Article

EMV Liability in Flux

Contributing Writer
member of Bellco Credit Union

3 minutes

This is bonus coverage from “Payments End Game” from the February 2016 issue of CUES’ Credit Union Management magazine.

Certainly legislators did their best to clearly outline the liability shift they envisioned as EMV cards came online in the United States last October. But some kinks in the system are still being worked out, according to reports from the field.

“We converted our debit card program to all EMV cards last summer,” says CUES member Scott Duszynski, president/CEO of Keys Federal Credit Union, Key West, Fla. “Recently we discovered that some vendors that have their terminals activated allow the EMV cards to be swiped with no notice to the member. By allowing this, the merchant just shifted the liability back to us. Most merchants have the terminals set to tell the cardholder to insert the card in the chip reader. Some, including Walgreens, do not.

“We brought this up with our card processor and they suggested we ‘decline’ transactions when the member swipes our EMV card, but that is sure to upset our members.”

“It is a problem,” says Michelle Thornton, director of product development at CUES Supplier member CO-OP Financial Services, Rancho Cucamonga, Calif. There are situations where liability should shift to the merchant, but doesn’t, because of accidental or deliberate POS processes.

“This whole activity is in a state of flux, and what happens varies a lot from merchant to merchant and even at the same merchant from week to week,” she explains, suggesting that some of the confusion is implementation glitches.

If a chip card is swiped at an EMV terminal, the transaction is still identified as an EMV transaction, she clarifies. Data in the mag stripe identify a smart card. Both ends are EMV capable. No liability shifts. But there are situations where technicalities trigger what’s known as a “fall-back to mag stripe” where the smart card is unsmarted and the liability sticks with the issuer.

“If the merchant turns off elements of their software that would trigger a ‘fall-back,’ one would assume they would still be liable but sometimes aren’t,” she points out. “To clarify, issuers aren’t more liable than they were, but they’re not able to transfer as much liability as the rule-makers intended.”

EMV is not the only way to fight fraud at merchant locations. $86 million Southern Lakes Credit Union, Kenosha, Wis., was watching a troublesome uptick in fraud. When it hit $11,000 a month, the CU keyed in on the sources of the fraud and found it was occurring most often at pharmacies, grocery stores, gas stations and big box stores like Walmart and Target.

So the CU used merchant category codes (the four-digit number assigned to a business by credit card companies when the business starts to accept the card as payment) to restrict transactions at those merchant categories, explains CUES member Georgine J. Levine, CEO. “That totally stopped the fraud, and we only had two complaints from our 11,300 members,” she reports. Online purchases have shown no fraud, so the CU imposed no restrictions there.

“We sent a letter to our members explaining what and why we were doing the change,” she adds. “We also published our letter and information on our website.”

By the end of 2016, all Southern Lakes CU cards will be smart cards, which may eliminate the need for merchant blocks, she suggests.

Experts in a February 2016 Credit Union Management magazine story, “Payments End Game,” say credit unions will benefit both from having a long-term merchant strategy and from watching all aspects of the payments landscape closely.

Richard H. Gamble is a freelance writer based in Colorado.

Compass Subscription