Oh what a year it has been so far. Breach here, breach there, breaches everywhere! EMV to the rescue, right? RIGHT?!?
Well, yes and no.
EMV does add tremendous security (when configured properly) to a Card Present (CP) transaction, but EMV does nothing to help the security of Card Not Present (CNP) transactions. And given the increased digitization of business and commerce, we would expect that over time the number of CNP transactions would increase at the expense of CP transactions. Meaning, as more digital business models drive people to purchase goods and services without physically presenting their card for purchase, people will opt for that style as it could be seen as more convenient. Don’t forget that CNP transactions are not limited to e-commerce. Most mobile payments are in fact CNP transactions. Buying an app, hailing a cab, or scanning that barcode to buy something on Amazon all count as CNP transactions.
How about a quick story? Friday was the last day of school for many kids—mine included—and our tradition is to celebrate the first and last day of school with milkshakes and french fries from Mooyah. This time around, I had my daughter with me and was planning on meeting my wife and son there. Upon arrival, the line was insane, and it doesn’t move very fast. I crouched down to my daughters level, whipped out my iPhone and opened up the Mooyah app to place an order. We punched in what we wanted, then bypassed that line entirely as our order was immediately transmitted to their system upon payment. CNP payment, mind you, because it was done completely through the app. I sat down with my daughter and waited for my name to be called while all those suckers in line stood there.
Bypassing that line was SUPER convenient for me. Anyone that has been around a hungry five year old knows that I probably did the whole place a service by getting her fed sooner.
While EMV may be helping to protect those physical payments as it is rolled out at a glacial pace, it does nothing for the CNP uses of the exact same payment instrument. Even though I might not be able to run a fraudulent chip transaction (note: you can do this. Sign up for my mailing list to learn how.), I can use that same information (if captured) to run a fraudulent CNP transaction. E-commerce merchants get ready—the flood is coming!