Chip cards have been with us for some 40 years now.
But they’ve seen significant functional and security enhancements through the years. From the earliest field trials in 1997, chip cards have evolved from less secure magnetic stripes to EMV chips in various global markets.
With EMV chip card technology, merchants can effectively tokenize payment data instead of transmitting the cardholder’s actual data, making it hard for fraudsters to hack and duplicate such information. But has it worked? And what are the downsides of EMV in fighting fraudulent chargebacks?
Below is a comprehensive case study on EMV technology and all the intricacies of how it works. We have laid everything out quite nicely to help you find answers to various questions arising in your mind.
What is EMV? And how does EMV work?
EMV is a technology standard that reduces fraud involving lost, stolen, and counterfeit cards. The acronym “EMV” stands for Europay, MasterCard, and Visa in honor of the organizations that developed the protocol.
Major payment networks have embraced EMV. An EMV credit or debit card, in contrast to a conventional magnetic stripe, uses a tiny computer chip to store data and increase the security of transactions at point-of-sale systems. The “chip” here is the tiny gold microchip pressed into the front of your card, safely transmitting your data to the payment processor.
Magnetic stripes employ static data. Thus when you submit your information through a credit card terminal, it is not encrypted. As a result, once a terminal has accessed the data, typical credit cards have no means to protect it.
How do EMV chips work?
As we noted above, EMV standards add a layer of protection to transactions by requiring the buyer to utilize a personal identification number (PIN) rather than only their signature. EMV cards have an embedded circuit chip that uniquely encrypts each transaction. Criminals cannot utilize data intercepted from a chip card transaction to complete another transaction.
The EMV chip must be connected to an EMV chip reader in an acceptance terminal to process a payment. There are two methods to create a connection:
⦁ Contact. The EMV chip reader and the EMV chip must physically make contact for a payment transaction.
⦁ Contactless. For information to flow between the EMV chip and the acceptance terminal, the EMV chip must be placed close enough to the reader (up to 4 cm).
In both cases, the EMV chip is powered by the acceptance terminal, enabling the transaction.
EMV liability shift: Who is responsible for chargebacks?
The unreasonably expensive telephone line card authorization for European card issuers led to the adoption of the EMV standard in Europe for the first time in the 1990s. Due to international call charges, European card authentication expenses were up to 80–90% higher than in the US.
But only a few card issuers were eager to switch to the EMV standard. Many merchants hesitated to adopt the new standard, arguing that customers weren’t showing interest and the changeover was expensive, confusing, and too complex.
To entice merchants, banks, and consumers to make EMV “chip” cards their preferred payment card for transactions, the major credit card networks introduced new rules that went into effect in October 2015, resulting in the EMV liability shift. Much of the post-EMV chargebacks liabilities that once fell on card issuers’ shoulders shifted to acquirers who, in turn, transferred the responsibility to merchants.
Here’s a practical example. Suppose a company’s point of sale system is EMV compliant, but the vendor allows customers to swipe a counterfeit chip card through a magnetic stripe reader rather than insert it into an EMV chip reader. In that case, the merchant will be held liable.
Also, if fraud occurs because an acquirer fails to provide a merchant with EMV-compliant equipment, the acquirer will be responsible for any fraud-related chargebacks.
When is a merchant responsible for chargebacks under EMV?
By and large, chargeback liability most likely fall on the merchant, but not always. The situation, card brand, and equipment used can all play a part in determining liability.
Below are some specifics on when a merchant is responsible for chargebacks under EMV liability shift.
⦁ A pin-based American Express, Discover, or Mastercard chip card is stolen and swiped at a store that isn’t EMV-ready.
⦁ A chip card swipe at a non-EMV-compliant merchant, the magnetic stripe data stolen, and fraud occurs.
⦁ A fraudster uses stolen magnetic stripe data from a chip card to create a counterfeit chip card – and swipes the fake card at a non-EMV-compliant merchant.
Numerous scenarios affect liability. But if your business has requisite EMV equipment and certification, you can protect your store from chargebacks by ensuring that buyers insert their chip cards instead of swiping them.
Automated Teller Machines (ATMs) and Gas pumps (AFDs or Automated Fuel Dispensers) are exempted from the new regulations. The reason is that they have to deal with a myriad of rules and hop over numerous bureaucratic puddles, hence their exemption until 2021.
Has EMV technology worked?
The answer, for the most part, is yes. Most card-present vendors upgraded to the new framework, causing the fraud rate to drop by 15% in 2018 alone. Visa said merchants who had completed the chip upgrade witnessed a 76% reduction in counterfeit fraud from December 2015 to December 2017.
But on the contrary, the merchants who still have not upgraded EMV systems are experiencing a drastic change in chargebacks, especially after the EMV liability shift. One network reported that out of 2,50,000 merchants, there was an increase in card-present chargebacks by 50%.
That said, you should also know that the EMV framework works only for in-person transactions, not online ones.
EMV Compliance: What merchants should know
Adopting EMV technology is not a law in the traditional sense. It’s more of an industry-specific regulation dictated by the card member associations.
You can decide whether to upgrade EMV or stick to magnetic stripe technology.
Perhaps you’ve avoided upgrading to EMV due to the associated hardware and software costs. You must know that not integrating EMV into your business isn’t a repercussion-free option. Your business will have an open backdoor for significantly more fraud risk. And, in many instances, you are entirely liable for fraudulent transactions accepted with magstripe instead of EMV.
EMV chip cards are almost impossible to counterfeit. Their security code (the final go-ahead to process the payment) changes every time someone uses it in stores. The chip-enabled cards work in tandem with EMV chip readers. So the most obvious way to avoid counterfeit and lost/stolen card fraud following the liability shift is to upgrade your terminals.
How to combat EMV chargebacks wave for merchants who are EMV chip-enabled
Chip-enabled merchants can take the steps below to counter chargebacks.
Merchants with EMV terminals should see higher rates of approvals on chip cards vs. magnetic stripe cards. Keeping terminals updated with the software updates is essential to ensure these higher rates of approved transactions continue. Once a merchant’s EMV terminals are fully operational, a fallback transaction could indicate that a fraudster has tampered with the chip or that the magnetic stripe is counterfeit.
⦁ Data quality
Merchants must maintain data integrity/accuracy across authorizations and settlement messages to alleviate confusion for issuers and minimize the chance of invalid chargebacks due to data quality.
⦁ Partial grade/early data transactions
Send all necessary data with the authorization request. Each network has its own rules for the data elements required in an authorization request message. Understand those rules and work with your acquirer to ensure you provide all required data in authorization messages.
How to combat EMV chargebacks wave for merchants who are not EMV chip-enabled
While the best defense against counterfeit fraud is to implement EMV chip technology, small-scale businesses cannot afford to implement EMV due to its cost and complexity. More so, as EMV technology works for in-person transactions, card-not-present transactions are seeing a surge in fraud and chargebacks.
Here are some preventive measures to reduce fraud and chargebacks.
⦁ Read and compare validation
Read and compare verification is a process under which the cashier enters the last four digits of the card number embossed on the card. The terminal validates these numbers against what you physically read off the magnetic stripe. If these digits do not match, then there is a high degree of certainty that the card is counterfeit.
⦁ Validate cardholder’s ID
If a transaction is suspicious, cashiers may ask the cardholder for an additional form of identification to check if the name on the card matches the form of identification to reduce the possibility of fraud.
⦁ Perform velocity checks
The merchant velocity checks, if available, to track the number of transactions associated with the same credit or debit card within a specific timeframe in the merchant’s system is often helpful in identifying fraudulent activity.
⦁ Understand transactions that could involve counterfeit
Understanding the types of transactions prone to chargebacks due to network liability shifts can help merchants take mitigative steps to reduce the risk of chargebacks and fraud. Here’s where data enrichment comes in handy.
⦁ Implement PIN-prompting for debit transactions
To reduce fraud in merchant environments that have not yet moved to chip, consider PIN prompting for all PIN-capable debit transactions. Capturing a knowledge-based verification method at the point of sale can reduce fraud substantially.
⦁ Secure your online sales from con artists
As we noted earlier, eCommerce businesses now face more fraud risks as EMV technology works for card-present transactions only. To make your CNP transactions more secure, use a payment gateway that works for your business model, employ identifiers to establish card credibility, and invest in excellent customer service.
Those are the standard steps you might already have in your back pocket.
The ultimate game-changer is to automate your chargebacks and ensure you’re leaving money on the table when scammers force their way with meritless chargebacks. And Chargeflow’s fully automated chargeback solution gives you over 50 data points to help you win disputes on autopilot. Chargeflow makes it easy for you to run and scale your business without worrying about chargebacks.
About the Author:
Content Marketing Manager at Chargeflow.
Tom-Chris Emewulu is Chargeflow’s Digital Evangelist. With 7+ years of digital marketing experience, he crafts compelling, data-driven SEO articles that put brands on page 1 of Google search. Forbes, DW, Business Insider, Businessss2Community, and many other publications have featured his works. You can find him on Social Media via @tomchrisemewulu.