U.S. ATM Fraud Losses Jump

Fraud Migrating to Non-EMV Markets

By , August 8, 2013.
  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
U.S. ATM Fraud Losses Jump

ATM-related fraud losses are increasing in the U.S., and experts say that trend will continue until all U.S. debit cards make the conversion from magnetic-stripe to EMV chip and PIN.

See Also: Identity, Security and Risk Requirements for a New IAM Architecture

ATM-related fraud losses are migrating away from regions where the Europay, MasterCard, Visa standard has been adopted and are shifting to markets, such as the U.S., where magnetic-stripe transactions remain the standard, according to the European ATM Security Team's biannual fraud update, which was issued July 25.

In fact, from January to May, ATM-related fraud losses were reported in 34 countries and territories outside the Single Euro Payments Area, where EMV is the accepted standard. The U.S. ranks No.1 among those countries and territories for ATM-related losses, EAST reports.

"I'm not surprised that fraud is moving to non-EMV countries," says Avivah Litan, a financial fraud expert who's an analyst at the consultancy Gartner. "But banks don't want to spend money on EMV. ... [U.S.] banks are under a lot of financial pressure, and the security risks are just not high enough."

And when it comes to ATM-related fraud, Litan says it's less expensive for banks to invest in fraud detection systems than the EMV infrastructure.

EMV cards, unlike magnetic-stripe cards still common in the U.S., process payment transactions with a micro-computer chip. Card data stored on these chips is encrypted and cannot be skimmed or copied, unlike data saved to mag-stripes.

But because card-related fraud losses, at least until recently, have been absorbable, U.S. banking institutions have been reluctant to migrate payment cards to EMV because of the high cost associated with issuing cards embedded with chips, as well as the fact that the EMV infrastructure in the U.S. has not been built out. Most U.S. merchants and many U.S. ATMs are still not equipped to accept chip-card transactions.

Visa and MasterCard did set targets and liability-shift dates for migration to EMV, in hopes of spurring movement among U.S. card issuers. Visa had targeted April 2013 for transaction acquirers to have their processing systems upgraded to support chip and dynamic authentication. EMV card issuance was expected to follow a similar timeline, although experts said from the beginning that date was not realistic for most banking institutions and merchants (see Visa on EMV in the U.S.).

Visa also set an Oct. 1, 2017, liability shift date for all cross-border and counterfeit cards used at U.S. ATMs and pay-at-the-pump gas terminals on its network that result in fraud. The same liability shift for merchant POS systems is Oct. 1, 2015.

Visa notes that none of those dates, however, are mandates, and that card issuers are not required to issue EMV-compliant cards, nor are ATM providers and merchants required to upgrade their systems for EMV acceptance.

MasterCard also set April 2013 targets. The first April milestone was for acquirers to update their infrastructure and enable their core systems to support EMV transactions, says MasterCard spokesman Seth Eisen. The second April milestone, announced in 2011 as part of MasterCard's global Maestro EMV, which is used in Europe, was for shifting liability onto ATM owners and operators, he says. Fraud that results from transactions conducted in the U.S. with counterfeit cards created from internationally issued Maestro cards is now the responsibility of the ATM owner or operator.

In 2016, fraud liability for domestic transactions conducted at ATMs linked to MasterCard in the U.S. will shift to all ATM owners and operators, Eisen notes.

Both Visa and MasterCard have issued EMV roadmaps for the U.S. as well as guidelines to help issuers and merchants successfully launch and complete their EMV migrations.

Migration of Fraud

According to EAST, only five countries or territories within SEPA where EMV is the standard card technology reported over the last six months losses linked to ATM crimes, says Lachlan Gunn, who heads up EAST in London. That's proof, he says, that ATM fraud is migrating.

"This is just reinforcement of a trend first reported at the beginning of this year," Gunn says.

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE OCC: Retailers Accountable for Breaches

Comptroller of the Currency Thomas Curry says "it's only fair" that merchants should be responsible...

Latest Tweets and Mentions

ARTICLE OCC: Retailers Accountable for Breaches

Comptroller of the Currency Thomas Curry says "it's only fair" that merchants should be responsible...

The ISMG Network