There is a lot for merchants to learn about EMV and Fraud liability shifts. Ignore the change at your peril!
From Creditcard.com:
After Oct. 1, 2015, in-store counterfeit fraud liability shifted to the party — either the card issuing financial institution or the merchant — that has not yet adopted chip technology.
“The liability shift protects the entity who offers the greater level of security by holding the other entity with less secure systems responsible for fraud,” said Carolyn Balfany, safety and security expert at MasterCard. “For example, if fraud occurs when a chip card is inserted into a terminal that hasn’t been upgraded, the merchant is responsible for the fraud.”
Prior to this shift, credit card issuers were primarily responsible for covering fraud affecting consumer accounts, reimbursing cardholders for lost funds as a result of counterfeit (or other) fraud. As of Oct. 1, 2015, financial institutions will still cover cardholders’ accounts as before, but in some cases the institutions may be able to seek reimbursement from the merchant or merchant acquirer (a bank or company that processes payments on behalf of a merchant) if the retailer was not prepared to accept EMV payment technology.
“Whoever has the lowest level of security essentially is now responsible for that unauthorized transaction,” said Doug Johnson, president of American Bankers Association.
However, the change doesn’t necessarily mean merchants will be bearing the brunt of fraud charges. There are still a greater number of situations in which the card issuer would continue to shoulder fraud chargeback costs just as they do now. “If both parties have upgraded security, then the environment remains precisely as it is now. The bank would reimburse the customer just as they do now,” Johnson added
It’s important to note that the liability shift only pertains to counterfeit fraud tied to EMV chip cards, as they will still have magnetic stripes that could be hijacked. The liability shift will not apply to large scale data breaches or consumer payment card data stolen prior to October 1.
There is a lot of counterfeit card data out there from past data breaches and what not that could show up at a merchant store at any time, but the merchants will only be liable is if fraud came from a counterfeited mag stripe card that originated from a card issued with a chip on it,” explained Randy Vanderhoof, executive director of the Smart Card Alliance.
Sobering news for card present merchants. But for online merchants the changes are less dramatic:
“The card-not-present channel has its own set of controls and we are working on a solution for those independently and with different elements than the card-present problem,” Ruden said. “In the next year we should see some new schemes materialize that will add controls in the card-not-present space. And that will provide us with another layer of control just like the chip cards are doing.”
However, high risk merchants don’t need to wait for new controls, ePayments Plus can handle that for you. Interested? Just sign up below: