By High-profile credit card security breaches at Target and Neiman Marcus over the holidays have again brought the issue of enhanced fraud prevention technology to the fore, and Fitch Ratings expects growing concerns over security shortfalls to drive card issuers and retailers toward high-cost upgrades over the next few years.
While it's unclear how the upgrade costs will be divided between banks, retailers and payment networks, we believe interests are aligned in the desire to reduce card fraud. When a security breach occurs, retailers face reputational damage and potential hits to sales volume, while banks and networks deal with increased customer service demands and, often, the full cost of fraudulent charges. Fitch expects all parties will incur higher technology spending in the coming years to meet tougher card security standards already established in Canada and Europe.
The ultimate earnings impact on financial institutions will likely be mitigated by reduced fraud-related losses, lower customer service costs and generally happier customers.
Some parties have pushed for the introduction of Europay-MasterCard-Visa (EMV) chip technology to enhance fraud controls, whereby digital chips embedded in the cards would replace magnetic strips. This would prevent thieves from creating fraudulent cards. PINs could also replace signatures at the point-of-sale as an extra layer of security. Adoption of so-called 'chip-and-PIN' technology in Europe and Canada has cut fraud rates dramatically. But adoption in the US, to date, has met resistance as merchants have generally steered away from the heavy investment necessary to upgrade point-of-sale terminals.
We expect momentum toward a new security standard to build moving into 2015 because Visa announced a program that will shift inter-regional liability beginning in October 2015. This means that when a European chip card is used at a US merchant without a chip-enabled terminal, the merchant, not the network, will have the liability for any counterfeit fraud.
Still, the need for higher security standards goes beyond the point-of-sale, given the rapid increase in the number of ecommerce transactions. According to a recent Fed study of card payment activity in the US, the total number of unauthorized transactions (third-party fraud) during 2012 was an estimated 31.1 million, with a total transaction value of $6.1 billion; up nearly 10% from 2011. Card-not-present (generally online transactions) fraud rates were about three times as high as card-present fraud rates, while PIN debit card transactions had the lowest fraud rates in 2012. Fitch expects increased controls to be introduced for online transactions as well, including the need to enter a password or PIN during checkout.
Major card issuers, including JP Morgan and Amex, have noted this month that the Target and Neiman Marcus breaches have made it more likely that new card technology will be introduced in the US, probably through some combination of chip-and-pin for cards and tokenization (PIN/password) for online transactions.
While reduced fraud losses will add to bottom-line earnings for card issuers, it will also serve to protect consumers from the headaches associated with security breaches. We believe recent headlines may draw the attention of the Consumer Financial Protection Bureau (CFPB), which may encourage banks to accelerate technology spend to enhance consumer protection.
The above article originally appeared as a post on the Fitch Wire credit market commentary page. The original article can be accessed at www.fitchratings.com. All opinions expressed are those of Fitch Ratings.
Fitch Solutions
Meghan Neenan, CFA, +1-212-908-9121
Senior
Director
Financial Institutions
or
Bill Warlick,
+1-312-368-3141
Senior Director
Fitch Wire
Fitch, Inc.
70
W. Madison
Chicago, IL 60602
or
Media Relations
Brian
Bertsch, +1-212-908-0549
brian.bertsch@fitchratings.com
