Gartner Blog Network


Credit Card industry challenged as Fraud rises significantly at EMV-capable merchants

by Avivah Litan  |  March 14, 2016  |  1 Comment

In a little noticed but highly significant event, two small Florida merchants are lead plaintiffs in a potential class action suing the financial services industry for conspiring to get the merchants to eat more fraud. The merchants point out that their fraud rates and charges have risen more than twenty times since the October 2015 EMV deadlines that shift liability from the banks to merchants for card present card fraud, if merchants are not accepting chip transactions.

For more information on this please refer to bobsullivan.net

This is unfair because merchants cannot accept EMV chip card transactions unless their equipment is EMV certified and there is a long backlog and queue for this certification process. The plaintiffs did what they could and installed the necessary EMV equipment long ago, but cannot turn the chip readers on. Many card-accepting companies throughout the U.S. are in the same position.

We pointed this problem out last September when we learned of this potential crisis brewing, but we did not realize it would end up this bad. See blogs.gartner.com

In the meantime, interestingly the FTC just announced it will study credit card industry data security auditing practices (ala PCI). See ftc.gov.

I was encouraged to read about this FTC study because the PCI audit/assessment process is notoriously uneven, and way too dependent on the subjective views of the auditors, some (but certainly not all) of whom have little expertise. Also there have been financial revenue sharing arrangements in the past between the PCI assessment firms and the merchant acquiring processors which seems like a major conflict of interest to me. Auditors should remain independent of all parties.

Another major conflict of interest is that the qualified assessment firms are able to sell PCI remediation services after their audits to ‘fix’ the problems they uncover in their audits. Together, these conflicts of interest compromise the integrity and usefulness of the audits.

I hope the FTC takes the time to study the trade practices involved in the EMV liability shift as well. It’s a lot more complicated than PCI audits but heavily related.

Category: 

Avivah Litan
VP Distinguished Analyst
19 years at Gartner
34 years IT industry

Avivah Litan is a Vice President and Distinguished Analyst in Gartner Research. Ms. Litan's areas of expertise include endpoint security, security analytics for cybersecurity and fraud, user and entity behavioral analytics, and insider threat detection. Read Full Bio


Thoughts on Credit Card industry challenged as Fraud rises significantly at EMV-capable merchants


  1. Olá

    Gostei muito do seu post no seu conteúdo.

    Beijos!

    Lice Nunes no shameonyoublogueira.com/intelimax-iq



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.