Tag Archives: fraud reduction

PIN vs. Signature

Visa, MasterCard weigh PIN vs. Signature [2023 Update]

Leave a reply

Today the Official Merchant Services Blog takes us to Australian and covers a topic that the big card brands are pushing as a needed security measure in the credit card processing industry. A recent push by Visa and MasterCard  is aimed at increasing the percentage of transactions that are verified by PIN to 90 percent. This reduction in the amount of payments backed by a signature is an attempt to lower the amount of fraud by millions of dollars caused by stolen and otherwise compromised cards.

How Easy it Can be to Forge a Signature

Visa and MasterCard are pushing for this change because of how easy it can be to forge a signature and the lack of employees double-checking signatures against identification. The target date for banning signature based transactions is June 30, 2014. The bar is set at 90 percent as the other 10 percent of transactions do not require signatures. Currently, around 45 percent of transactions are signed for.

Some objections that small business owners have raised to eliminating signature verification is the need to install additional PIN pads or have the customer come to a POS terminal in order to pay as opposed to just leaving a slip at the table. These changes and upgrades would be an increased cost on the merchant and some are worried that smaller businesses might not be able to shoulder this extra expense.

The proponents of this change state that “it is much more difficult for a fraud perpetrator to ascertain a PIN than to forge a signature”. They also reference data from a similar measure taken in Great Britain in 2006 that saw fraud on stolen cards “decline substantially”.

Opponents of the measure say that the costs to businesses are not justified by the potential decrease in fraud through this avenue and efforts could be focused elsewhere to see more substantial gains against fraud. According to a report on 2012, forged signatures accounted to for around $23.5 million on Australian cards. Whereas skimming and card-not-present fraud accounted for ten times that amount or $235 million.

No matter what the outcome of this proposal is, I think that everyone can agree that reducing fraud in merchant services is a top priority for all parties involved in the process. And as we see different markets such as Britain and Australia adopting different methods to try and combat fraudulent transactions it may be a glimpse into the future of what could eventually make its way to the U.S.

CVV Codes: Why do They Exist?

Leave a reply

CVV (Card Verification Value) codes are either three or four-digit numbers that are printed on either the front or back of credit and debit cards. This system was created to provide an extra layer of security to merchants and card-issuing banks against fraudulent transactions in card not present purchases.

Two Types of Codes

These codes come in two different forms: CVV 1 and 2. The CVV1 is integrated into the magnetic strip on the back of every card. In a retail, or other card present environment, where the card is physically swiped through a reader, the first CVV is used to verify the data on the track 2 mag strip is legitimate and matches up with the information the issuing bank has on file.

The second, and some might argue more important type, is the CVV2. Just to clarify, Visa and MasterCard use the three-digit CVV2 number printed on the back of the card next to the signature line. American Express uses a four-digit “Unique card code” that is located on the front of the card. Regardless of location or length, these both serve the same purpose: to prove that the person making the purchase has the original and real card in their possession.

man showing where CVV is located on a credit card

Skimming and Fraud

The CVV2 code is commonly requested by merchants in purchases over the Internet or in MOTO (Mail Order, Telephone Order) transactions. If a fraudulent card has been produced from a skimming device, the thief will not have the CVV2 number as it is only physically printed on the card and not stored electronically. Skimming is the practice of attaching a device over the top of a real magnetic strip reader, usually on ATMs or gas station pumps, to gather the sensitive information about the card. This information is used to make fraudulent cards and/or purchases.

If a thief attempts to make a purchase with a stolen card and does not have the CVV2 when the merchant requests it, the transaction will not be approved. The problem is that according to a recent study, only around 56% of online merchants request the CVV2 in order to complete transactions. Also, if a business does require the code, they can see around a 25% reduction in chargebacks.

The Bottom Line

It is important for consumers and merchants alike to protect sensitive information about their debit and credit cards. If a thief has your name, card number, expiry information, and CVV code they can very easily make fraudulent purchases or even create a duplicate copy of your card. For consumers it is important to ensure the business you are purchasing from is legitimate. For businesses, it is critical that proper procedures be followed when recording and storing your customers’ sensitive financial data.

First EMV ATMs to Go Live in the U.S.

Leave a reply

Just a few days ago we gave a brief overview of what EMV chip card technology is. With the payment technology firmly in place in almost every other region than the U.S. the only next step is to bring it stateside. Today news was released that the very first EMV enabled ATM machines are operational in the United States. The ATMs that are currently live are located at a bank branch on Park Avenue in New York City.

The more secure technology has been long tested in Europe as it has been in service in most of the continent since the late 1990s. According to one industry source, 36 percent of all bankcards and 65 percent of terminals, ATMs and other machines globally are EMV compatible. Also, since France adopted the EMV standard (and was the first country to do so) there has been a reported 80 percent reduction in credit card fraud.

Why a U.S. Rollout is More Complex

Many consider the U.S. payment industry to be one of, if not the most, complex in the world. This is due to several factors. For one, we lack the presence of a one central authority when it comes to issuing deadlines for implementation to issuing banks. In addition to this, there are a greater number of card issuers here, which increases the “moving parts” of a national overhaul.

Host Merchant Services image breaking down how chip cards work

Much of the decision making process lies with the issuing banks and credit unions. While they understand the importance of upgrading the existing infrastructure, decisions on scope and capabilities must be made and a roadmap for rollout designed.

ATM Specific Factors to Consider

ATM owners and operators have a few things to consider when deciding to upgrade or not. Because the liability of fraud and noncompliance rest on the operators of each machine the best route would be to analyze the number and type of transactions at each location. There are then three options:

  • Upgrade or replace the machine with EMV capability
  • Don’t upgrade and risk the chance of fraud or noncompliance
  • Take the machine out of service

Obviously most operators would like to keep as many locations operating to maintain revenue but it is possible that some locations just have too low of traffic to be worth upgrading or might be located in higher risk areas.