If you are a merchant or run a payment card issuing organization, you are likely already familiar with EMV technology, and the fact that more credit and debit cards in use contain chips to go along with magnetic stripes. What you may not understand, however, is that chargeback liability has shifted now that EMV adoption is underway in the United States. Merchants now have more liability than ever before for transactions that are processed at their business, which is determined based on the following factors:
- Whether or not the merchant has an EMV chip-enabled device to process payments
- Whether or not the customer was issued an EMV card from their financial institution
- Whether or not the merchant properly processed an EMV card before fraud occurred
Counterfeit fraud cost banks $3.4 billion and merchants another $1.9 billion in lost revenue in 2012. The switch to EMV technology is aimed at reducing instances of fraud so transactions remain safe for customers and merchants. It is important to understand your liability for transactions under new EMV guidelines so you can protect your business moving forward.
How Does Chargeback Liability Work For EMV?
The Big News for EMV
You now have more liability than ever for transactions processed at your business.
All credit card companies are switching to Europay, MasterCard, and Visa (EMV: The three companies that created the standard) chip cards.
As of October 2015, U.S. payment networks are implementing EMV “fraud liability shifts.” So, who is responsible for what under the new conditions?
If The Merchant Does Have An EMV Chip-Enabled Device:
- If the card machine can’t read the chip or if it’s not set up properly, the merchant is liable.
- DO NOT PROCESS CARDS WITH CHIPS MANUALLY; the merchant assumes 100% of the risk if a card with a chip is not processed using the chip.
- If a card is lost/stolen and used at an EMV-compliant merchant, the card issuer is liable.
- Any card with a chip must be processed with the chip. If the mag stripe data is stolen from a chip card, a counterfeit could be created, but Visa/MC/AmEx would still hold the merchant responsible.
NOTE: If the merchant has an EMV chip capable machine, but the programming on that machine is not updated to enable the cards to be processed using the chip, then the merchant is 100% liable for any fraudulent transactions or chargebacks that occur on their account.
If The Merchant Does Not Have An EMV Chip-Enabled Device
If the chip card is stolen and fraudulently swiped in a store that is not EMV-ready, the merchant is liable. Same if the magnetic stripe data is stolen at a non-EMV-compliant store.
- If the stripe data is copied from the chip onto a counterfeit card and swiped at a non-EMV-compliant store, the merchant or acquirer is held responsible.
- If the card used is magnetic swipe only, even if the contact chip is enabled or not, the merchant is at fault.
Other Things To Note:
- Gas stations and ATMs have until 2020 to make the shift before the liability shift affects them, even if the merchant uses a device that has mobile card acceptance technology.
- Online fraud is responsible for more vanished revenue than direct loss of product or service. Counterfeit fraud cost banks $3.4 billion and merchants another $1.9 billion in 2012.
Sources:
http://www.fraudpractice.com/fl-paychargeback.html
http://www.emv-connection.com/downloads/2015/05/EMF-Liability-Shift-Document-FINAL5-052715.pdf
http://www.creditcards.com/credit-card-news/understanding-EMV-fraud-liability-shift-1271.php
http://www.emv-usa.com/faq/what-happens-when.html