EMV Chips & Liability Shift

Whenever a payment is in dispute, the fundamental question that must be resolved is which party should be held financially liable for the transaction? In some cases, the answer is clear. For example, if the merchant failed to deliver what the customer paid for, the merchant is liable.

Other situations are more complex. The cost of e-commerce fraud usually falls on the merchant, while liability for card-present fraud depends on whether EMV security standards were properly followed. There are important exceptions and network-specific nuances in both environments.

For card-present merchants, the biggest exception is the EMV liability shift, which can result in the merchant being held liable for certain types of counterfeit fraud if EMV technology is not properly utilized.

EMV chips are an effective fraud-prevention tool for card-present merchants, but the liability framework surrounding them requires careful compliance. Let's take a look at what EMV chips are, how they work, and what the EMV liability shift means for merchants.

What Are EMV Chips?

An EMV chip is a microchip embedded into a payment card that allows payments to be made more securely than the traditional magnetic stripe. Data stored on a magnetic stripe is static and can be copied if compromised, whereas EMV chips use dynamic authentication methods that make counterfeit fraud significantly more difficult.

Prior to EMV chips, most card-present transactions were processed by swiping the card's magnetic stripe and obtaining a signature from the customer. This system relied on static data and signature verification, both of which were relatively weak fraud controls.

In contrast, EMV chip transactions generate a unique cryptographic value for each transaction. Because the authentication data changes every time the card is used, duplicating card information from a single transaction does not enable fraudsters to create a usable counterfeit chip card.

EMV chips also support cardholder verification methods (CVMs) such as PIN, signature, or no CVM (depending on transaction amount and network rules). While many U.S. transactions historically relied on signature verification, contactless and PIN-based authentication are now widely supported.

How Do EMV Chips Work?

Unlike the magnetic stripe, which contains static track data, an EMV chip uses cryptographic processing to create a unique transaction-specific authorization request.

When the card is inserted (or tapped in the case of contactless EMV), the chip communicates with the terminal to generate dynamic authentication data. This data is sent to the issuing bank for authorization. Because each transaction contains a unique cryptogram, copied data from a prior transaction cannot be reused successfully.

Contactless EMV (tap-to-pay)transactions are now widely adopted and typically process faster than both chip insert and magnetic stripe transactions, addressing earlier concerns about transaction speed.

What Is the EMV Liability Shift?

The EMV liability shift was a set of rule changes implemented by the major card networks beginning in October2015 in the United States. These changes shifted liability for certain types of counterfeit card-present fraud to the party using the less secure technology at the point of sale.

Prior to the liability shift, issuing banks generally absorbed losses from counterfeit card-present fraud. To accelerate EMV adoption, the networks modified liability rules so that:

Liability for counterfeit fraud shifts to whichever party (issuer or acquirer/merchant) has not implemented EMV technology when the other party has.

In practical terms:

• If a counterfeit chip card is presented and the merchant does not have an EMV-capable terminal or does not use it, liability typically shifts to the merchant (via the acquirer).
• If the merchant has an EMV-capable terminal but the issuer has not issued a chip card, the issuer retains liability.
• If both parties are EMV-compliant and the chip is properly processed, the issuer typically remains liable for counterfeit fraud.

The liability shift primarily applies to counterfeit fraud in card-present environments. It does not broadly apply to all fraud types or all dispute reason codes.

The liability shift for Automated Fuel Dispensers (AFDs), including self-service gas pumps in the United States, was fully implemented in April 2021 after multiple extensions.

Who Is Liable for Fraudulent Fallback Transactions?

Fallback occurs when a chip cardis swiped using the magnetic stripe because the chip cannot be read.

If a fallback is required, the POS terminal will usually submit the transaction with the appropriate indicators to identify the swiped transaction as a fallback. Fallback transactions are considered higher-risk and are closely monitored by networks and issuers.

If the transaction is approved, however, the merchant will not be held liable for fraud claims in most cases. However, if the issuer determines proper EMV processing did not occur, liability may shift to the merchant.

To avoid this, staff should be trained to use a swiped or keyed transaction only when indicated by the POS terminal, not merely when a customer says their chip isn't working. Some merchants may choose to avoid fallback transaction entirely by asking for another payment method.

For some merchants, excessive fallback activity may subject lead to monitoring programs or penalties from their processors. Merchants should ensure terminals are properly maintained and that fallback procedures are used only when legitimately necessary.

A Brief History of EMV Technology

In the early 1990s, Europay, Mastercard, and Visa collaborated to develop EMV standards to improve card security and reduce counterfeit fraud. The standards are now managed by EMVCo, an organization owned by major global payment networks including Visa, Mastercard, American Express, Discover, JCB, and UnionPay.

EMV adoption has grown substantially worldwide. According to recent EMVCo reporting, over 90% of card-present transactions globally are now conducted using EMV chip technology.

Markets that have adopted EMV have experienced significant reductions in counterfeit card-present fraud. However, as security improved in card-present channels, fraud activity has increasingly shifted toward card-not-present (CNP) environments.

EMV and Chargebacks

EMV technology is a critical tool for reducing counterfeit card-present fraud and limiting related fraud chargebacks. When merchants properly process chip transactions on EMV-enabled terminals, liability for counterfeit fraud typically remains with the issuer.

However, EMV does not eliminate all chargebacks. It does not prevent:

• Card-not-present fraud
• Friendly fraud
• Authorization disputes
• Service-related disputes
• Recurring billing disputes

EMV should be viewed as one component of a comprehensive chargeback prevention strategy rather than a standalone solution.

Upgrading to and properly maintaining EMV-enabled POS terminals remains a foundational best practice for any card-present merchant. Preventing avoidable fraud exposure allows merchants to focus resources on managing more complex dispute scenarios that fall outside EMV protections.

FAQ