Please enable JavaScript to view this website.

EMV Credit Card Chips and the Shift in Fraud Liability

Take a look in your wallet and find your credit card. Chances are that you are one of the millions of Americans that received a “new” EMV-chip-enabled credit card. ((Will Retailers be Ready for EMV by Oct 2015?, Payments Leader (Oct. 16, 2013), http://www.paymentsleader.com/will-retailers-be-ready-for-emv-by-oct-2015/.)) EMV, which stands for “Europay, MasterCard, and Visa” after the original three developers of the technology, is not a new feature, however. ((Rachel Abrams, Chip Cards Will Require Users to Dip Rather Than Swipe, NY Times (Sept. 28, 2015), http://www.nytimes.com/2015/09/29/business/chip-cards-will-require-users-to-dip-rather-than-swipe.html?ref=dealbook&_r=0.)) European consumers and retailers have used this microchip payment system for years in lieu of the magnetic-stripe swipe to which Americans have become accustomed. ((Id.)) So why have US payment networks and banks made the transition to cards with the EMV microchip? The answer begins with the fact that EMV-chip credit cards use a unique code for each transaction, making them harder to defraud in many instances compared to the magnetic stripe. ((Kathryn Vasel, Got a New Credit Card in the Mail? Here’s Why, CNN Money (Sept. 26, 2015), http://money.cnn.com/2015/09/25/pf/emv-chip-credit-cards/index.html.)) This inevitably led to the recent credit card fraud liability shift that took place on October 1, 2015. ((Id.))

In the past, card issuers were generally responsible for covering card-present fraudulent transactions, which has been estimated to exceed $10 billion annually in the US alone. ((Will Retailers be Ready for EMV by Oct 2015?, supra note 1.)) In other words, US payment networks were previously held financially responsible to pay for all fraudulent transactions that involved a scammer using a “fake credit card” created from a victim’s real credit card data obtained via the magnetic stripe. ((Abrams, supra note 2.)) After October 1, 2015, if a scammer obtains a victim’s credit card data from a card that has an EMV-chip, and then proceeds to use the magnetic stripe at a business that is not equipped to read and process an EMV-chip, that business is on the hook for paying the full cost of the transaction. ((Understanding the 2015 U.S. Fraud Liability Shifts, EMV Migration Forum (May 2015), http://www.emv-connection.com/downloads/2015/05/EMF-Liability-Shift-Document-FINAL5-052715.pdf .))

It is important to pause and note that EMV-chip cards and the shift in fraud liability are undeniably a large step forward in curbing one aspect of credit card fraud. ((Abrams, supra note 2.)) However, there remain many security problems and backdoors for scammers to exploit. ((Id.)) For instance, online credit purchases and mobile payments, also known as “card-not-present transactions,” are still extremely vulnerable to fraud. ((Id.)) Retailers predict that using EMV-cards may not significantly cut down on credit fraud, as scammers will move in droves to fraudulent online transactions. ((Id.))

Completely moving the US over to the EMV-card system is expected to be a slow process, but the fraud liability shift has had the immediate effect of putting businesses under the gun of compliance. ((Vasel, supra note 4.)) It is estimated that EMV compliance in the US will cost businesses over $8.65 billion to update or replace point of sale devices, ATM machines, and credit and debit cards. ((Will Retailers be Ready for EMV by Oct 2015?, supra note 1.)) This necessitates a decision for business owners to either pony up the money for EMV compliant devices or risk the liability of fraudulent transactions. ((Vasel, supra note 4.))

The following two tabs change content below.