Fallback transactions pose a significant danger to financial institutions (FIs) and are something criminals will lean on more heavily as the adoption of chip-enabled cards continues to gather pace.
A fallback transaction is the swiping of a chip-enabled card at a chip-enabled terminal, as opposed to being “dipped” or inserted. As chip cards become more prominent and continue to impact criminal’s ability to use counterfeit cards, they are turning to ways to force fallback transactions at Point-of-Sale (POS) terminals.
To prevent card fraud more effectively, FIs need to recognize these transactions and the risk associated with them.
Mag stripes and ghost chips
One way criminals are forcing fallback transactions is by creating cards with non-functioning chips. Dip the card, and if the chip doesn’t work — the fallback is to swipe to complete the transaction.
An example of this came in the aftermath of the massive data breach suffered by Chipotle in early 2017. Between March 24 and April 18, hackers used malware to access mag stripe data from cards used at many the restaurant’s 2000+ locations. As of August, 10 percent of known fraudulent transactions completed using counterfeit cards created with hacked Chipotle customer data were fallback transactions.
Of course, there are legitimate reasons why a fallback may occur, including a defective or incorrectly configured chip reader terminal or a defective chip card. There is also a lot of talk about the slowness of a chip-transaction, leading to merchants telling a customer to fall back to swiping the card. Most merchants will allow a swipe rather than lose a sale.
Fraud liability also comes into play here. If the mag stripe on a chip-enabled card is used on a chip-enabled terminal and the transaction is fraudulent, the card issuer is on the hook if they authorize the fallback transaction.
Fallbacks work around the rise of the chip
With the transition to EMV-enabled chip cards and merchant terminals gathering significant steam, it appears the move is having a significant effect on the reduction of counterfeit card crime. During 2016, Visa issued 408.1 million chip cards in the U.S., an increase of 92 percent. In early 2017, the company stated they have seen a 52 percent drop in counterfeit card fraud at chip-enabled merchants and a 14 percent drop across all merchants.
The US Payments Forum Summer 2017 Market Snapshot indicates that approximately 50 percent of merchants are chip-enabled and 45 to 50 percent of credit and debit transactions are completed with a chip-enabled card used at a chip-enabled terminal (chip-on-chip).
It should come as no surprise that criminals are making the adjustments needed to protect their card-enabled gold mine. So, while the EMV rollout is having a positive impact, counterfeit card fraud is not going away — in part due to fallback transactions.
Watch for fallbacks
It may be premature for an FI to decline all fallback transactions as a measure of protection against fraud, although some have done so. Until the chip rollout has matured and chip-enabled terminals are reliable, blanket declining of these transactions could lead to high levels of frustration for customer’s attempting to complete legitimate transactions. However, fallbacks are absolutely something that investigators should be watching.
Monitoring solutions should be able to recognize if a transaction was completed using the card’s chip, as the information can greatly reduce false alerts. It should also recognize the presence of fallback transactions and alert investigators when they occur.
Teamed with analytics that can alert on unusual patterns of customer behavior, this is an effective and more customer-friendly way to shut down potential card fraud.
Want to learn more about how Verafin can help you detect and prevent card fraud? Visit our Card Fraud Solution page.