Skip to main content

Posted September 17, 2015

EMV liability

by

On October 1, 2015, most United States retailers will see a move away from traditional swipe and sign methods in favor of the globally popular smart chip payment processes. For retailers accepting in-person, card present transactions at a point-of-sale (POS) terminal and the consumers making these purchases, this date marks a change from swiping to inserting a chip-enabled card into a slot, somewhat similar to use of an ATM.

With only 41% of American consumers receiving new cards, according to an AP-GfK poll, and only about half of cards expected to be sent to consumers by the end of 2015, there is still a need for information among retailers and those not immediately affected by the liability shift.

Background

So, what is EMV and how did it come into consideration? EMV stands for Europay, MasterCard and VISA, named for the coalition of entities that joined in the 1990s to develop specifications for physical card transactions. This led to the introduction and adoption of EMV Cards.

EMV is the global standard for the chip technology embedded in financial payment cards. Much of the rest of the world—Europe, Canada, Latin America, and the Asia-Pacific region—is already in the process of transitioning to chip cards.

In the fourth quarter of 2012, there were 1.62 billion chip cards in use across 80 countries, leaving the United States as the last major country to implement what is now the de facto global standard.

EMV cards store card information on an embedded microchip and are more commonly called chip cards. With these cards, instead of swiping and signing to make a payment, the cardholder inserts the card into the POS machine, then either enters a personal identification number (PIN) or signs to verify the transaction.

Different Payment Brands, Different Stipulations

As the United States joins other countries in the adoption of EMV, different payment brands have introduced different terminology affecting the liability shift for retailers handling in-person transactions. The following table will highlight the different brands’ approaches to the October 1, 2015 deadline, as well as upcoming ATM and Automated Fuel Dispenser (AFD) liability shifts.

Chip and Pin liability shift

The Liability Shift for Retailers and Banks

The important aspect that retailers need to understand is that on October 1, 2015, swipe and sign transactions will transfer from the credit card provider to the retailer or bank. However, there are multiple situations regarding to whom the liability is shifted, as highlighted by the following flowchart from Data Privacy Monitor.

U.S. Retailers One Month Away from EMV Liability Shift

Liability Shift: Counterfeit Cards

Applies to: Accel, American Express, China UnionPay, Discover, MasterCard, NYCE Payments Network, SHAZAM Network, STAR Network and Visa

Applies When:

  • A merchant accepts a magnetic stripe card that was counterfeited with track data copied from an EMV chip card,
  • The card is subsequently swiped at a POS device/application that is not EMV chip-enabled,
  • The transaction is successfully processed, the acquirer/merchant may be liable for the chargeback resulting from the fraud.

chip and pin liability shift

Liability Shift: Lost and Stolen Cards

Applies to: American Express, Discover and MasterCard

Beginning in October 2015 for American Express, Discover and MasterCard, the acquirer/merchant may also be liable for a chargeback resulting from fraud if:

  • A PIN-preferring (either online or offline PIN) chip card that has been stolen (not a copy or counterfeit) is presented at a magnetic stripe-only POS device/application, and the stolen chip card is processed as a magnetic stripe transaction

OR

  • A PIN-preferring (either online or offline PIN) chip card that has been stolen (not a copy or counterfeit) is presented at a chip-enabled merchant POS device/application that does not support either online or offline PIN, and the stolen chip card is processed as a signature chip transaction

No CVM (Cardholder Verification Method) transactions that meet the No CVM requirements of the payment network are not affected by the EMV lost or stolen liability shift. These lost or stolen liability shifts for the U.S. are summarized in the following chart:

Chip and Pin Liability Shift

* Magnetic stripe liability shift rules apply.

** If PIN was prompted and approved, magnetic stripe liability rules apply.

*** Lost or stolen liability shift applies to only legitimate cards that are lost or stolen based on issuer determination.

**** Payment networks have slightly different policies. In the U.S. for MasterCard and Discover, if a merchant decides to support PIN, the terminal must support both online and offline PIN. In the U.S. for American Express, the merchant terminal can support either offline PIN, online PIN or both. In all three cases, the issuer retains liability if a fraudulent lost or stolen PIN-preferring chip card is used at a chip-enabled terminal that supports PIN.

Accel, China UnionPay, NYCE, STAR Network and Visa

There is no expected change to Accel, China Union Pay, NYCE, STAR Network or Visa liability for lost or stolen card fraud, and accordingly, this liability remains with the issuer.

Conclusion: Time is Running Out

With less than a month away from the liability shift and only 59% of retail locations expected to be in compliance by the end of 2015 (Javelin Research), the holiday season could be a costly time for retailers in the United States.

Stay up to date with corporate payments trends and the latest payments industry news by following WEX Corporate on Twitter.

Share:

Corporate Payments Insights