Online card fraud up as thieves avoid more secure chip cards for in-store payments

Increasing use of biometrics may help protect online payments

One unfortunate side effect from the use of chip cards for in-store purchases has been an increase in online credit-card fraud.

Hackers have taken the path of least resistance, moving from in-store fraud to e-commerce fraud, according to security experts.

Deterred by the security capabilities of chip cards for in-store payments, thieves have resorted to stealing credit-card numbers and passwords or opening new accounts with false credentials to use in making online payments for purchases, according to recent studies. Botnets also comprise some of the biggest increases in online card fraud.

Chip cards were instituted on Oct. 1, 2015, and since then, e-commerce fraud on U.S. merchants has jumped 42% as of the fourth quarter of 2016, according to a study by research firm Pymnts.com.

"We predicted this [online fraud increase] would happen following [chip] cards in the banking industry years ago," said Mike Lynch, chief strategy officer at InAuth, a vendor of mobile and browser security products. (InAuth was recently purchased by American Express, but will remain a subsidiary.) Other countries, including Canada and Australia, also saw big jumps in online card fraud after chip cards were adopted, he said.

Lynch said the online fraud increase is probably higher for financial institutions than for merchants, but merchants are more open about the problem and discuss it more freely. "Banks don't typically want to disclose fraud," he said.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!