EMV chip and pin liability shift hidden merchant risk

EMV terminal and EMV technology selection can impact merchant liability depending on chip and pin capabilities and management of them. Use this information to ask key questions before selecting an EMV solution.

Liability shift for stolen cards for MasterCard, American Express, and Discover

  • If the card is chip & sign, and the terminal is EMV only, the card issuer is liable
  • If the card is chip & pin, and the terminal is EMV only, the merchant is liable
  • If the card is chip & pin, and the terminal is EMV with pin, the issuer is liable

What if the terminal supports EMV & pin, but the customer does chip & sign? The merchant is liable.  Acquirers generally support chip and pin bypass to chip and signature. The only way to effectively manage liability is to steer customers to the action protecting the merchant.

emv fraud liabilityTerminals may be able to be programmed to disable pin bypass; First Data ships terminals with PIN bypass disabled.

  • Integrated payment gateways and and standalone virtual terminals can also drive terminals; because the terminals have no programming, the payment technology must have the capability to dynamically determine the best way to process, and prompt the consumer to the actions allowed. This is a tall order for most gateways, as they do not have that type of dynamic capability, and or, the gateway may not have the needed EMV certification. CenPOS disables the consumers ability to select signature over pin at the POS.

The entire EMV transaction process is certified. If an EMV certified terminal, including integrated or non-integrated payment gateway with terminal, doesn’t support the option to require chip and pin when the card issuer supports it, merchants need to weigh the associated financial risks.