After deadline for the EMV adoption in the USA on Oct 1st, 2015, the in-store counterfeit fraud liability shifted to either the chip card issuing financial institution or to the merchants involved Quoting from what Carolyn Balfany, the safety and security expert at MasterCard said “The liability shift protects the entity who offers the greater level of security by holding the other entity with less secure systems responsible for fraud, “For example, if fraud occurs when a chip card is inserted into a terminal that hasn’t been upgraded, the merchant is responsible for the fraud.” The shifting served as a way of stressing on the sensitivity of the credit card company before any transaction is made. This is because the EMV cards require the verification of the legitimacy of the card before the transaction is processed.
Initially, the credit card issuers were accountable for covering fraud affecting purchaser accounts, compensating the cardholders for lost money. As from October 1, 2015, the financial institutions may still cover cardholders’ accounts, but in some cases, they may seek reimbursement from the business owners or the merchant acquirer after proof that the retailer was not ready to use or accept EMV payment technology.
As from October 1, 2015, the federal government initiated a law to protect the consumers by compelling the financial institutions to cover cardholders’ accounts as before in the case of fraud. In some cases, the institutions can now seek compensation from the merchants or the merchant acquirers (banks or company that processes the initiated payments on behalf of a merchant). This happens on proof that the retailer was not prepared to adjust to the EMV payment technology.
Does this mean that the merchants are to be blamed and responsible for covering all the frauds?
One might get the misconception that the merchants are responsible for all the EMV frauds especially if one fails to understand what Doug Johnson, president of American Bankers Association meant when he said:” Whoever has the lowest level of security essentially is now responsible for that unauthorized transaction.” This doesn’t mean that the merchants bear the brunt of all fraud charges. Take for instance the situation where both the merchant and the card issuing institution have upgraded security. At such situation, the environment remains precisely as it was before the Oct 1st. Then the bank will have the responsibility of reimbursing the customer.
Note that the liability shifts not apply to consumer payment card data stolen before October 1. Also, it’s imperative to note that the liability shift only applies to counterfeit fraud tied to EMV chip cards, not to the magnetic-stripe cards that still can be hijacked.