In this post I would like to discuss from a statistical perspective why EMV is not making the impact on fraud that people are led to believe. The following is the analysis I went through to prove this hypothesis. (Part One Here)
So, let us compare a year of card present fraud in the UK to that in the US. Unfortunately, I could only get statistics for 2008 for such a comparison. However, for 2009, card present fraud amounted to around 16% of all fraud and that is 0.43% of the total charged on credit cards in the UK.
For comparison, the best I could come up with was 2008 for the US from the American Bankers Association which indicated that there was $788 million dollars in card present fraud which amounted to 1.6% of the total amount charged.
According to the UK Cards Association, in 2005 the last year before the rollout of EMV, card present fraud amounted to just over 30% of the total fraud incurred from credit cards. I could not find the total amount charged in the UK that year, so I have no idea of how that amount of fraud related to the total charged.
However, given that card present fraud has remained steady at 16% of total fraud under EMV, I would assume that was the same with non-EMV cards so I would estimate that card present fraud amounted to around 0.86% of total fraud in 2005.
So a 1% card present fraud rate drove UK bankers to invent EMV? At the time UK bankers began to discuss EMV back in the early 1990s, it was my understanding that card present fraud rates were at least double or even triple those in the US, which would put the total percentage of card present fraud at somewhere around 3% to 4.5% of total charges since card present fraud rates are relatively stable.
Unfortunately, I do not have access to figures to support that. However, using just double that would mean that at 30% of all fraud in 2005, something must have been done to bring down the fraud rate before EMV was introduced. I base this on the fact that card present fraud has remained static after the introduction of EMV which would mean that in 2005, card present fraud was around 0.86% of total charges.
Could it be that enforcing better procedures at the merchant level which is what the banks mandated before EMV was introduced drove down card present fraud to around 1% of the total charged? It does appear that way.
EMV will save US banks and merchants a total of around $394 million dollars annually. Given the estimated ten billion it will cost to convert totally to EMV, is it any wonder why banks and merchants have no incentive to convert? The ROI is just not there.
So what are the conclusions we can draw from this exercise? Introducing EMV into the US would cut card present fraud by 50%. However, since bankers and merchants believe card present fraud is already at a manageable level, there is no incentive to convert.
But the more telling conclusion is that EMV does not eliminate card present fraud like it is perceived by the public. And that is something that the public deserves to know.
UPDATE: See this post from the FDR Atlanta.
Cross-posted from PCI Guru