What is EMV Liability Shift & Has It Helped With Chargeback Reduction?
I’ve covered EMV technology extensively and often encounter the term “liability shift.” This critical concept could affect us, especially during chargebacks. Here, I’ll break down how it might impact you.
I’ll explain EMV liability shift, how EMV affects chargeback rates, and who bears responsibility in various situations.
Let’s start with what a liability shift is.
Key Takeaways
- EMV adoption increased among US merchants by 815% from 2015 to 2019.
- By 2019, 67% of Visa cards had chips — a 202% increase.
- Merchants using non-EMV technology assume liability for fraud costs.
- EMV chip cards cut in-person fraud by 70%.
- 3D Secure helps online merchants reduce chargebacks.
Recognize fraud before it escalates to chargebacks. Chargeback alerts can help resolve issues early.
What is EMV Liability Shift?
EMV liability shift makes merchants responsible for fraud costs when they don't use EMV chip card terminals. This 2015 rule change by card networks protects chip-enabled transactions. It also encourages secure payment technology adoption.
Before 2015, card issuers usually shouldered fraud costs for card-present transactions. Frustrated by rising fraud, major card networks introduced the EMV liability shift to promote safer payment options.
The rule is straightforward. Liability falls on the party using the least secure technology.
Here’s how it works:
- If a merchant doesn’t upgrade to EMV technology and processes a fraudulent transaction, the merchant bears the loss.
- If a merchant uses EMV technology but the card issuer hasn’t provided chip cards, the issuer is liable.
This shift proved effective.
From 2015 to 2019, U.S. merchants accepting EMV payments rose by 815%. Covering 66.38% of US sellers. For Visa, around 67% of cards had chips — a 202% increase since 2015.
Yet, adoption wasn’t instant.
Some sectors, like convenience stores, delayed upgrading. Leading to higher fraud risks and chargebacks. To push further adoption, card networks tightened liability shift rules in 2018 and 2021. Making non-EMV processing increasingly risky.
Under current rules, merchants must:
- Process chip cards by inserting, not swiping.
- Stay compliant with fraud prevention standards.
- Implement security measures to protect transactions.
Wait a second…
66% doesn’t look great for EMV adoption. How does that compare to the rest of the world?
Source: EMVCo
The US has the second-lowest EMV adoption worldwide, at 66.38%. Slightly behind Asia at 65.52%.
But.
90% of card-present purchases in the US are made with EMV chips — a 3% rise from the previous year.
Are there other ways this affects merchants?
Summary: Merchants are responsible for fraud if they don’t use EMV chip machines.
How Does EMV Liability Shift Affect Merchants?
While the EMV liability shift has successfully reduced card-present fraud, it has created new challenges. Fraudsters have shifted their focus to card-not-present transactions, which make up for 74% of all fraud purchases [1].
Why?
Fraud is like a game of whack-a-mole. Fix one issue, and they find another way. For merchants, understanding and adapting to liability rules is key to minimizing fraud losses and chargebacks.
We’ll discuss ways to address card-not-present fraud in a bit.
EMV liability shift isn’t a legal requirement but a shift enforced by credit card brands. These networks protect themselves by shifting magnetic stripe fraud costs to merchants.
Here’s what merchants need to know:
- All businesses using a POS system must “dip” chip cards instead of swiping.
- These rules apply to EMV and non-EMV systems.
- Even EMV-capable merchants are liable if they swipe rather than dip a chip card.
- The merchant assumes liability for any fraudulent activity resulting from improper processing.
Have you read this without knowing what EMV is? Let’s change that.
What is EMV? (And Why Should You Care?)
EMV is a secure payment technology using smart chips for card transactions. Created by Europay, Mastercard, and Visa, EMV stores data on embedded chips instead of magnetic stripes. This makes payments more secure and supports contact, contactless, and mobile transactions.
Let’s get a better definition on what the “chip” part of the card is.
Summary: A payment technology that’s more secure than magnetic stripes.
What are EMV Chips & How Do They Work?
EMV chips are secure microprocessors in payment cards that encrypt transaction data. These chips generate unique codes for each purchase. The technology prevents fraud by making card duplication impossible. EMV cards work only with compatible payment terminals.
Unlike magnetic stripes that store static data, EMV chips use advanced encryption and tokenization.
When an EMV transaction occurs, it:
- The chip creates a unique, one-time-use token.
- Customer data is encrypted rather than transmitted directly.
- New data sets are generated for each transaction.
- The chip communicates securely with the terminal to verify authenticity.
And it has different payment methods such as:
- Chip (Dip): Inserted into the terminal for higher security.
- Contactless (Tap): Held near the terminal for quick processing.
- Mobile wallets (Digital EMV): Uses devices like Apple Pay or Google Pay, adding security through biometric authentication.
With such technology, EMV chips can protect against fraud like data theft, unauthorized transactions, and some card cloning. Hackers can still clone them, but by different means. And that’s super rare.
I’ll discuss this in a bit.
By the end of 2019, over a billion EMV cards were in circulation worldwide. With contactless and mobile payments growing rapidly due to added security and convenience.
The main advantage of EMV over magnetic stripe technology is its dynamic approach to security. While magnetic stripes reuse static data, EMV chips generate unique, encrypted data, making it harder for fraudsters to exploit.
Now we know the basics. How does liability shift under these rules?
Summary: They’re chips inside of cards that store and transmit encrypted data.
Who is Liable Under the EMV Liability Shift?
Under the EMV liability shift, the following parties are liable in certain cases:
- Merchants/acquirers: Liable if a chip card is swiped in a card-present fraud.
- Issuer: Liable when a chip is used with an EMV-capable machine.
- ATM acquirer: Liable when counterfeit magnetic cards are used at non-EMV ATMs.
Here are different scenarios as to when who would be liable depending on the payment method:
3D Secure is a subject that deserves a separate blog post. Check out our guide on it for more information.
Here’s a breakdown of liability scenarios for merchants and acquirers:
- Using outdated magnetic stripe readers for chip cards.
- Skipping PIN verification on PIN-preferred cards.
- Failing to properly verify suspicious transactions.
- Operating with non-EMV-compliant terminals.
- Processing counterfeit magnetic stripe cards on non-EMV systems.
Example:
A small retail store uses an outdated magnetic stripe reader. A customer presents a chip-enabled credit card, but the store can only swipe it. The transaction is fraudulent, using a counterfeit card based on a legitimate chip card. Since the store didn’t upgrade to EMV, it is liable for the fraudulent amount.
And here’s when issuers would be liable:
- Fraud occurs despite proper EMV chip use.
- Issuing cards with known security issues.
- Authorizing suspicious transactions without verification.
- Failing to detect or prevent fraud on lost/stolen cards at EMV terminals.
- Allowing counterfeit card use at EMV-enabled terminals.
Example:
A restaurant processes a chip transaction with an EMV-compliant terminal. Later, it’s discovered that the transaction was fraudulent with a high-grade counterfeit chip card. Here, the issuer is liable, not the restaurant, as the EMV terminal was used properly.
What about ATM acquirers?
The EMV liability shift rolled out in phases, with special consideration for industries facing unique implementation challenges.
The EMV liability shift was phased in gradually. Some sectors, like gas stations, were given until 2021 due to the high cost of upgrading fuel pumps. Upgrades can run $6,000 – $10,000 for each pump [2].
ATM operators also received extensions. Mastercard set a deadline of October 2016. Visa extended it to October 2017.
Avoiding liability should be self-explanatory. But we’ll discuss this, anyway.
Glossary: “Acquirer” is the merchant’s payment processor. “Issuer” is the customer’s bank or card network.
How to Avoid Liability as a Merchant
To minimize liability under the EMV liability shift, merchants should:
- Upgrade to EMV-compliant equipment: Ensure all terminals support EMV chip cards.
- Train staff on EMV transactions: Train employees on proper chip processing.
- Encourage chip and PIN use: Advise customers to use chip insertion, not swiping.
- Maintain PCI compliance: Following PCI-DSS standards protects against breaches and unauthorized access.
While EMV reduces counterfeit fraud risk, PCI-DSS compliance secures all card data, online and in-store. Failing to comply can increase fraud chargebacks and data breaches — even with EMV terminals.
Merchants can follow PCI-DSS (Payment Card Industry Data Security Standards) by implementing secure data practices. Such practices include encrypting card data, regularly updating security software, and limiting access to payment information.
Speaking of chargebacks. Has EMV liability shift, or EMV in general helped prevent them?
How Effective is EMV in Preventing Chargebacks?
Implementing EMV has reduced in-person fraud and chargebacks. Since the EMV liability shift, counterfeit fraud in the U.S. dropped by 70% at EMV-enabled retailers [3].
In the UK, in-person fraud decreased by 69% since 2004. And in France, by 50%.
In the US, retailers who adopted EMV saw counterfeit fraud losses decrease by 87% from 2015 to 2019. Data from Visa showed a 70% fraud reduction at EMV-enabled locations from 2015 to 2017. Illustrating EMV’s impact on reducing chargebacks from in-person fraud.
However.
As EMV has curbed in-person fraud, criminals have shifted to card-not-present (CNP) fraud, which now makes up more than 70% of all fraud in 2024.
How do you deal with this type of fraud, then?
Other Fraud Prevention Measures for Businesses
To tackle fraud beyond EMV’s reach, consider the following measures:
- 3D Secure 2.0: Adds authentication to verify cardholders for online transactions.
- CVV verification: Confirms the card’s security code, ensuring the buyer has the card.
- Address verification service (AVS): Matches billing address details to prevent fraud.
- Fraud scoring tools: Analyze transactions for suspicious patterns.
- Tokenization: Replaces card data with tokens, reducing breach risks.
- Email and phone verification: Confirms contact details for fraud detection.
- Velocity checks: Limits transactions from the same account to prevent rapid fraud.
These methods are mostly geared toward CNP purchases.
3D Secure, for instance, adds a second verification step (like a text or biometric confirmation) to reduce chargebacks from unauthorized CNP transactions. This protocol is helpful for merchants facing high chargeback rates.
As it can add friction to some purchases. I provide more context in this area in a separate guide.
CVV verification means you require the customer to enter their card’s CVV details prior to a purchase. The majority of stores will do this. Don’t be a business that doesn’t.
AVS, which checks billing addresses against bank records, is valuable for U.S. merchants, especially for high-value purchases. Payment gateways, like Stripe, often include this feature.
Fraud scoring tools assign risk scores to transactions based on factors like purchase speed and location. Ideal for merchants handling large transaction volumes.
If you’re a Shopify user, we compare some plugins that can help. If you use Stripe, we included an option or two to consider.
Tokenization converts sensitive card data into tokens, limiting access to real card details. This is the technology behind Apple Pay and Google Pay.
One business noticed a 25% decrease in chargebacks and more win rates when implementing Apple Pay [4]. Though, I think it was more-so a combination of biometrics, tokenization, and other factors.
Velocity checks limit rapid transaction attempts from one account, which can be useful for high-frequency or high-value CNP transactions.
Let’s finish this guide with some FAQs.
FAQs
Can Fraudsters Clone EMV Cards?
Yes, criminals can clone EMV cards using a shimmer, a device that copies data from an inserted card to a magnetic strip card. This is known as EMV bypassing. We cover it in more detail in another guide.
Wrapping Up
The EMV liability shift encourages sellers to adopt EMV technology to reduce in-person fraud. It has been effective, as most in-person transactions now use chip cards. But this doesn’t address CNP fraud.
While we can’t eliminate all fraud, we can help with tools to manage chargebacks. Chargeback alerts notify you when a customer attempts a chargeback. Allowing you to issue refunds before disputes affect your chargeback rate.
Try them out. Reduce fraud-related chargebacks.
Sources
- [1] Remote Fraud and EMV Technologies. EMVCo. 9/28/2023.
- [2] EMV upgrade cost at the pump. LinkedIn. 07/24/2015.
- [3] Visa chip card update. Visa. 12/2017. PDF.
- [4] Fight Back Against Chargebacks with Apple Pay. PayNearMe. 3/25/2021.