EMV Liability Shift: Where Things Stand
The EMV liability shift introduced by the major credit card networks went into effect October 2015. It was designed to encourage merchants, banks, and consumers to make EMV “chip” cards their preferred type of payment card transaction.
There was a lot confusion on the part of merchants and issuers alike in those first months. Much of the liability for post-EMV chargebacks that once fell on the shoulders of card issuers was shifted to acquirers who, in turn, off-loaded the responsibility to merchants. Only once a merchant became compliant with the new regulations could responsibility be shifted back under the conditions of the new mandates.
Understandably, some merchants are still unsure of where that “liability line” should be drawn. Let’s take a closer look at the EMV liability shift, what it has accomplished, and where merchants need to go from here.
What Is (or Was) the EMV Liability Shift?
According to financial service Square, chip cards are the norm in almost all major economic regions outside of the United States. Despite this, and despite their proven superiority in terms of security, the acceptance of EMV cards has been a slow process in the US.
US consumers often feared the process of “dipping” a card was longer and more involved than swiping. Many merchants dragged their feet about adopting the new system, arguing that customers weren’t interested, and that the changeover was costly, confusing, and too complicated.
To encourage more merchants—and by default, more consumers—to get on board, the card networks collectively introduced the EMV liability shift. Penalties from this new mandate made holding on to older processing methods less appealing for merchants.
Confused by Ever-Changing Chargeback Regulations?
We can help you navigate the chargeback minefield. Click to learn more.
Under the old system, issuing banks were responsible for reimbursing their customers in fraud cases involving a counterfeit or stolen card. As of October 2015, however, merchants who allow a chip card to be swiped are now considered liable if the transaction turns out to be fraudulent.
This “shift” in liability applies to merchants who have an EMV-enabled system (and for whatever reason, didn’t use it), as well as merchants who have not upgraded to EMV technology.
Did It Work?
Essentially, the basis for deciding liability now is security: whichever party has the lowest level of security can be held responsible for unauthorized transactions. As magnetic stripe cards are far less secure than chips, a merchant who is unable or unwilling to accept EMV payments automatically becomes the weak link in the payment chain.
The majority of card-present merchants eventually upgraded to the new technology. As predicted, the overall fraud rate went down, dropping by 15% in 2018 alone. Visa reported that merchants who had completed the chip upgrade saw a 76% decline in counterfeit fraud dollars from December 2015 to December 2017.
The shift seems to have generally had to the desired effect so far, but not everyone is celebrating yet. The transition is still not totally complete, as some merchants continue to use magnetic stripe cards. This has produced (or exacerbated) some secondary issues that still need to be addressed.
When card networks first announced that the US EMV liability shift would take place in 2015, they built in a couple of exceptions: gas pumps (AFDs or Automated Fuel Dispensers) and automated teller machines (ATMs). These two groups would be exempt from the new regulations until 2017. Long before that cut-off, however, it was obvious that fuel stations wouldn’t make the deadline.
AFD and ATM Conversions Are Lagging
There are more than 120,000 gas stations in the US. Transitioning all these gas pumps to newer, EMV-compliant models is a formidable task. Making the situation exponentially more complicated, though, is the fact that many of the country’s 425,000 ATMs are actually located at gas stations and convenience stores. This means owners were expected to update their fuel dispensers and ATMs simultaneously.
The required financial outlay is staggering for a sector that typically runs on low operating margins. Fuel pumps and ATMs typically occupy “loss leader” status; rather than generating revenue, they attract customers who then spend money on more profitable items.
In response, all major card networks further extended the EMV adoption deadline for AFDs. Set for October of 2020, the situation hit yet another snag with the onset of the COVID-19 pandemic. The deadline was pushed out once more, this time to April 2021.
Delayed implementation of EMV technology at the gas pump means fraud exposure remains high. Gas pumps are outside, exposed, and unattended, making them attractive targets for criminals looking to attach card skimming devices and collect cardholder data. The same goes for many ATMs.
The EMV liability shift might’ve been confusing—even painful—for some merchants, but it’s hard to argue with success. Once past the front-end costs of upgrading, merchants are shielded from most counterfeit card fraud, as well as liability for any cases that manage to slip through. However, as EMV compliance closes the gap on card-present fraud, criminals aren’t simply giving up and quitting. Instead, fraudsters have spent the last five years migrating to an easier, less-protected channel: eCommerce.
eCommerce, Liability Shift, and the Rise of Friendly Fraud
EMV technology makes it nearly impossible for criminals to use counterfeit credit cards, while also reducing the risk of mass retail-data hacks. As we saw earlier, EMV-compliant businesses saw a dramatic post-transition reduction in card-present fraud. For the most part, card-present fraud is now simply too difficult to be profitable.
Unfortunately, criminals aren’t likely to just stop being criminals just because the situation changed. More often, they simply find new ways to commit the same crimes. That’s what happened here: when EMV implementation made card-present fraud impractical, the fraudsters started targeted online merchants. As a result, eCommerce sellers have reported a drastic increase in fraudulent activity that correlates with the drop in card-present fraud.
Unfortunately, this move coincides with an ongoing rise in cases of friendly fraud (also called chargeback fraud), which is also more commonly associated with eCommerce businesses. The two are correlated; the surge in online activity—both legitimate and fraudulent—has made cardholders more aware of the chargeback process, thereby making cardholders more likely to abuse it.
This state of affairs leaves many online merchants feeling trapped between criminals and their own customers.
Friendly fraud chargebacks alone are expected to cost merchants $132 billion this year. This will come in the form of lost revenue and merchandise, added fees and overhead, and threats to merchants’ sustainability. But, while merchants suffer up front, the losses ultimately trickle down to the consumer in the form of higher prices and less competition, making chargeback abuse a lose-lose prospect.
How to Respond to EMV Chargebacks
The switch to EMV cards has proven very successful in deterring counterfeit or stolen card fraud in the card-present space. The threat has not been eliminated, however, and the EMV liability shift means that merchants could face consequences if they do not vigilantly adhere to EMV protocols.
Brick-and-mortar sellers should be aware of behaviors (attempting to bypass PIN entry, for example, or placing tape over the chip so it cannot be read and must be swiped) that could indicate attempted fraud. When chip cards are used for transactions, make sure they are dipped and not swiped.
If an EMV chargeback is filed against your business, you may need outside help: EMV chargebacks are data intensive and very technical—expert interpretation is recommended to ensure you understand what happened, how you should respond, and how to prevent additional occurrences.
Any merchants with a card-not-present channel must be conscious of increased exposure to fraud and should put a plan in place to deal with it. A comprehensive risk mitigation strategy must be able to anticipate and prevent criminal fraud, as well as respond to illegitimate chargebacks stemming from friendly fraud.
That said, fraudsters typically change their tactics faster than in-house fraud detection teams can respond. Professional solutions that are specifically designed to stay one step ahead can significantly enhance a business’s bottom line.
Chargebacks911® is ready and able to help merchants combat all types of chargebacks and recover revenue. Contact us today for a free chargeback analysis to diagnose your business’s risk level.