston Retail Partners, explain why payment security is still a top priority for retailers in 2016 and what they are focused on in the next year.

Payment Security is Still a Top Priority for 2016

Visit our BRP Videos page to watch videos on other topics.

As always, I appreciate you thoughts on this topic. Please enter your thoughts and comments below.


6 Must-Have Data Security Measures

Convenience Store and Fuel News – With the goal being a “multilayered” approach to data security, retailers focused on EMV need to implement additional measures and infrastructure to properly reduce risk, according to a recent report.

Risk-management firm Boston Retail Partners recently released a study called “Beyond EMV: Best Practices for Payment Security,” which highlights six security strategies critical for a high level of protection.

Retailers, however, have a ways to go to implement many of these options. According to Boston Retail’s 2016 POS/Customer Engagement Survey, even after the liability shift deadline of last October for in-store point-of-sale (POS), only 22% of retailers support these transactions, with another 53% of retailers still planning to implement the capability within 12 months.

The study also found that 49% of retailers have implemented end-to-end encryption and 35% have implemented tokenization of payment data “at rest.”

Read full article: 6 Must-Have Data Security Measures

Different Retail Personalities, Different Security Needs

PYMNTS.COM – Every retailer wants security — that’s a no-brainer. As for what particular areas they want to focus on, however, not all of them are in agreement. A couple of recent studies that asked retailers the same question came up with some varying answers. Retail security is a shifting target. Just as point-of-sale security seems to be shored up, a leak invariably pops up in mobile wallets, or in-store digital browsing, or omnichannel systems. For retailers to succeed, they must learn to master the art of split focus. As two recent reports on what matters most to retail professionals show us, it’s easier said than done.

As Chain Store Age reported, the Boston Retail Partners’ 2016 POS/Customer Engagement Survey shows that an overwhelming majority (85 percent) of respondents state that having a unified commerce platform, which seamlessly operates across all commerce channels, is top priority for them.

In contrast, only 38 percent of respondents mentioned payment security as a main concern. This marks a significant decrease from the 2015 findings, which saw 63 percent of respondents stating it was a top priority. One possible explanation, which Chain Store Age posits: The switch to EMV and the attention it brought to updating in-store systems most likely (and rather ironically) drove this reduction in prioritization of overall security.

Read Full Article: Different Retail Personalities, Different Security Needs

Retailers Want Payment Security Features Within Mobile Apps

eMarketer – Nearly three-quarters of retailers worldwide said they wanted their apps to offer payment security, according to January 2016 research. This is a key feature for consumers, many of whom are still leery of making mobile payments.

Aci Worldwide surveyed 200 global retail and technology industry professionals. In addition to payment security, integrated loyalty options were important to respondents: 71% of cited them as a feature they would like their mobile app to deliver.

2016 research from Boston Retail Partners found that 38% of retailers in North America said that payment and data security was a leading priority for them this year.

Read full article: Retailers Want Payment Security Features Within Mobile Apps

The Road Ahead – Experts share insights on key retail tech trends

Chain Store Age – Chain Store Age spoke to industry experts to get a sense of where four strong trends in retail technology — mobile payment, same-day delivery, Internet of Things and social commerce — are heading in 2016. We also offer a sneak peek at the burgeoning trend of visual search.

Mobile Payment: Calm before the Storm

Even though there was a big buzz about mobile payments during 2015, the penetration and adoption of mobile industry expectations. However, according to Ryan Grogman, VP of Boston Retail Partners, there are reasons to believe that mobile payment is still primed to be a disruptive in-store technology in 2016.

“Like any new technology, there is an adoption curve for mobile payments,” Grogman said. “Taking a card out of your wallet and swiping or inserting is an ingrained behavior that does not take a significant amount of incremental time over taking your phone out of your pocket or purse and holding it to a payment terminal.”

Despite the miss in expectations, Grogman said retailers are making significant investments to enhance their payment security.

“Payment security investments include the installation of advanced payment terminals that will inherently support mobile payments,” Grogman said. “Additionally, the sheer number of mobile payment options means that more customers will have access to using their smartphones for payments.”

Grogman concluded that the key to mobile payment truly gaining traction will be to convince customers of the advantages of choosing to use their phones instead of reaching for their payment card.

“The integration of store-based loyalty cards and specific promotions built around the use of mobile payments at checkout will help drive adoption,” Grogman said. “Walmart Pay is a merchant-driven solution, meaning they can incent their customer base by including promotions and benefits specific to their customer base, which should increase adoption.”

Read Full Article: The Road Ahead – Experts share insights on key retail tech trends