The liability shift went into effect on October 1, 2015. That means that your business could now be on the hook for certain types of fraudulent transactions if you aren’t set up to accept chip cards (EMV).
One particular question we hear a lot from sellers: Does the liability shift apply to online and over-the-phone fraud? The short answer is no. Below is a more in-depth explanation:
The liability shift is an effort to accelerate the nationwide switch to EMV (aka chip cards). EMV is a much more secure form of payment than magstripe cards, and its mass adoption will help reduce certain types of counterfeit credit card fraud. The banks are in the process of rolling out new cards (a Herculean effort, to say the least), and sellers are being asked to do their part by upgrading payments terminals to accept them. The liability shift puts a fire under that effort for businesses.
But contrary to what you might be hearing (there are a lot of misconceptions out there), the liability shift actually only applies to one type of credit card fraud. Specifically, the liability shift applies to “card present” fraud with a counterfeit EMV card.
Card present is a payments industry term that essentially means someone paid in person. After the liability shift, if a person pays with a counterfeit EMV card in person and you process that transaction as a magstripe payment, you could be held liable. Reason being that if you had processed that transaction as an EMV payment, the technology would have caught the fraudulent activity. However, if someone paid in person (card present) with a magstripe card, nothing changes. One way to think about it is that the fraud is shifting to the party with the lesser technology. Here’s a graph to walk you through when you could be held liable for card-present transactions:
But what about fraud that doesn’t occur in person? On the other side of the coin is something called “card not present.” This essentially means that someone did not hand over a physical card — they either paid online or over the phone. The new liability shift rules do not apply to fraudulent card-not-present transactions. For fraudulent online and over-the-phone transactions, nothing has changed in how the banks handle those charges.
So, to sum up: The only type of fraud that falls under the liability shift rules is in-person fraud with a counterfeit EMV card if you don’t have an EMV reader (or if you swipe an EMV card when you should have dipped it). For everything else, nothing changes.