CHARGEBACKS: EMV LIABILITY SHIFT
16 Slides1.28 MB
CHARGEBACKS: EMV LIABILITY SHIFT
PRESENTERS Presenters: Georgia Stavrakis Sr. Director of Loss Prevention Laura J. Gaudin Director of Product Management
PCI COMPLIANCY & EMV EMV stands for Europay, MasterCard and Visa, a global standard for interoperation of integrated circuit cards (IC cards or "chip cards") and IC card capable point of sale (POS) terminals and automated teller machines (ATMs), for authenticating credit and debit card transactions. Maintaining your PCI Compliancy DOES NOT require you to accommodate chip card transactions, YET.
EMV LIABILITY SHIFT A traditional magnetic stripe card is swiped by the customer at a magnetic stripe terminal. If the purchase is a counterfeit transaction, the merchant is generally not liable, just like in the past.
EMV LIABILITY SHIFT A chip card is used at a traditional magnetic stripe-only terminal. If the purchase is a counterfeit transaction, the merchant is generally holds liability, because the issuer has made the investment in chip technology to make transactions more secure while the merchant did not invest in upgrading to chip.
EMV LIABILITY SHIFT A chip card is used at a chipenabled terminal that has been activated by the merchant. If the purchase is a counterfeit transaction, the merchant is not liable, and the issuer will continue to bear the responsibility of counterfeit fraudulent activity.
SECURITY BENEFIT OF CHIP TECHNOLOGY Chip cards protect in-store payments by generating a unique, one-time code needed for the transaction to be approved. This feature makes it virtually impossible to counterfeit cards, helping to eliminate in-store fraud.
WHY EMV? More Secure Transaction Protects against counterfeit Deters breaches Infrastructure enhancements LIABILITY SHIFT Designated dispute codes Fraud falls to the least secure technology Cannot rebut disputes Issuers must close reported cards
ANNOUNCEMENT Effective July 22, 2016, Visa & American Express will no longer allow EMV counterfeit chargebacks for sales under 25 Effective October 2016, issuers will be limited to charging back 10 fraudulent counterfeit transaction per account Visa states that merchants can expect to see 40% fewer counterfeit chargebacks
STATISTICS Restaurant counterfeit fraud: Oct 2014 to Oct 2015 0.001% Oct 2015 to present 0.0007% EMV chargebacks average under 50 67% of cards are EMV enabled 1.2mm merchants EMV enabled 27% decrease in counterfeit fraud from Jan 2015- Jan 2016
TRENDS Top Merchant Categories: Petroleum/Inside Sales Restaurants/Bars Liquor Stores Fast Food Restaurants High Risk Areas: TX, NY, CA, FL, IL, NJ, Customer used counterfeit 6 years Foreign cards/Border areas cards for Student printed & sold counterfeit cards in dormitory Customer used a different counterfeit card every day Multiple tabs on different cards Larger orders/Catering Large cities/populated areas College towns Counterfeit magstripe is actually an EMV Long time business customer counterfeit card used Gift cards that are actually EMV credit cards
BEST PRACTICES Identifying Counterfeit: Verification of last 4 digits Compare signatures Card identification features CVV/CVV2/CID and/or AVS Acceptance Options: Stand alone EMV terminal Middleware/PAX (pin pad connected to the POS) Vendor certifications (inquire directly to POS) Convert to EMV certified vendor Processor Best Practices: Spot checking card closures Monitoring for issuer/customer abuse Escalation process for patterns of misuse Monitoring for incomplete or incorrect disputes
BENEFITS OF UPGRADING TO EMV PROCESSING WITH REVENTION Removes your point of sale from scope of PCI Compliancy. Allows you, as a merchant, to qualify for the SAQ C - PCI-DSS Self-Assessment Questionnaire. P2PE – Point to point encryption. NFC Processing – include Apple Pay, Google Wallet, Samsung Pay. Supports PIN/Debit. Chip card processing.
QUESTIONS TO ASK WHEN CONSIDERING THE EMV UPGRADE What will be the hardware investment? When integrated with POS, which processors are supported? Does the solution support the tips being added after the initial transaction? When is a PIN required? How does this effect full service restaurants that don’t have table side processing? Are your gift cards still supported?
GATEWAY DATA FLOW