EMV Chargeback: Handling the Liability Shift

What is the liability switch?

Adoption of the EMV standard for card issuers and merchants has always been voluntary. October 1, 2015 marked the deadline for implementing what's known as Chip-and-PIN technology. If you missed this deadline, it could get expensive for the entity using the lesser technology.

What is commonly called the liability shift means liability for the estimated $10 billion losses seen in the US in 2015, will no longer be borne mainly by card issuers.

Who is Liable for Fraud Since October 2015?

When counterfeit credit card fraud occurred at retailers in-store locations, liability was usually borne by card issuers. Back in October 2015, after the liability shift, who pays for fraud losses now depends on who has the lesser technology.

As examples of this shift, the:

  • Merchant is liable if they are still using a "swipe and signature" processor and the customer has a smart Chip-and-PIN card
  • Bank is liable if the merchant has Chip-and-PIN technology, but the bank hasn't issued a Chip-and-PIN card to the customer
  • Credit card company bears liability if the merchant uses Chip-and-PIN technology on a customer's Chip-and-PIN card and fraud still occurs

The latter has always been the case (where the latest technology is applied by the merchant). In cases where technology application is even, fraud liability after the shift stays, as it always did, with the card issuer.

What Types of Liability Apply to Which Payment Networks?

Different types of card payment loss liability are handled differently depending on the global payment network. The liability shift for:

  • Counterfeit fraud applies to Accel, American Express, China UnionPay, Discover, MasterCard, NYCE Payments Network, SHAZAM Network, STAR Network, and Visa
  • Lost or stolen fraud applies to American Express, Discover, and MasterCard
  • Cross-border transaction fraud applies to all global payment networks

Across the board, the general rule applies: the party utilizing the most secure technology for each fraud type prevails in any chargeback claim.

What Does it Take to Become EMV-Compliant?

Becoming EMV-compliant for merchants is about more than just purchasing and installing the proper terminals. Certification requirements follow, those specific to the terminals, but also the payment application used must be certified for EMV. While that sounds daunting, all that merchants need to do is find a processor that is certified.

As part of the incentive for merchants to support EMV, card networks do provide a "safe harbor" for some assessments if the merchant meets certain criteria. Account data compromised from magnetic strips may not result in assessments against merchants in all cases (which used to be the case).