GS Logo
The Green Sheet, Inc

Please Log in

Banner Ad
View Archives

View flipbook of this issue

Care to Share?


Table of Contents

Lead Story

2015 in review

Patti Murphy

News

Industry Update

Target to pay $39 million to MasterCard issuers

FTC kills telemarketers' remotely created payments

Mobile tech drives global holiday spend

Black Friday lives on amid expanding alternatives

Features

Redesigning financial services for Millennials: A conversation with Max Levchin, co-founder and CEO of Affirm

U.S. EMV - outside looking in

China on mobile fast track

Views

Tools of the tradeoff

Dale S. Laszig
DSL Direct LLC

Will new payment schemes bump card brands aside?

Ken Musante
Eureka Payments LLC

Education

Street SmartsSM:
What does the crystal ball say for 2016? - Part 1

Jeffrey I. Shavitz
TrafficJamming LLC

EMV liability shift: Who's liable for what - and when?

Allen Friedman
Ingenico Group

Now more than ever, managing e-commerce risk matters

Kirsty Tull
BillPro

Company Profile

Benseron Information Technologies Inc.

New Products

All-in-one Android POS for small business

Sircle POS
Sircle POS

Versatile mPOS solution for all

Infinea
Infinite Peripherals Inc.

Inspiration

Realize your potential

Departments

Readers Speak

Letter from the editors

Resource Guide

Datebook

Skyscraper Ad

The Green Sheet Online Edition

December 28, 2015  •  Issue 15:12:02

previous next

EMV liability shift: Who's liable for what - and when?

By Allen Friedman

The EMV (short for Europay, MasterCard and Visa) liability shift is currently top-of-mind for anyone in financial services or retail. But confusion persists about what the liability shift really means and who's liable for what – and when.

First, some background on EMV. We talk with a lot of retailers (particularly small and medium-sized ones) who don't really understand why we are moving to EMV in the first place. In a nutshell: credit card fraud.

Credit card fraud is an epidemic in the United States. Our country has been hit particularly hard because we have relied on magnetic stripe technology rather than the more secure EMV. The United States is the last developed country in the world to move to EMV. Over time, as other countries have standardized on EMV, credit card fraud increasingly has migrated to the United States. Criminals sought the weak link, and it was here.

EMV is a global payment standard that relies on the microprocessor chip embedded in cards as opposed to the less secure mag stripe cards that store data on a band of magnetic material on the card, which can easily be retrieved.

Aite Group LLC reported that Americans lose $8.6 billion to credit card fraud annually, and this number is expected to reach $10 billion in 2015, according to the Nilson Report. Having EMV in place, and using it to process the majority of card-present transactions in the United States, should help reduce that number over time.

Why EMV is effective

According to Aite, counterfeit fraud has fallen 56 percent in the U.K. since the country rolled out EMV cards in 2005. In Australia, counterfeit fraud is down 38 percent; in Canada it's down 49 percent.

EMV helps because it:

So what is the liability shift?

To drive the EMV migration in the United States, the card brands set a liability shift deadline of October 2015 for merchants to upgrade their payment infrastructure. (The exact date of the deadline differed by card brand.)

Before October 2015, the chargeback liability from credit card fraud always fell on the card issuer. Now, this liability shifts to the merchant in certain scenarios. It's important to note that this shift is dependent on two important components. First is the use of EMV cards; second is the use of EMV chip-enabled payment solutions (mobile and smart terminals). Where the liability falls depends on both the type of card used by the customer and the capabilities of the terminal used by the merchant (EMV-enabled or mag stripe).

Determining the type of liability shift

Many people don't realize there are two types of liability shifts. To determine which applies to a given situation, one must first define the type of fraud at hand – is it counterfeit card fraud or stolen card fraud?

Next, follow the general premise that the party supporting the superior technology for each fraud type will prevail in a chargeback. For issuers, that technology is represented by the EMV chip cards; for merchants, it's EMV-ready terminals. In case of a technology tie, the fraud liability remains as it is today: with the issuer.

Liability shift for counterfeit cards

This scenario applies to Visa Inc., MasterCard Worldwide, American Express Co. and Discover Financial Services. In this scenario a counterfeit credit card is in play in a fraudulent transaction. Post October 2015, if a merchant accepts a counterfeit mag stripe card (created from an EMV chip card or transaction data) at a payment terminal or mPOS device that is not EMV-ready, the merchant will be liable for the chargeback resulting from the fraud.

The counterfeit card created from an EMV card or transaction data can only be processed at a mag stripe-only terminal. If the merchant's payment solution is ready to accept EMV transactions, this counterfeit card will not be processed, thus, saving the merchant from the liability.

Here are some other instances that show the liability shift in case of counterfeit cards:

Liability Shift in case of Counterfeit Cards

The only caveat here is in the case of a fallback transaction – which is a transaction that is initiated between a chip card and a chip terminal, but chip technology is not used (due to card reader error, damaged EMV chip, etc.) and the transaction is completed via mag stripe. Since fallback transactions are initiated as an EMV transaction but end up as mag stripe, the liability remains with the card issuer.

Liability shift for stolen cards

This scenario applies to MasterCard, AmEx and Discover and occurs when a stolen EMV chip card is in play in a fraudulent transaction. Post October 2015, if a merchant accepts a stolen EMV chip card that requires a PIN using a payment terminal or mPOS device that does not support EMV with PIN entry, the merchant will be liable for the chargeback resulting from the fraud.

This liability shift does not include No CVM (Cardholder Verification Method) transactions that meet the No CVM requirements of the card brand or network. No CVM transactions are typically low-dollar transactions with merchants in low-risk categories such as fast food, convenience and grocery stores. In this situation, the issuer-set transaction threshold allows for the payment to go through without the need for a PIN or signature.

Here are some other instances that show the liability shift in case of stolen cards:

Liability Shift in case of Stolen Cards

The only caveat to this scenario is in case of a PIN bypass. In a chip and PIN transaction, a cardholder can bypass the PIN and process the transaction without it being entered, only if the merchant's terminal provides the cardholder the option. In this scenario, PIN bypass indicators are sent in the authorization request to the issuer. If the issuer chooses to approve the transaction, the issuer accepts the liability on that transaction.

Risks of not migrating to EMV

So far I've explained how liability of a fraudulent card transaction shifts to the merchant in certain scenarios. Following are the risks merchants face if they are not ready to accept EMV transactions post the deadline:

By upgrading their payment infrastructures to support EMV, merchants not only protect themselves from fraudulent transaction liability, but they also safeguard their brand image in the eyes of the consumer.

Allen Friedman is Vice President of Payment Solutions at Ingenico Group, North America where he is responsible for Ingenico Group's EMV Payment Solutions and the EMV implementation strategy in the United States. Prior to joining Ingenico Group, Allen worked for Vital Processing Services (now TSYS Acquiring Solutions) in Tempe, Arizona, beginning in 1999 and during his fifteen-year tenure held a variety of management positions in technical support, solutions implementation, and product management. In addition, Allen has been a member and active participant in the EMV Migration Forum since its founding, and he continues to serve on several committees and working groups. Also, he is an active contributing member of the Smart Card Alliance Payments Council. For more information, contact him at allen.friedman@ingenico.com or visit www.ingenico.us.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | Harbortouch | USAePay | IRISCRM.COM