EMV has tackled card fraud but criminals are focusing elsewhere, including prepaid cards and online ID verification methods, aided by data breaches and the criminal exchange of consumer data. The Card fraud trends, threats and tactics report, by Javelin and FIS, identified these key trends in card fraud:

• Criminals are increasingly opening fraudulent accounts in victims’ names. The number of victims of fraudulent card accounts in 2017 rose to 1.6 million from 0.9 million in 2016.
• An increasing number of credit cards now meet the EMV standard, so criminals are focusing on less lucrative debit and prepaid cards. In 2017, roughly 3.4 million people lost control of their prepaid cards – nearly three times as many as the previous year, while debit card fraud victims rose from 5.2 million to 6.6 million. But the overall amount of cash stolen has been steadily falling over the past few years, from $9.7 billion in 2014 to $8.1 billion in 2017.
• Breaches of all data, including personally identifiable information (PII) and card information, increase risks. The precipitous rise in data breaches means that nearly all consumers’ personal details are for sale on underground forums, increasing the risk that any customer can be affected by fraud.
• Malware ranges from rudimentary software, such as keyloggers, to more advanced crime kits, which can include remote access Trojans and the ability to intercept ID data and circumvent identification and authentication controls. Criminals have also taken to conning customers and employees into releasing PII and granting access to accounts by phone, email, and even SMS texts.
• As EMV becomes ubiquitous, fraud is shifting online, where it is more difficult for merchants and issuers to immediately prevent fraud.
• The total time victims of spent resolving card application and transaction fraud more than doubled over the past two years, rising from 45 million hours in 2015 to 100 million in 2017. However, card application fraud is the more complex of the two to resolve, taking roughly 17 hours for victims to sort through details. That’s almost three times as long as victims of existing credit card fraud take working through their issues. This results, unsurprisingly, in those customers’ feeling frustrated and often quitting their banking relationships.