Menu

Navigating the EMV Liability Shift

What does “liability” mean? Why did it shift? Where did it shift to?  All your questions answered here.

Merchant adoption of EMV technology to process chip cards is in full swing. Since the fraud liability shift was implemented in the U.S. beginning October 2015, merchants have begun converting their payment terminals to EMV compliant versions capable of securely processing chip cards with EMV technology. Visa reported in January 2017, that chip card transactions accounted for 46 percent of the company’s in-store payment volume, with the 800 million chip transactions representing a 359 percent year-over-year increase.

The steady increase in merchant adoption of EMV is directly related to the date the liability shifted in October, 2015. So, what is the liability shift, and how does it impact your business? Read along to learn more.

In-store transaction liability shift

Prior to October, 2015, merchants were not routinely held responsible for fraudulent transactions that occurred through no fault of their own. Card issuers covered the financial cost of that fraud. After the liability shift however, assigning “fault” became a lot more complicated.

The basic underlying rule about the shift in liability is:

Card-present counterfeit fraud liability shifts to the party—either the issuing institution or the merchant—that has not invested in chip technology.

Either the card issuer or the merchant will be found at fault. So, which one is it? It depends on a lot of factors—primarily which party neglected to implement EMV.

With a card-present, counterfeit instance of fraud, the card issuer will be liable if the card was not a chip card, since it’s the issuer’s responsibility to issue chip cards. If it was in fact a chip card and the merchant didn’t process it with an EMV-capable terminal, then the liability shifts to the merchant. If both the merchant and the issuer have implemented EMV, the liability remains with the issuer.

Though this is perhaps the most common scenario, there are many various applications of the EMV liability rules that may cause confusion. Using a basic chip terminal protects merchants from liability when the type of fraud in play is use of a counterfeit or cloned card. In the case of a lost or stolen card, the liability can change depending on the card brand, the card type, and the method of processing. Visa did not implement a liability shift in the case of lost/stolen card fraud, leaving liability with the issuer. Mastercard, Discover and American Express however, did implement a shift for lost/stolen card fraud, depending on the type of card (chip and signature, chip and PIN) and the type of terminal used to process it (non-chip terminal, EMV chip terminal, with or without PIN pad).

But if you’re processing a chip and PIN Mastercard, Discover or American Express chip card with a chip card terminal that does not have a PIN pad, the liability changes.

And of course, failing to process a chip card with a chip terminal, regardless of whether it’s counterfeit or lost/stolen fraud, and with or without a PIN pad, will result in the merchant having liability for the chargeback. Unless it’s a Visa card and the fraud method was lost/stolen. The liability has not changed for lost/stolen Visa chip cards.

Here’s a cheat sheet with the various card type/acceptance method variables broken down and sorted for quick reference.

ATM and automated gas pump shift in liability

If you operate an automated fuel dispenser (AFD) or own an ATM machine, there are special liability deadlines and rules that apply to you.

The liability shift affects ATMs differently depending on the card brand. While Mastercard set their ATM EMV liability shift for October, 2016, Visa and the other major card brands have given ATM operators until October, 2017 to become EMV compliant. The liability shift impacts all ATM operators, whether they’re banks, credit unions, or owned by individual parties. Mastercard’s 2016 liability shift only applies to counterfeit fraud. The issuer maintains liability for lost/stolen fraud.

Automated Fuel Dispensers (AFD) were set to undergo the liability shift this October, 2017, a full two years after the in-store shift. However, in response to industry feedback about the challenges of EMV upgrade/replacement efforts for this segment, Visa, Mastercard, Discover and American Express all agreed to move the deadline for AFDs to October, 2020.

Fallback transactions protect against technology failure

Fallback is the term used when a normal chip transaction cannot be completed at a chip-capable terminal. This occurs when the chip card, chip-reading device or terminal is malfunctioning and the transaction is completed using magnetic stripe or key entered. All fallback transactions must be authorized online and properly identified as fallback by sending the correct POS Entry Mode and Terminal Entry Capability values. The issuer assumes liability for properly formatted fallback transactions, approved by the issuer. Chip transactions which are declined by the issuer, or where the issuer has blocked the card or all applications on the card supported by the terminal, must not be attempted in fallback.

Chargebacks increase significantly without EMV technology

A lot of merchants wonder what liability means and how they will be impacted by the shift. Liability is essentially leveraged as a chargeback. Merchants have always received chargebacks, but not for fraud. Cardholders are still somewhat protected from fraud that may occur but the liability shift means that merchants will be paying for losses they could have played a role in preventing.

Merchants that sell goods are in a particularly disadvantageous position with regard to fraud as they must pay out to refund the false charges on the cardholder’s card and pay the chargeback penalty fee levied by the card brands, all while losing the value of the item that went out the door with the fraudster. For merchants selling high dollar items, this can be particularly painful.

The perceived likelihood and potential severity of chargebacks has played a role in individual merchants’ decisions about whether or not to implement EMV immediately following the liability shift. But many merchants based that decision on their past chargeback history, failing to realize the number of fraud chargebacks they avoided in the past because of the issuers holding liability. Seeing a sharp increase in chargebacks led many merchants to move more quickly toward implementing an EMV solution.

The cost of fraud in the U.S. rises

Those merchants who have still not made the EMV conversion should brace for even more fraud in the future. Nearing the 50 percent merchant conversion mark means there are 50 percent fewer vulnerable merchants for fraudsters to target. With half as many brick and mortar merchants to choose from, the likelihood that those merchants without EMV technology will be bearing a disproportionate burden of fraud significantly increases.

A 2016 LexisNexis fraud report shows an eight percent increase over the previous year in the cost per dollar of fraud losses from $2.23 to $2.40. So, for every dollar of fraud loss, it costs merchants $2.40 based on chargebacks, fees and merchandise loss. And it’s certain to continue rising, both in physical stores without EMV technology, and in the eCommerce channel as well, since EMV only applies to card-present transactions.

Protecting your business from the highly lucrative fraud industry and avoiding an increase in fraud chargebacks with EMV technology is going to become increasingly important as more merchants adopt EMV.

Customer expectations?

Top 5 questions about EMV

  1. What is EMV?
  2. EMV stands for Europay, MasterCard, Visa and is a standard based on smart card technology that can help protect your business and your customers from financial loss due to the fraudulent use of payment cards at your business.

  3. How do EMV chip cards work?
  4. Chip cards generate a one-time code with every transaction making it nearly impossible to create counterfeit cards for use in stores.

  5. What are the main benefits of EMV?
  6. EMV reduces the risk of counterfeit card fraud, lost or stolen card fraud (with chip and PIN), reduces card skimming at the POS, and accepts foreign cards that are already EMV enabled .

  7. Why is the EMV transition happening?
  8. EMV adoption around the world over the past several decades has driven more fraud to the United States. The U.S. is the last major economy to adopt EMV, and will need to modify many of its processes and technologies to fit into the EMV model.

  9. What does EMV mean for my customers?
  10. EMV chip cards can help customers have a safe and seamless experience at the POS. They know these cards will help them shop safer, so they will likely choose merchants who accept chip cards with EMV terminals over those that do not.

How to upgrade your system to EMV

If you haven’t yet upgraded your systems to implement EMV technology to securely accept chip cards, now is a great time to do so. In the early days of EMV adoption, some merchants had difficulty getting EMV technology solutions from their preferred vendors due to a shortage of available solutions.

Today, getting the equipment you need shouldn’t be a problem as most vendors and payment processors have had sufficient time to solve those initial EMV adoption headaches. In fact, it’s affordable and easy to get an EMV terminal with a PIN pad that also has encryption, tokenization, and near field communication (NFC) capability to enable contactless and mobile payments acceptance.

Contact Vantiv to ask about our EMV solutions, or to get more information about securing your customers sensitive data at your business.

 

Make payments more secure

Safer Payments

EMV Basics for Merchants

Chip-card 101 for merchants
Dive In
Safer Payments

EMV Q&A

Patty Walters is the senior vice president of Merchant Products and Security at Vantiv—a role that gives her responsibility for all EMV strategy for the Vantiv Merchant business.
Dive In
Safer Payments

5 Reasons Why You Should Upgrade to EMV Acceptance

Chip cards generate a one-time code with every transaction making it nearly impossible to create counterfeit cards for...
Dive In