French Caldwell

A member of the Gartner Blog Network

French Caldwell
VP and Gartner Fellow
15 years at Gartner
19 years IT industry

French Caldwell is a vice president and Gartner Fellow in Gartner Research, where he leads governance, risk and compliance research. Mr. Caldwell also writes and presents on knowledge management. His research includes analysis of the impact… Read Full Bio

Coverage Areas:

The Myth of EMV

by French Caldwell  |  March 25, 2014  |  7 Comments

emvcard2

Like most of us, since the Target hack, I’ve heard statements on how EMV is THE answer to credit card fraud, and how it’s been working great in Europe which has had it for 20 years.  If the business case were so compelling, wouldn’t EMV have made the trip across the Atlantic a long time ago?  Let’s take a look at the numbers.

According to a report from Aite and ACI, with just 10% of credit card users reporting they’ve experienced fraud in the last five years, Germany’s fraud rate would seem to be very low as compared to the US (37%).  While there must be many factors than just technology involved, at first blush, with such a huge disparity, this looks very promising for EMV.   But then, taking a look at the UK, which adopted EMV in 2006, the fraud rate for Britons is 31% — not so far behind the US.   So is credit card fraud in the UK really three times that in Germany?

Perhaps there could be other factors involved.  According to data from the European Central Bank,  Britons use their cards more.  With twice as many transactions per card and more cards per person,  2.4 for each Briton and 1.68 for each German according to the ECB, Britons have almost three times as many transactions per inhabitant.  So, Britons use their cards three times as much as Germans, and they have three times the fraud.  That’s at least one way of looking at the data – I’m sure there are others.

So, perhaps culture and payment habits have something to do with the fraud rate.

Now let’s take a look at the US where the number of credit cards is 3.5 per person.  Is the US fraud rate really that much higher than the UK?  Americans have a consumer lifestyle much like Britons and I would think would use their cards in a similar fashion.  That’s just a working assumption and certainly open to challenge.

As noted above, 37% of Americans and 31% of Britons report experiencing credit card fraud.  Since Americans have 3.5 cards per person and Britons 2.4, this would mean a fraud probability of 10.6%/card/person in the U.S. and 12.9%/card/person in the UK. Hence, one reason that Americans may experience more incidents of fraud than Britons is that they have more cards per person.  There are other reasons as well – such as the percentage of cards that are authorized online or offline in a particular country.  All I am trying to point out here is that EMV is not going to solve the problem of consumer credit card fraud.

No doubt, EMV chip and pin could have a big impact on point-of-sale face-to-face fraud, but it will push fraud to other means, and once the big honeypot of US consumers is on EMV, I’d expect that Europe will see an uptick in cross-border fraud.  The numbers as best as I can tell for the fraction of transaction fraud in US is 0.0005,  and for Europe it is roughly 0.0004, with many countries well below that and several well above it.

With fraud incidence per card roughly equal in US and Europe and the cost of fraud only a tiny fraction of the transaction value — much less even than card fees — it’s easy to see why EMV has not yet made the leap across the Atlantic.  EMV will be helpful, yes – particularly for merchants doing face to face transactions – but looking at the data, the best way to avoid credit card fraud is to follow the German example and just avoid using credit cards.

7 Comments »

Category: Cybersecurity fraud Standards     Tags: , , ,

7 responses so far ↓

  • 1 The Myth of EMV | All that All   March 25, 2014 at 7:05 pm

    [...] By French Caldwell [...]

  • 2 The Myth of EMV : 6config: Le blog   March 25, 2014 at 7:38 pm

    [...] By French Caldwell [...]

  • 3 The Myth of EMV | Euler Global Consulting   March 25, 2014 at 7:55 pm

    [...] By French Caldwell [...]

  • 4 USA EMV cards available today (Chip & PIN -or- Chip & Signature). - Page 248 - FlyerTalk Forums   March 26, 2014 at 12:04 pm

    [...] brilliant solution by French Caldwell of Gartner The Myth of EMV summary: blah-blah-blah this, blah-blah-blah that, therefore "the best way to avoid credit [...]

  • 5 simon   March 26, 2014 at 1:04 pm

    There is one very simple reason that the EMV is useful…you never loose sight of your card. Take the example of paying in a restaurant in the US:

    Ask for the check
    Check appears
    Waiter takes check
    *waiter has moments needed to scan the card*
    Waiter returns with the check to sign
    Customer walks off

    In the UK with EMV it works like this:
    Ask for the check
    Waiter brings check
    Say you want to pay with card
    They bring the mobile card machine to you
    You insert your card, enter your pin
    You leave

    Granted they could give you a fake card reader but it’s harder to be that much more brazen about it.

  • 6 Jack Daniel   March 31, 2014 at 12:14 pm

    We’re missing an opportunity to make a group of customers happy while slipping in an *incremental* increase in security. Those of us who travel outside of the US have almost all been frustrated (or worse) by the inability to use our US retro-tech cards at automated systems throughout the rest of the world.

    Let’s look at EMV as a way to improve customer experience for the 10-15% of Americans who travel abroad, and we can take the nominal increase in security as a bonus.

  • 7 Jeff Hall   March 31, 2014 at 7:51 pm

    EMV is a pointless exercise from a fraud perspective. EMV’s focus is on card-present fraud and it does that very, very well. However, the growth industry in fraud is in card-not-present fraud, something that EMV does not address. As a result, the card brands have introduce schemes such as 3D Secure which have their own security issues that can be exploited. There needs to be a paradigm change rather than some minor incremental upgrade.