EMV Liability ShiftThe Current State of Merchant Fraud Fault Judgements, In-Store & Online

Monica Eaton
Monica Eaton | February 13, 2025 | 14 min read

This featured video was created using artificial intelligence. The article, however, was written and edited by actual payment experts.

What is the EMV Liability Shift?

In a Nutshell

After the EMV deadline of 2021, global reports of in-person fraud are way down… but reports of CNP fraud are way up. So, what gives? Did the EMV liability mandate lower fraud, or just shift it online? This article will explain everything you need to know about the EMV liability shift for the near future, what it is, and why it exists. We’ll also go over how it protects your business and how it doesn’t.

Ten Years Later, How Has EMV Liability Changed the Game for Merchants?

The EMV liability shift went into effect on October 1, 2015. That means we’re coming up on the ten-year anniversary here in a couple of months.

Introduced by card networks, the fraud liability shift was intended to encourage merchants, banks, and consumers to make EMV “chip” cards their preferred type of payment card transaction.

There was a lot of confusion going around in those first months. In the end, though, much of the liability for chargebacks that once fell on the shoulders of card issuers was shifted to acquirers. In turn, acquirers off-loaded the responsibility to merchants.

Responsibility could be shifted back to issuers under the conditions of the new mandates. However, this would only happen once a merchant became compliant with the new regulations.

But, even a decade later, some merchants are still unsure of where that “liability line” gets drawn.

Others are still unaware that they may be held fully liable for fraudulent transactions if they aren’t in compliance with later rule updates. To clear things up, we’ll take a closer look at the EMV liability shift. We’ll explore what was accomplished, and where merchants need to go from here.

What is EMV? How Does it Work?

Before we get into it, let’s offer a little background info.

EMV stands for “Europay, Mastercard, and Visa.” These are the three card networks that created the payment standard on which EMV technology works. The standard is now owned and managed by EMVCo, a consortium made up of Visa, Mastercard, JCB, American Express, China UnionPay, and Discover.

The program is most often associated with electronic chip-enabled cards. These chip cards have all but replaced legacy magnetic stripe cards as the aforementioned companies’ preferred payment method.

The electronic chip embedded into an EMV card contains encrypted customer data. But, unlike traditional magnetic stripe cards, the data stored is never actually transmitted. Instead, when a customer “dips” their card into an EMV card reader, the chip translates the user’s data into a one-time-use token that stands in for the data in question. This is a practice called tokenization.

Learn more about EMV technology

What Was the EMV Liability Shift?

The EMV liability shift of 2015 was implemented by the major card networks in an effort to relieve issuers’ liability for fraud. The initiative aimed to mandate fraud protections for merchants and consumers and shift liability for fraudulent transactions to the least compliant party.

For consumers, EMV cards must be inserted (rather than swiped) to be eligible for fraud protection. For merchants, they must prove they are compliant with regulations at all times (this includes the application of fraud prevention tools). In most cases, merchants and acquirers are generally held liable for fraud. 

According to financial service Square, chip cards are the norm in almost all major economic regions, including the United States. However, getting to this point was a long road. Despite their proven superiority in terms of security, the acceptance of EMV cards was a slow process in the US.

Despite these changes, US consumers often worried that the process of “dipping” a card would take longer and be more involved than swiping. Many merchants also dragged their feet about adopting the new system, arguing that customers weren’t interested and that the change was costly, confusing, and too complicated.

To encourage more merchants — and, by default, more consumers — to get on board, the card networks collectively updated the EMV liability shift regulations in 2018 and again in 2021. The more recent (and harsher) penalties from the EMV mandate made older processing methods less appealing for merchants.

How EMV Liability is Assigned

Under the old system, issuing banks were responsible for reimbursing their customers in fraud cases involving a counterfeit or stolen card. As of October 2015, however, merchants who allow a chip card to be swiped are now considered liable if the transaction turns out to be fraudulent.

Now, if an EMV card is used at a POS terminal that is not EMV compatible, the liability for any acts of fraud resulting from that transaction will shift to the acquiring bank. The bank will shift responsibility to the merchant, since they are assumed to be responsible for the security breach. So basically, if a merchant accepts a fraudulent transaction due to failure to deploy EMV technology, they must also accept liability for the financial loss.

This wasn’t intended to be a “punishment” for merchants. However, it is meant to force merchants to update and modernize their POS hardware. They also must remain compliant with current fraud prevention standards.

Now that we’re past the 2018 and 2021 updates, here’s a final tally of who’s liable and for fraud, and when:

Counterfeit Card Liability

Scenario

Merchant is Liable

Issuer is Liable

Counterfeit magstripe card (copied from chip card) used at a non-EMV terminal
 
Counterfeit magstripe card used at an EMV-enabled terminal
 
Genuine magstripe card used at any terminal
 
Did You Know?

The counterfeit liability shift applies to five signature networks and four PINless debit networks.

Lost or Stolen Card Liability

Scenario

Merchant is Liable

Issuer is Liable

PIN-preferring chip card used at non-PIN terminal (processed as signature transaction)
 
PIN-preferring chip card used at PIN-enabled terminal
 
Signature-preferring chip card used at any terminal
 

The tables above are generally accurate, though there are a few exceptions. Purchases that don’t require a PIN, signature or another verification method, transactions at an ATM, and cross-border transactions are subject to different liability shift guidelines.

Did You Know?

A fallback transaction occurs when a chip card fails to read at a chip terminal, so the terminal “falls back” and uses the card’s magstripe to complete the transaction instead. If the merchant and acquirer accurately report the purchase as a fallback, then the issuer bears full liability for the transaction.

Did the EMV Liability Shift Work?

EMV has been a mostly global standard since 2004. In fact, 94.76% of global transactions are made using EMV chip cards as of 2023.

EMV chip transactions have been very effective at preventing in-person card fraud. Although credit card transaction volumes grew by 40% in the US between 2019 and 2023, card-present fraud losses declined from $3.80 billion in 2019 to $3.51 billion in 2023.

In other words, card-present fraud in the US declined by roughly one-third within five years on a transaction volume-adjusted basis.

Concerned about chargebacks? You're not alone.REQUEST A DEMO

That’s all great news. But, while the EMV liability shift has been a game-changer in the fight against in-person fraud, it’s no help when it comes to card-not-present fraud, as we’ll see below.

The Pros & Cons of EMV 

Regardless of which party bears responsibility for fraudulent EMV transactions, the technology itself has proven to be extremely helpful against in-person fraud. But, as we mentioned above, it has a lot of shortcomings. 

So, on that note, let’s go over a few pros and cons associated with EMV technology:

EMV Technology Can:

  • Make it harder for fraudsters to counterfeit cardholder data.
  • Make in-person fraud and card theft nearly impossible.
  • Prevent user data from being stored in terminals and processors.
  • Identify stolen or counterfeit cards.

EMV Technology CAN’T:

  • Stop the online theft or sale of credit and debit cards online.
  • Protect user data from unauthorized wifi access.
  • Protect data stored in merchant systems from online breaches.
  • Verify credentials for online purchases.

Remember, not all card-present merchants migrated to EMV technology at once. For instance, gas stations and convenience stores took significantly longer to adapt. Because of this, incidents of fraud and chargebacks remained significantly higher in this industry compared to other verticals. Even though the deadline to adhere to federal EMV mandates went into effect in April of 2021, many of these businesses are still not 100% compliant.

As we’ve mentioned, EMV technology is an excellent deterrent against in-person and card-present fraud. However, it offers little to no real protection against card-not-present fraud outside of mobile wallet apps. It provides even less protection against chargebacks.

CNP Fraud: Where EMV Liability Fails

If your business mainly focuses on in-store sales, the adoption of EMV chip cards will definitely lower your risk and liability for fraud. This is because the tokenization technology we mentioned above is very difficult for fraudsters to hack or spoof. Even if the fraudster is in possession of the physical card, without a PIN code, it’s all but useless to them. 

eCommerce merchants, on the other hand, have had to brace themselves for an increase in fraud.

Card-not-present fraud losses more than doubled between 2019 and 2024, from $5.04 billion to $10.16 billion. Some of this growth in fraud can be attributed to the corresponding rise in transaction volume. But others claim that the EMV liability shift really just pushed fraud online, rather than eliminating it.

Today, CNP fraud accounts for 74% of US payment card fraud by volume, up 17 percentage points from 2019. Making matters worse is the fact that CNP fraud is harder to trace, more difficult to prevent, and more likely to be the result of friendly fraud than third-party card-present scams like counterfeits or theft.

If eCommerce transaction volume continues to compound at double-digit rates in the coming years, CNP fraud trends could follow suit. Friendly fraud now accounts for over 70% percent of all chargebacks filed against merchants… partially thanks, in a very roundabout way, to the EMV liability shift.

CNP Best Practices in a Post-EMV Liability World

Online fraud is going to be a problem for the foreseeable future. This is why it is so important for online merchants to take a long hard look at their internal particles now before an issue arises. 

A few best practices to consider include:

Deploying Fraud Scoring

Fraud scoring parameters can be set to automatically reject suspected fraud attempts or flag them for manual screening.

Learn more about chargeback time limits

Identifying Potential Errors

Chargebacks911 has identified more than 100 simple missteps in customer service, user experience, policies, and logistics. These can lead to increased chargeback issuances and customer dissatisfaction, all while offering no fraud prevention benefits.

Learn more about merchant error

Using Multiple Antifraud Tools

Employing complementary tools like CVV verification, AVS, proxy piercing, geolocation, 3-D Secure 2.0 can drastically reduce merchant risk.

Learn more about fraud detection

Use Data to Fight Friendly Fraud

As a post-transactional threat source, friendly fraud skews data. This can make it incredibly difficult to identify and track over time. Merchants need to identify and respond to friendly fraud through representment and take steps to mitigate long-term friendly fraud risk factors.

Learn more about friendly fraud

That last point is especially important. As we addressed earlier, friendly fraud is a fast-growing problem; one that EMV fraud protections are useless to prevent. So, how can merchants use EMV to combat CNP and friendly fraud? The solution is to implement a strategy that combines every fraud prevention method possible.

A Multi-Layered Strategy is Needed

The EMV liability shift “worked” well against in-person fraud.But, it has been demonstrably ineffective against CNP fraud and all first-party fraud. 

Any merchants in the card-not-present space must be conscious of increased exposure to fraud, and should adopt a plan to deal with it. A comprehensive risk mitigation strategy must be able to anticipate and prevent criminal fraud, as well as respond to illegitimate chargebacks stemming from friendly fraud.

That said, fraudsters typically change their tactics faster than in-house fraud detection teams can respond. Professional solutions that are specifically designed to stay one step ahead can significantly enhance a business’s bottom line.

Chargebacks911® is ready and able to help merchants combat all types of chargebacks and recover revenue. Contact us today for a free chargeback analysis to diagnose your business’s risk level.

FAQs

What is EMV?

EMV stands for “Europay, Mastercard, and Visa.” These are the three card networks that created the payment standard on which EMV technology works.

The program is most often associated with electronic chip-enabled cards. These chip cards have all but replaced legacy magnetic stripe cards as the aforementioned companies’ preferred payment method.

The electronic chip embedded into an EMV card contains encrypted customer data. But, unlike traditional magnetic stripe cards, the data stored is never actually transmitted. Istead, when a customer “dips” their card into an EMV card reader, the chip translates the user’s data into a one-time-use token that stands in for the data in question. This is a practice called tokenization.

How Do EMV Cards Work?

EMV cards are inserted into an EMV reader rather than swiped. While inserted, the customer will be required to enter a PIN and/or signature to process payment. Card insertion generates dynamic tokenization data to transmit the cardholder’s verification details.

EMV cards can now use the same tokenization technology to pay via contactless readers. To process payment, all a customer needs to do is hold or tap their card over the reader, and the transaction is complete.

What was the EMV liability shift?

The EMV (Europay, Mastercard, and Visa) liability shift of 2015 was implemented by the major card networks in an effort to relieve the issuer’s liability for fraud. The initiative aimed to mandate fraud protections for merchants and consumers and shift liability for fraudulent transactions to the least compliant party. For consumers, EMV cards must be inserted, rather than swiped, to be eligible for fraud protection. For merchants, they must prove they are compliant with regulations at all times (this includes the application of fraud prevention tools). In most cases, merchants and acquirers are generally held liable for fraud.

When was the EMV liability shift?

The EMV shift originated in October of 2015, and was updated in 2018. The final EMV standardization went into effect in April 2021.

Is EMV compliance mandatory?

Voluntary compliance began in 2015. In 2018, harsh penalties and fines for non-compliance with EMV standards were implemented in the US in order to drive widespread merchant adoption. As of April 2021, any merchant that fails to utilize EMV chip technology is held solely liable for acts of credit and debit card fraud.

Did the EMV liability shift help stop fraud?

Yes… and no.

If a business mainly focuses on in-store sales, the adoption of EMV chip cars will definitely lower one’s risk and liability for fraud. This is because tokenization technology is very difficult for fraudsters to hack or spoof.

eCommerce merchants, on the other hand, aren’t as lucky. According to the Federal Trade Commission, reports of online credit card fraud more than doubled between 2019 and 2020. This is because fraud moved online where there are fewer safeguards in place to prevent it. 

Why is the EMV shift happening?

The EMV liability shift, which happened in 2015, encouraged issuers and merchants to adopt EMV technology in the hopes that it would make transactions safer and more secure against fraud.

What is liability shift chargeback?

A liability shift chargeback refers to the 2015 change in the party responsible, or liable, for fraudulent chargebacks. Originally, issuers were held liable for many chargebacks resulting from card-present fraud. After the 2015 rule, liability shifted to acquirers, who in turn shifted liability onto merchants. However, businesses who are fully EMV-compliant may be able to relieve themselves of some liability for fraud.

Like What You're Reading? Join our newsletter and stay up to date on the latest in payments and eCommerce trends.
Newsletter Signup
We’ll run the numbers; You’ll see the savings.
triangle shape background particle triangle shape background particle triangle shape background particle
Please share a few details and we'll connect with you!
Revenue Recovery icon
Over 18,000 companies recovered revenue with products from Chargebacks911
Close Form
Embed code has been copied to clipboard