Credit Card Fraud Could Peak In 2015 As the US Moves To EMV

[rhoenix]

Some analysts expect fraud to increase this year as thieves will step up their efforts to capture more credit card details before the Europay, MasterCard and Visa (EMV) standard conversion goes into full throttle. The next time U.S. cardholders receive a new card it will probably be equipped with an EMV chip, and most likely be contactless. The U.S. is finally making the transition to secure cards based on the European EMV standard, mostly because the liability shift imposed by the three big credit card brands — Visa, MasterCard and American Express. The European Union, where EMV became standard ten years ago, has the lowest level of credit card fraud in the world, while the U.S. accounted for 47.3% of the worldwide payment card fraud losses but generated only 23.5% of total volume.

The referenced article:

The only major market yet to adopt EMV-standard cards, US is poised to make the switch.

While less than 10% of cards shipped in the US last year were contactless, a mere 185m compared with 1.5 billion worldwide, this is set to change as the only major market not to have previously adopted EMV-standard cards finally makes the switch. Meanwhile in Europe, the birthplace of Europay, MasterCard and Visa (EMV) standard, 25% of the cards in circulation are contactless and the old continent is equipped with over 1.5 million terminals accepting contactless transactions.

The next time US cardholders receive a new card it will probably be equipped with an EMV chip, and most likely be contactless. The US is finally making the transition to secure cards based on the European EMV standard, mostly because the liability shift imposed by the three big credit card brands -- Visa, MasterCard and American Express -- will start on October. If the merchant is EMV compliant and has a POS system equipped to read EMV cards, and the card is not, because the financial institution has not started issuing them yet -- effectively forcing the merchant to run your card on the magnetic stripe reader -- then the bank or credit card issuer has to pay for the misuse of the card. Conversely if the issuer has upgraded to EMV by sending chip cards to its card holders, but the merchant has not upgraded their point of sale to accept them, the retailer bears the cost for counterfeit fraud.
That’s why the smartcard industry expects 2015 to be the year when most credit and debit cards will become EMV compliant. The Payments Security Task Force (PST) forecasted that 575 million chip cards will be issued by the end of 2015, representing about 71 percent of credit cards and 41 percent of debit cards.

Also the industry consensus is that forty-seven percent of the merchants in the US will be ready to accept EMV transactions by the end of the year.

“These numbers reflect the significant momentum behind the adoption of EMV chip in the United States,” said Ryan McInerney, president of Visa Inc. last summer “By the end of next year [2015], these issuers estimate that one in two of their U.S. payment cards will be chip-enabled, which represents real progress given the scale and complexity of this overall effort." While this year EMV will receive a big push because of the liability shift, it will probably take another three years for full adoption.

Some US financial institutions are not waiting for credit cards to expire to start sending EMV enabled replacements. The wave of data breaches that has hit major retailers such as Target and Home Depot, among others, has convinced many card issuers that the expense of sending new cards fades in comparison to the consequences of new data breaches.

While the European Union, where EMV became standard ten years ago, has the lowest level of credit card fraud in the world, the US accounted for 47.3% of the worldwide payment card fraud losses but generated only 23.5% of total volume. Some analysts expect fraud to increase this year as thieves will step up their efforts to capture more credit card details before the EMV conversion goes into full throttle.

TL;DR: Be careful with your credit card info for the rest of the year. The best way to compromise a purportedly more secure place is to have plants already inside of it, which is precisely what online criminals are doing en masse before the switch.

[rhoenix]

Some background info on EMV:

EMV stands for Europay, MasterCard and Visa, a global standard for inter-operation of integrated circuit cards (IC cards or "chip cards") and IC card capable point of sale (POS) terminals and automated teller machines (ATMs), for authenticating credit and debit card transactions.

It is a joint effort initially conceived among Europay, MasterCard and Visa to ensure the security and global interoperability of chip-based payment cards. Europay International SA was absorbed into MasterCard in 2002. The standard is now defined and managed by the public corporation EMVCo LLC. JCB (formerly Japan Credit Bureau) joined the organization in December 2004, and American Express joined in February 2009. In May 2013 China UnionPay was announced as member[1] and in September 2013, Discover joined the corporation.[2] The EMVCo members MasterCard, Visa, JCB, American Express, China UnionPay, and Discover have an equal 1/6 interest in the standards body.[3] IC card systems based on the EMV specification are being phased in across the world, under names such as "IC Credit" and "Chip and PIN".

The EMV standards define the interaction at the physical, electrical, data and application levels between IC cards and IC card processing devices for financial transactions. There are standards based on ISO/IEC 7816 for contact cards, and standards based on ISO/IEC 14443 for contactless cards (PayPass, PayWave, ExpressPay).

The first standard for payment cards was the Carte Bancaire M4 from Bull-CP8 deployed in France in 1986 followed by the B4B0' (compatible with the M4) deployed in 1989. Geldkarte in Germany also predates EMV. EMV was designed to allow cards and terminals to be backwardly compatible with these standards. France has since migrated all its card and terminal infrastructure to EMV.

More at the link of course, but the intro paragraph for the page is informative enough for context.