Credit Card Fraud Liability pushed to Non-compliant Merchants as of Oct 1st

On Oct. 1, 2015, new credit card rules went into effect which will transfer fraud liabilitto whichever party is the least EMV-compliant in a fraudulent transaction. This would apply directly to merchants who continue to use old “swipe” credit card processing machines. Compliance is deferred to 2016 for most ATM providers and 2017  for pay-at-pump gas stations and the balance of ATMs.

EMV-compliant card with embedded chip

EMV-compliant credit card with embedded chip

To address increasing credit card fraud, the U.S. has formally moved to EMV-compliant cards, which stands for Europay, MasterCard and Visa. EMV is a global standard for cards equipped with computer chips and the technology used to authenticate chip-card transactions. EMV is embedded onto a payment card in a microprocessor chip that stores and protects cardholder data.  The EMV technology is designed to improve payment security, making it more difficult for fraudsters to successfully counterfeit cards.

EMV-compliant merchant card reader

EMV-compliant merchant card reader

Businesses who accept credit card payments have been faced with updating all credit card processing machines to comply with the new cards being issued. Those firms that did not update their machines by Oct. 1 can be held financially liable for any credit card fraud that takes place. This represents a major shift in liability from the credit card companies to the businesses that accept card payments.

Consumers are already seeing a difference in the way that they use their credit cards as instead of swiping in the traditional way, cards are either inserted into a terminal slot (card dipping) or tapped against the terminal scanner (near field communication) for processing.

Dipping the card begins the process of data verification between the issuing bank and the chip.  Once the card is verified, the unique transaction data is created. Near field communications cards (aka as Contactless cards) have been rolled out largely in Canada and Europe.  Most cards and terminals in the U.S. will require dipping.

EMV does not totally reduce the risk of credit card data being captured and reproduced as it still has vulnerabilities, which is why we can probably expect to the additional authentication requirements of a signature or a PIN layered on to all transactions in the near future.

Sources: Molly Brogan ( and Sienna Kossman ( 


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.