PayPal president David Marcus has fallen foul of crooks who swiped the details of his EMV card and used the information to go on a shopping spree.
My card (with EMV chip) got skimmed while in the UK. Ton of fraudulent txns. Wouldn't have happened if merchant accepted PayPal...- David Marcus (@davidmarcus) February 10, 2014
My card (with EMV chip) got skimmed while in the UK. Ton of fraudulent txns. Wouldn't have happened if merchant accepted PayPal...
@alexvans @dgwbirch they most certainly skimmed the mag stripe and used it as an intl card in store.- David Marcus (@davidmarcus) February 10, 2014
@alexvans @dgwbirch they most certainly skimmed the mag stripe and used it as an intl card in store.
What Marcus could have said was "wouldn't have happenned if EMV was mandated everywhere".
His mag stripe got skimmed and the fraudster was able to make a mag stripe transaction because (I assume) his card was issued in the U.S. and merchants around the world accept that U.S. = mag stripe.
I had the same issue in reverse. My UK EMV card was skimmed and the mag stripe data used in the U.S.
CNP fraud may still exist post EMV but the common theme here is: Mag stripe in the U.S. facilitates fraud at the terminal.
alternative headline "PayPal chief admits that paypal acceptance is incredibly poor and has to resort to using a much more widely accepted instead"
A couple of important things to note here:
PayPal is a huge magnet for fraud - the LAST place I'd want to see it widely adopted is on the high street.
Furthermore, EMV does not eliminate the fraud issue - as an earlier poster quite rightly stated, it simply shifts most of the fraud to CNP transactions.
Fraud will only be eliminated when merchants adopt technologies whereby the personal and payment details of the consumer need not be transferred to the merchant in order to execute the transaction.
"Ton of fraudulent transactions"? Assuming his card was used at a UK retail PoS terminal, the merchant would have invariably gone 'on-line' for auth. The Card Issuier would have seen previous transactions being undertaken with EMV verification which would
have then stopped. Given that the auth message from the merchant to the card issuer would have made it clear it was a 'fallback' transaction, one would have thought that something was awry and triggered an alert of some sort. I wonder how many transactions
equate to a 'Ton' before they noticed?
If true, it does beg the question as to (a) why bother going on-line for auth in the first place and (b) why bother flagging a transaction as fallback from EMV to mag Stripe if the card issuers not going to do anything about it....
if the card is (mis)used in the USA the transasction doesn't "fall back" as the majority of terminals only supports magstripe. What should have happened is that his UK/US transaction should have triggered an alert if the timing wasn't right.
I would image that either the bank in question doesn't want to stop its high net worth customers from being declined so just pays away and accetps the risk or its fraud system flags the problem after the payment and they rely on the relationship manager
contacting the customer.
Either way, the issue really isn't EMV, but magstripe and its continued use.
This type of comment just displays the size of the task facing right minded payments professionals who just want to make the USA understand that whilst EMV is not perfect, and is not a short term solution due to the cost of migration, .. Long term - its
the only way to go.... US MBP's and share prices cater for escalating fraud YOY - they probably cant cater for long term investment (sadly) as the analysts would not understand.
Does Paypal publish its fraud figures from phished or hacked accounts?
Hmmm. I'm thinking "Terminal Capabilities" field - showing EMV Capable Device but a Technical Fallback to Magstripe for an ICC Card (Service Code 2xx) - surely his Issuers system would raise an eyebrow to that one.
Seems like a PR stunt to me...
Going by this article written by Zilvinas Bareisis of Celent (http://bankingblog.celent.com/2014/02/the-challenge-of-making-mobile-payments-work-at-the-pos/), Mr. David Marcus would have had a tough time putting through a single in-store transaction with
PayPal. No transaction, no fraud. Ergo, Marcus is absolutely right, just not for the reason he'd have us believe.
© Finextra Research 2015