CASE STUDY: DEBIT AND CREDIT CARD FRAUD
Credit card fraud is a form of identity theft in which an individual uses someone else’s credit card information to charge purchases, or to withdraw funds from the account. Credit card fraud also includes the fraudulent use of a debit card, and may be accomplished by the theft of the actual card, or by illegally obtaining the cardholder’s account and personal information, including the card number, the card’s security number, and the cardholder’s name and address. Policing agencies from the local police department, to the U.S. Secret Service are on the job enforcing fraud laws as they related to credit card fraud. To explore this concept, consider the following definition.
Definition of Credit Card Fraud
- The unauthorized use of an individual’s credit card or card information to make purchases, or to remove funds from the cardholder’s account.
1887 The concept of the “credit card” was first discussed in Edward Bellamy’s utopian novel, “Looking Backward.” Many believe modern day credit card fraud to be the natural progression of theft from check fraud.
What is Credit Card Fraud
The crime of credit card fraud begins when someone either steals a credit or debit card, or fraudulently obtains the card number and other account information necessary for the card to be used successfully. While the actual physical theft of credit cards does happen, modern technology has seen a steep rise in the incidence of intercepting account information electronically. The owner of the account, the merchant from whom card information was stolen or intercepted, and even the card issuer may be unaware of the compromise until the information is actually used to make purchases.
As online shopping and bill paying has skyrocketed in popularity, there is no longer a need to possess a physical credit card or debit card to make purchases, and it is possible even to open a financial account, and obtain credit cards solely through online transactions. Because of this, criminals able to obtain enough personal information about other individuals may use that information to commit credit card fraud by opening new accounts, or having new cards sent to them on existing accounts.
Elements of Credit Card Fraud
The term credit card fraud is broadly used to refer to the use of a credit card, debit card, or any similar form of credit, to make purchases, or to obtain financial gain with the intention of avoiding payment. This includes identity theft, identity assumption, and fraud sprees. In the eyes of the law, certain elements are required for a financial or identity theft crime to be classified as a form of credit card fraud. These include:
- Credit Card Theft: the taking of a credit card, or credit card number, from another person, without the cardholder’s consent, with the intent of using or selling it.
- Credit Card Forgery: the purchasing of something of value using a credit card, by someone other than the cardholder, or an authorized user, with the intent of defrauding the card’s issuer.
- Credit Card Fraud: the taking of a credit card, or credit card number, from another person, with the intent to use, sell, or transfer it to another person, or using the credit card or card number to purchase something of value, with the intent to defraud.
Credit Card Fraud Investigation
Credit card fraud investigation most often begins when a consumer makes a report to local police of the theft or unauthorized use of his credit or debit card. Reporting the crime, or the suspicion that an individual’s account has been compromised, may require the cardholder to sign a sworn statement detailing the disputed transactions, and declaring under penalty of perjury that he did not make the charges he is disputing. Immediately reporting suspected credit card fraud is highly recommended by the banking and credit agencies, as well as the Federal Trade Commission, and law enforcement agencies.
Review of Disputed Transactions
During its credit card investigation, the card issuer will then review all of the disputed transactions, looking closely at when and where they were made, and whether any of them required a signature. If so, the signature will be compared to the cardholder’s signature on file. Signatures that do not match make quick work of proving a transaction is fraudulent.
Processing card transactions
Find out what to expect when processing card transactions and the definitions of relevant key terms.
Accepting Card Transactions
When accepting card transactions, you should seek authorisation from the cardholder's card issuer that the transaction details processed by your terminal are correct. You will receive an authorisation code for that particular transaction at that time on that day.
However, even though an authorisation has been given, it only checks whether:
- There are available funds up to the value of the transaction at the time it is processed in that card account That the card used has not been reported as lost or stolen
- Please note: An authorisation does not guarantee that a transaction is not fraudulent or that it will not be charged back at a later date.
Key Terms Used When Processing Card Transactions
Find below a list of links explaining terms which you may come across when accepting card transactions and can be fully explained by your acquirer.
- Code 10
- Online Transaction
- Offline Transaction
- Contactless Transaction
- Floor Limit
Suspicious Card Transactions - Code 10
There may be occasions, in a face-to-face transaction when merchants are suspicious about a cardholder, the card or card type being presented or the circumstances surrounding the purchase. In these situations merchantscan make a Code 10 call (if they feel it is safe to do so) to their acquirer's Card Authorisation Centre (CAC) where the operator will guide them through the process.
Answers to the CAC operator during a Code 10 referral will typically require ‘yes’ or ‘no’ responses.
Online Card Terminal Transaction
A terminal is said to have gone online when it dials out to connect to an acquirer in order to process a cardtransaction and request an authorisation. This may be because the chip on the card has told the terminal to do this, or because the transaction value is above a merchant’s agreed floor limit.
Offline Card Terminal Transactions
A transaction can be processed ‘off-line’, where the terminal does not dial out for an authorisation. This may happen, for example, if the transaction value is below the floor limit agreed by an acquirer, for which a merchantcan accept a transaction.
Contactless is now a mainstream way of paying, and is also rapidly expanding as a technology. Payments are becoming increasingly common not only on cards but also on wearable and mobile devices.
Making A Referral in Card Transactions
When merchants are processing a card transaction their terminal may prompt them to make a manual authorisation call to the cardholder’s issuer – known as a referral. An acquirer's operating instructions will guide merchants through how to process a referral.
Understanding The Floor limit
A floor limit is the value of a transaction that has been agreed between a merchant and its acquirer. Any transactions above this value will cause the terminal to go online to the issuer and request an authorisation that will be either approved, and an authorisation given, or declined. Conversely, where the card transaction value is below the floor limit the terminal can process the transaction offline, i.e. the terminal does not go online to the issuer, and stores the transaction details for transmission to the acquirer at a later time.
A floor limit is agreed by the acquirer and merchant taking into account any card scheme rules that may be applicable and will be pre-programmed into the merchant’s terminal.
When Merchants Must Fallback
When merchants cannot accept a card transaction using its standard method, they can fallback to the next available method. This may occur when the merchants' terminals or PIN pads have malfunctioned or there has been a power or telephone network failure and they have to fallback to using a manual imprinter. In this case, a merchant is said to have had to fallback to using a paper voucher. The card schemes require different fallback actions to be taken depending on the type of card being processed.
Where a terminal has not accepted a chip & PIN card because the chip cannot be read, a merchant can fallback to the card’s magnetic stripe and attempt to process the transaction on this basis by swiping the card.
Acquirers will provide details on what merchants should do when they have to fallback including details on which cards cannot be accepted on paper vouchers.
Making A Refund
There may be occasions when a merchant needs to make a refund on a card transaction for purchases made. This should only be done using the card that was used for the original transaction. When providing refunds, merchants are advised not to give a cash or cheque refund as this is a common method used by fraudsters to appropriate cash from the card.
An acquirer and terminal supplier will supply information on the correct procedure to use when making a refund.
If a merchant has processed a transaction, received an authorisation but then now wants to cancel the transaction or make a reversal, they must not process another immediate transaction.
For example, if there was a mistake with the transaction amount can be done, but the reversal has to be the next transaction that a merchant processes after the transaction that has to be cancelled. This means a merchant cannot process a transaction for another customer and then go back to cancel a previous transaction.
In this case, a merchant would have to make a refund rather than cancel the original transaction. This would mean that a merchant is processing two transactions and its acquirer will have negotiated how this will be charged.
A floor limit is the maximum amount of money that can be charged to the cardholder without requiring an authorization.
Usually, the floor limit is set at zero. However, factors such as the nature of a business, cardholder not present transactions (CNP) or cardholder present transactions will determine the floor limit of a merchant’s terminal. Likewise, it applies even in the case of a split sale, which means that the customer makes a payment part in cash and part by card.
BREAKING DOWN 'Standard Floor Limit'
Credit card transactions have evolved as technology improvements and easier access to credit have increased credit card usage. Before the advent of high speed connections and systems integration, businesses with credit card terminals had to contact credit card companies when the transaction amount reached a certain limit i.e. the floor limit. This often required the business to call the credit card company to confirm that the cardholder had the available credit. It was the standard operating procedure when credit card transactions were completed by making a physical imprint of the card using an imprinting slide machine.
The standard floor limit may vary according to the credit card company, with some companies requiring authorization at lower thresholds. For example, a credit card issuer may require any purchase over $500 to be authorized by the business where the transaction is taking place. If the business is unable to authorize the transaction, it will be unable to complete the transaction and will have to void the sale.
Today, most credit card transactions go through an electronic authorization process. When a card is swiped or inserted into a terminal, the information from the card’s magnetic strip, chip, or PIN-and-chip is electronically transmitted to systems that verify that the cardholder has the available funds. Transactions that are conducted over the Internet, as well as other transactions that are not conducted face-to-face (e.g. over the phone), often have the floor limit set at zero, meaning that all transactions must be authorized.
The term floor limit comes from the days when it was the maximum amount which could be approved on the floor (of the retailer), beyond which the cash register operator would have to call for approval.
Floor limits were of more significance when most credit card merchants processed transactions by taking a physical imprint of the card rather than electronically swiping the magnetic strip, and obtaining an authorization required time consuming human intervention. With modern card reader, most merchants and banks will obtain an authorization even on very small charges, as it costs little to do so and helps protect against fraud. However, the concept of a floor limit may still come into play in certain cases. A few merchants still use the older system of taking a physical imprint of the card. Additionally, if the merchant or merchant's bank has trouble contacting the customer's bank due to computer network issues, transactions under a certain floor limit will still be approved electronically immediately.
Floor limits do not apply to certain types of debit card (such as Visa Electron and Solo), as these cards require authorisation for every transaction to prevent the cardholder becoming overdrawn.
If a store has a floor limit of $30.00, a purchase costing $29.99 (or less) would not need to be authorized by the customer's bank. However, a transaction of $30.00 (or more) would require authorization to confirm that the customer has the necessary funds available in their bank account.
A floor limit may cause an account to become overdrawn, even where the account holder does not have an authorized overdraft. In the EU the Payments Accounts Directive (S.I. No. 482/2016) provides for a basic bank account which is prohibited from having an agreed overdraft facility, however floor limits may force the account into an overdrawn position.
Glossary of Floor Limit
Fair Credit Reporting Act: The U.S. Fair Credit Reporting Act seeks to achieve fair, timely, and accurate reporting of credit information by regulating the activities of credit bureaus, limiting access to credit bureau information, and requiring that creditors reveal certain information regarding their use of credit bureau or third party information. Under the Fair Credit Reporting Act, you have the right to see the credit history maintained by a credit bureau about you (see credit report).
F.A.Q: Frequently asked questions. A set of often-asked inquiries about a given topic on a Web site. A site owner posts a list of the queries and answers, and then the user can access this FAQ at any time.
Federal Reserve: A central bank that monitors and influences the total supply of money and credit through its 12 regional offices. The Federal Reserve Board sets interest rates, maintains the flow of cash to local and regional banks, clears checks, provides deposit insurance, and maintains the stability and security of the U.S. banking system.
File Extension: The portion of a file name that corresponds to that file's type. Computer files are labelled using a standard: a name, a point, and a file extension. Example: AUTOEXEC.BAT has a file extension of BAT, indicating it is a batch file.
Finance Charge: The cost of consumer credit expressed as a dollar amount. A finance charge would include the following types of charges enforced by card issuers: interest, transaction fees and service fees.
Finance Company: A business that makes consumer loans, often to consumers not qualified for credit at a credit union or bank. Typically, the interest rates charged by a finance company are higher than those charged by other creditors.
Financial Institution: Any organization that provides financial services to merchants or individuals including, commercial banks, credit card banks, savings banks, credit unions, etc. (also: Acquirer, Merchant Bank).
F.I.P.S.: Federal Information Processing Standard
Firewall: A combination of specialized hardware and software designed to keep unauthorized users from achieving access to a networked computer system, and protect resources.
First Chargeback: A procedure in which an issuer charges all or part of the amount of an interchange transaction back to the acquirer in accordance with MasterCard policy.
Floor Limit: A specific dollar limit used to determine which Visa card transactions the card acceptor must authorize. If your business has a $1,000 floor limit, any transaction more than $1,000 will require authorization.
F.T.P. Site: A computer on the Internet that purposely stores files for users to FTP to their own computers. When the FTP site does not require the user to have a specific user ID and password, it is known as an "anonymous FTP site."
F.T.P.: File Transmission Protocol. A method for moving files from one computer to another; predominantly used on the Internet. Example: The master copy of this Glossary section resides on Visa's computer. When a change is made to the section, Visa uses FTP to transfer the updated files to the computer of its Internet Service Provider.
Electronic Merchant Systems. Retrieved August 18, 2011.
Professional Credit Card Fraud Investigators
Professional investigators of credit card fraud are trained in “electronic backtracking” of electronic and online transactions. These experts in information technology, financial security systems, and forensic accounting use high-tech methods to determine whether stolen card information has been used, either to make purchases, or to open new accounts. Such fraud investigators can often stop the opening and using of secondary accounts, minimizing the damage to the cardholder and card issuer.
Federal Government Investigators
Both the Federal Trade Commission (“FTC”) and the U.S. Secret Service play significant roles in the prevention and prosecution of credit card fraud. Because of the high incidence nation wide, however, these agencies primarily provide oversight and legal support for state, local, and corporate fraud investigations. The type of action taken by these federal authorities depends on the amount and magnitude of the crime. For example, the FTC takes complaints of criminal credit card activity, connects victims with the applicable consumer protection agencies, and refers the cases to the appropriate law enforcement agencies. If the case involves fraud over the amount of $2,000, however, the FTC will initiate a credit card fraud investigation directly.
Albert Gonzalez Hack of TJX Companies
American computer hacker Albert Gonzalez is said to have masterminded the hack of 45.6 million credit and debit card number from the TJX Companies (doing business as “TJ Maxx”) in 2006 and 2007. Gonzalez claims a breach of 40 million consumer records stored by CardSystems Solutions, the now-defunct credit card processing company, as well as a host of other high-tech credit card fraud schemes. Albert Gonzalez was finally arrested in May 2008 on charges related to his hacking of the Dave & Buster’s corporate network, which garnered another 5,000 credit card numbers, from which fraudulent transactions resulted in $600,000 in fraudulent transactions.
In 2009, Gonzalez entered into a plea bargain in which he plead guilty to 19 charges against him in the “TX Maxx case,” for which he received a 20 year sentence to federal prison. Two years later, Gonzalez attempted to withdraw his guilty plea, claiming that, at the time of the crimes, he had been officially assisting the U.S. Secret Service in drawing out international cybercriminals. The Secret Service failed to back up his story, however, and Gonzalez is serving out his sentence in Leavenworth prison, with an expected release date of 2025.
Credit Card Fraud Statistics
Credit card fraud statistics show that, although credit card fraud affects less than one-half of one percent of all credit card/debit card transactions in the U.S., it weighs heavily on the minds of American consumers. This is thought to be due to the media hype of the worst case scenario. Many consumers are unaware that they are protected from liability due to credit card fraud by both federal law and the credit issuers. The reality is that financial institutions and card-accepting merchants bear the financial burden of financial losses due to credit card fraud. For instance, according to Nilson Reports, in 2016, card issuers shouldered a 63 percent share of the fraudulent losses, with merchants taking on the remaining 37 percent.
It’s a sinking feeling. You’ve just enjoyed an excellent dinner and given your credit card to the waiter. Ten minutes later, the waiter is back at your table suggesting that maybe you want to use another card.
Welcome to the growing club of credit card theft victims. You are not alone. The numbers can be staggering. Study the infographic below and grasp the following key figures:
- Credit card fraud resulted in losses of 1.27 billion during 2012.
- Card issuers incurred 63% of those losses and merchants suffered 37%
- In 2012, America made up 47.3% of the global payment card fraud loss
- 67 percent more Americans were hit by financial data theft in 2012 than in 2010
Other credit card fraud statistics break down as follows:
- 2016 credit/debit card fraud losses amount to $11.27 billion: primarily due to use of counterfeit cards at point of sale transactions, and card-not-present transactions done online, through a call centre, or through mail order.
- 2016 credit/debit card fraud gross losses amount to 5.22 cents per $100.
- As of 2016 retailers spend $6.47 billion annually on credit card fraud prevention, while still incurring $580.5 million in losses.
Computer data breaches account for a large percentage of the information used in committing credit card fraud. The largest credit card data breaches since 2005 include:
Number of Accounts Affected
TJX Companies, Inc.
U.S. Veterans Affairs
Fidelity National Information Services
Heartland Payment Systems
Bank of New York Mellon
Hannaford Bros. Supermarket Chain
Source: CSO Online
The Nation’s Stress Over Credit Card Fraud
In 2016, the top three stressors to American consumers were:
(1) identity theft,
(2) credit card/debit card fraud, and
(3) national security related to terrorism.
Nearly 60 percent of American consumers were very worried about the possibility that someone might obtain their credit or debit card information, and use it to make fraudulent purchases. In addition, 39 percent of American consumers distrusted online security for purposes of banking or shopping.
Related Legal Terms and Issues
- Fraudulent Transaction – Purchases or transfers made by one individual using another individual’s credit card, debit card, or bank account.
- Plea Bargain – An agreement by which a defendant pleads guilty to a lesser criminal charge, usually to avoid a lengthy and costly trial, as well as to gain a more favourable sentence.
Banks can’t fight online credit card fraud alone, and neither can you
Online credit card fraud is on the rise in Australia, but pointing the finger at any one group won’t help. It’s an ecosystem problem: from the popularity of online shopping, to the insecure sites that process our transactions, and the banks themselves.
A recent report from the Australian Payments Network found that:
- the overall amount of fraud on Australian cards increased from A$461 million in 2015 to A$534 million in 2016
- “card not present” fraud increased to A$417.6 million in 2016, up from A$363 million in 2015
- 78% of all fraud on Australian cards in 2016 was “card not present” fraud.
“Card not present” fraud happens when valid credit card details are stolen and used to make purchases or other payments without the physical card, mainly online or by phone.
While these numbers may seem alarming, it’s important to put them in context. Australians are increasingly carrying out transactions online; the report notes that we made 8.1 billion card transactions totalling A$715.5 billion in 2016.
The shift towards online credit card fraud also comes at the cost of other types of fraud. Cheque fraud, for example, was down to A$6.4 million in 2016, from A$8.4 million in 2015.
Still, it’s fair to ask: are the banks doing enough to keep our details secure?
The banks and security
The banks currently have a range of measures in place to protect customers from card fraud:
- Chip and pin: Australia mandates the use of “chip and pin” technology. This replaced the need to swipe the magnetic strip on credit cards and is recognised as being more secure.
- Two-factor authentication: Many Australian banks use text messages or tokens that generate a unique, time-limited code to help verify the legitimacy of transactions.
- Monitoring of customer habits: Australian banks typically have a complex set of algorithms that monitor the spending habits and transactions of their customers. They frequently have the ability to identify a suspicious (often fraudulent) transaction and block it.
Overall, Australian financial institutions are investing time and technology into the prevention of fraud. However, recent allegations that the Commonwealth Bank of Australia breached anti-money laundering laws suggest that the big banks are not immune from the problem.
Data breaches and malware
Credit card fraud is going where the action is.ccording to the research company Neilsen, “nearly all online Australians have used the internet to do some form of purchasing activity”. This means that Australians are increasingly sharing their credit card details with companies around the world.
Large-scale data breaches are a common occurrence. Many organisations have been compromised in some way, including Australian companies like Kmart and David Jones. A variety of personal information can be exposed, and this often includes customers’ credit card details.
Batches of stolen credit card details can be sold on the dark web to other motivated offenders. In one UK example, such details were being sold for as little as £1 per card.
Offenders are also using different types of malware, or computer viruses, to obtain the personal information of unsuspecting victims. In many cases, this includes bank account and credit card details through successful phishing attempts (or spam emails).
The liability fight
Banks will generally refund customers for any fraudulent losses incurred on their credit cards. However, customer must take “due care with their confidential data”.
There is also an onus on the customer to check their credit card statements and notify their bank of any suspicious activity.
But this may not always be the case. In 2016, the former Metropolitan Police Commissioner in the UK made headlines for suggesting that customers should not be refunded by banks if they failed to protect themselves from fraud.
Instead, he argued that customers were being “rewarded for bad behaviour” rather than being encouraged to adopt cyber-safety practices, such as antivirus software and strong passwords.
These statements were met with anger by many advocacy groups who equated them with victim blaming. It was further exacerbated by a leaked proposal by the City of London Police to shift the responsibility of fraud losses from banks to the individual.
While this recommendation was never adopted, the tension may continue to grow when it comes to fraud liability.
Looking for answers
Pointing the finger of blame at any one party is not a constructive solution. Banks alone cannot combat online credit card fraud. Neither can their customers.
There are simple steps to reduce the likelihood of online fraud: having up-to-date antivirus software and strong passwords is an important step. There are sites such as haveibeenpwned that demonstrate how vulnerable and exposed our passwords can be.
Pwned Passwords: Pwned Passwords are half a billion real world passwords previously exposed in data breaches. This exposure makes them unsuitable for ongoing use as they're at much greater risk of being used to take over other accounts. They're searchable online below as well as being downloadable for use in other online system.
Still, it’s difficult to protect against social engineering techniques used by offenders to manipulate victims into handing over their personal details. Not to mention, the risks posed by third-party data breaches, which are beyond the control of individuals.
The introduction of mandatory data breach reporting legislation in Australia in 2017 may have a positive impact. By requiring organisations to let their customers know when their personal information has been compromised, individuals can be proactive about cancelling cards, changing passwords and taking out credit reports to check for fraudulent activity.
Businesses also need to recognise the importance of protecting their customer information. It is critical to overcome the mentality that cybersecurity is simply a technology problem or an IT issue. It should be firmly on the corporate management agenda.
Fraud is inevitable, regardless of the technology being used. Collaborative efforts between banks, businesses, government and individual consumers must improve.
No one group alone can effectively end online credit card fraud. Nor should they be expected to. According to PULSE Study: Debit Fraud Loss Rates Decline After Chip Cards Introduced dated August 14, 2017 the 2017 Debit Issuer Study finds continued growth in debit and mobile wallet enrollment;
HOUSTON--(BUSINESS WIRE)-- According to the 2017 Debit Issuer Study, commissioned by PULSE, one of the nation’s leading debit/ATM networks, U.S. financial institutions substantially increased issuance of chip debit cards in 2016 and experienced reduced fraud losses. Since the fraud liability shift for most debit transactions took effect in 2015, an estimated 80 percent of U.S. debit cards have been converted to chip cards. The study also found that fraud loss rates dropped by approximately 28 percent in 2016 compared to 2015 levels.
Nonetheless, the 12th annual Debit Issuer Study confirmed that fraud continues to challenge issuers. U.S. financial institutions lost an estimated $900 million to debit card fraud in 2016.
“The financial services industry has taken a number of measures that likely impacted the reduction in fraud losses for debit card issuers,” said Jim Lerdal, Vice President of Fraud and Risk Management for PULSE. “Among them are the conversion to chip debit cards, greater use of tokenization in mobile commerce and continued investment in fraud-mitigation solutions.”
But reducing card fraud is not a simple prospect.
“The more financial institutions tighten fraud-tolerance limits, the more they risk negatively impacting the cardholder experience,” said Lerdal. “It is a balancing act because declining potentially fraudulent transactions could lead to ‘false positive’ fraud identification, which can frustrate account holders and potentially drive them to other methods of payment.”
Mobile wallets see increased enrollment, but low usage
The study also found enrollment of debit cards into Apple Pay increased 80 percent in 2016. Key findings include:
- Three out of four issuers now support debit cards being loaded into at least one mobile wallet.
- Enrollment among consumers also has increased, with Apple Pay remaining the most popular mobile wallet of the big three “Pays,” which include Android Pay and Samsung Pay.
- Despite this momentum, usage of debit cards in mobile wallets remains low. Combined, Apple Pay, Android Pay and Samsung Pay account for only about one-quarter of 1 percent of U.S. debit transactions.
Continued growth of debit
Debit card usage grew in 2016, driven by an increase in both the overall card base and transactions per active card. Study findings include:
- The total number of debit transactions continued to increase, rising an average of 7 percent year-over-year in 2016 for the issuers in the study.
- The number of debit transactions per active consumer card reached a record high of 23.6 transactions per month, which represents a 6 percent increase over results report in the 2016 study.
- The number of debit cards increased 1 percent year-over-year.
“This year’s study confirms that debit remains a core part of the expanding payments landscape, even as new forms of payment emerge,” said Steve Sievert, Executive Vice President of Marketing and Brand Communications for PULSE. “The average consumer now uses their debit card 39 percent more often than they did in 2010, and for more transactions of lower value, indicating that debit is a fundamental financial tool for their everyday lives.”
Chip card growth likely to slow as transition plateaus
Issuers have put chip debit cards in the hands of consumers at a faster pace than anticipated in last year’s study. “Chip-on-chip” transactions – those conducted with chip-enabled cards at chip-enabled terminals – amounted to 30 percent of all debit transactions in January 2017, a 650 percent year-over-year increase.
“The growth of chip-on-chip transactions is likely to slow as the card base migration concludes,” said Tony Hayes, a Partner at Oliver Wyman who co-led the study. “In addition, many transactions are not chip-eligible, such as online purchases and fuel dispenser transactions.”
About the Study
The 2017 Debit Issuer Study is the 12th installment in the study series, commissioned by PULSE and conducted by Oliver Wyman, an independent management consulting firm. The study provides an objective fact base on debit card issuer performance and financial institutions’ outlook for the debit card business. Fifty financial institutions – including large banks, credit unions and community banks – participated in the study. Collectively, the participants issue approximately 134 million debit cards. The sample is representative of the U.S. debit market in terms of institution type, geography and debit network participation.