EMV Liability Shift

EMV Chargebacks & Liability

EMV Liability Rules Shift the Burden of Fraud and EMV Chargebacks to CNP Merchants

The EMV liability shift in October 2015—and the resulting boom in fraud and chargebacks—led to plenty of anger and resignation among online merchants. More than anything, though, the change created a lot of confusion.

Much of the liability for post-EMV chargebacks that once fell on the shoulders of card issuers was shifted to merchants…and then shifted back…and then shifted again. It's easy to see how the situation is leading to frustration on the part of merchants and issuers alike.

The History of the EMV Liability Shift

Despite their proven superiority in terms of security, the acceptance of EMV "chip" cards was a slow process in the US.

Other countries adopted EMV years earlier, but the changeover is costly and can be complicated. To encourage more merchants to get on board, the card schemes introduced the EMV liability shift, which made holding on to older methods less appealing.

Under the old system, issuers were responsible for reimbursing their customers in the event one lost money as the result of a fraud attack involving a counterfeit card. As of October 2015, though, liability could be shifted to acquiring banks if their merchants failed to use EMV technology during checkout. Typically, the acquirer would then pass that liability down the line to the individual merchant.

It all depended on who was not able to accept EMV payments; whoever had the lowest level of security would accept liability and could be held responsible for an unauthorized transaction. There’s just one problem: EMV technology doesn’t really translate to eCommerce businesses.

AFD Adoption Lags Behind 

The standard EMV rules have one major outlier: automated fuel dispensers…better known as gas pumps.

When card networks first announced the EMV liability shift in the U.S. would take place in 2015, they specified that AFDs and ATMs would be exempt until 2017. Even before that cut-off, it was obvious hat fuel stations wouldn't make the deadline. In response, all the major card networks—including Visa, Mastercard, and American Express—have extended the EMV adoption deadline until October 1, 2020 for AFDs.

With more than 120,000 gas stations in the U.S., transitioning the country’s gas pumps to newer, EMV-compliant models is a formidable task. Card networks extended the time frame for two main reasons: it would allow more time for the labor-intensive transition, as well as enable businesses to absorb the adaption costs over multiple years.

Plus, many of the country’s 425,000 ATMs are located at gas stations. Forcing retailers to update their fuel dispensers and their ATMs simultaneously would have made an already difficult situation nearly impossible.

Ultimately, because of the extended deadline, merchants operating AFDs will be able to transition more efficiently than retailers did in 2015. Everybody wins…right?

EMV Liability Shift

EMV Acceptance and Its Negative Impact on eCommerce

The Good News

EMV technology makes it nearly impossible for criminals to use counterfeit credit cards, while also reducing the risk of mass retail data hacks. As expected, the transition has been followed by a drastic reduction in card-present fraud against EMV-compliant businesses. It seems EMV fraud is simply too difficult to be profitable. 

Sounds great, right? Unfortunately, it’s not as perfect as it sounds.

The Not-So-Good News

Online merchants reported a dramatic uptick in fraud as criminals moved from brick-and-mortar stores to target eCommerce. Criminals aren't likely to just stop being criminals; more often, they simply find new ways to commit the same old crimes. So, when EMV implementation made card-present fraud untenable, eCommerce became the path of least resistance. 

To make matters worse, the move to EMV has also been blamed for a rise in chargeback fraud, or "friendly" fraud. While card-present merchants are better off in the long-run, online merchants can feel trapped between criminals and their own customers.

New Fraud Strategies Fill the Void

Although EMV technology prevents card data from being stolen at the point of purchase or through retail data breaches, there are still ways cardholder information can be compromised, such as phishing sites or malware. This stolen card information isn’t much use at the local mall, but it can be leveraged against online merchants.

The State of Chargebacks 2018

Launched as a way of collecting and analyzing industry findings, the State of Chargebacks survey reflects the experiences of more than one thousand respondents in the card-not-present space. Download to learn the latest insights on fraud and chargeback management.

Free Download

Synthetic identity theft, also known as new account fraud, involves using stolen personal information to open bogus credit card accounts. Criminals then buy as much merchandise as possible before the fraud is discovered. Chargebacks are filed to cover losses to the issuer, leaving online merchants as the ultimate victims.

This is not a new ploy, but EMV technology made the problem a lot worse for eCommerce merchants. According to a study released by Javelin Strategy & Research, the EMV liability shift drove a whopping 113% increase in synthetic fraud; this tactic now accounts for 20% of all fraud loss in the US. It's easy to see how eCommerce merchants could be upset.

Plus, this is just one common tactic. New fraud threats develop every day, especially with so much customer data flying around in the post-Equifax fraud environment.

Online Merchants & Consumers Pay the Price

Brick-and-mortar merchants, while stuck with the initial cost of changing over, are better off with EMV. Once they've upgraded, they are protected against most card-present attacks, and the liability for any counterfeit card fraud that manages to slip by still shifts to the card association anyway. Online merchants, on the other hand, have more fraud to deal with than ever.

Delayed implementation of EMV technology at the gas pump means fraud exposure remains high. Gas pumps are outside, exposed, and unattended, making it easy for criminals to attach card skimming devices and collect cardholder data. eCommerce sellers are an obvious target for subsequent fraud attacks because the liability shift itself doesn't offer any of the added protections enjoyed in brick-and-mortar stores.

Where fraud goes, chargebacks follow. EMV chargebacks, when combined with friendly fraud, cost web-based merchants more than $30 billion each year. As in-person transactions become safer, the damage to card-not-present merchants will continue to increase.

The problem affects consumers, too, as purchases made at gas pumps are among their most frequent payment card transactions for most Americans. Increased activity on vulnerable processing equipment increases the likelihood that consumers will be victimized.

Postponing the use of more secure EMV technology is almost guaranteed to find more fraudsters trying to leverage the opportunity. As the last remaining outlet to gather cardholder data, gas pumps stand to be the target of even more hacking attacks.

Tired of fighting chargebacks on your own? We can help.


How to Respond to EMV Chargebacks

Converting all card merchants to EMV technology is a positive—and long overdue—step necessary to prevent fraud and protect consumers. For better or worse, shifting EMV liability has played a significant role in this transition, and will continue to do so for the immediate future. Both issuers and merchants have a role to play in relieving the pain:

Issuers Merchants
  • Examine policies and procedures to identify hidden chargeback triggers. Implement a multilayer fraud management strategy that addresses threats from both criminal and friendly fraud.

Comprehensive solutions aren’t limited to pre-transaction fraud detection. An all-inclusive approach—one that provides the greatest profitability and reduced liability—demands action before and after the sale. Merchants must anticipate and prevent fraud, as well as respond to the resulting chargebacks.

Professional Assistance: The Best Fraud Protection

Fraudsters are cunning. Usually, their tactics change faster than in-house fraud detection teams can respond. Professional solutions that are specifically designed to stay one step ahead can significantly enhance a business’s bottom line.

EMV technology is becoming the norm and driving fraudsters to online targets. The industry’s apparent lack of interest regarding online fraud exposure means eCommerce merchants are still being left behind.

That doesn’t mean merchants are expected to fight this battle alone: Chargebacks911® is ready and able to help merchants establish a profitable environment for everyone involved with online transactions. You don’t need to face EMV chargebacks alone…contact Chargebacks911 today for a free chargeback analysis to diagnose your business’s risk level.

Prevent Chargebacks.

Fight Fraud.

Recover Revenue.