Skip to main content

EMV Liability Shift

EMV chip technology shifted counterfeit fraud liability. The party with weaker security pays for fraud. If your terminal doesn't support chip and a chip card is used fraudulently, you're liable.

Understanding liability shift helps you make informed decisions about terminal upgrades and transaction handling.

How Liability Shift Works

The Basic Rule

Liability falls on the party with less secure technology.

Merchant HasCard HasLiability
Chip terminalChipIssuer
Chip terminalNo chip (mag-stripe)Issuer
No chip terminalChipMerchant
No chip terminalNo chipIssuer

Pre-EMV (Before October 2015)

Before liability shift:

  • Issuer liable for most card-present fraud
  • Merchant could swipe any card
  • Counterfeit cards worked at any terminal

Post-EMV (After October 2015)

After liability shift:

  • If merchant could have used chip but didn't → merchant liable
  • If issuer could have issued chip but didn't → issuer liable
  • Counterfeit chip cards much harder to create

What "Chip Terminal" Really Means

Having a terminal with a chip slot isn't enough. To get liability shift:

Requirements

RequirementWhy It Matters
EMV-capable terminalHardware must support chip
EMV enabledChip must be activated, not disabled
EMV certificationTerminal must be certified by networks
Chip used on transactionMust actually dip/tap, not swipe

Common Mistakes

MistakeResult
Chip terminal but EMV not enabledNo liability shift
Customer swipes chip cardNo liability shift
Fallback to swipe after chip errorPartial protection (varies)
Keyed entryNo liability shift

Transaction Types and Liability

Chip Dip (Contact EMV)

  • Card inserted into chip slot
  • Most secure for card-present
  • Full liability shift to issuer for counterfeit

Contactless (Tap)

  • Card or device tapped on terminal
  • Uses EMV technology
  • Liability shift applies
  • Includes Apple Pay, Google Pay (tokenized)

Swipe (Mag-Stripe)

  • Magnetic stripe read
  • No liability shift if chip card
  • Acceptable for non-chip cards
  • Falling back to swipe loses protection

Keyed (Manual Entry)

  • Numbers typed manually
  • No chip or swipe
  • Never gets liability shift
  • Highest risk transaction type

Fallback Transactions

When chip fails and you fall back to swipe:

What Causes Fallback

CauseFrequency
Dirty/damaged chipCommon
Terminal chip reader issueCommon
Card chip malfunctionOccasional
Fraud attempt (manipulated card)Rare

Fallback Liability Rules

ScenarioLiability
First fallbackOften protected (varies by network)
Repeated fallback same cardLoses protection
Fallback after chip read failedSome protection
Fallback without attempting chipNo protection

Fallback Best Practices

  1. Always attempt chip first
  2. Re-insert chip if first attempt fails
  3. Clean chip reader regularly
  4. Request different card if repeated failure
  5. Document fallback reasons

Reason Codes for Liability Shift Disputes

Visa

CodeNameWhen Used
10.5Visa Fraud Monitoring ProgramHigh fraud merchant

Note: Visa consolidated fraud codes. EMV liability disputes filed under fraud category with specific data elements indicating liability shift claim.

Mastercard

CodeNameWhen Used
4870Chip Liability Shift - CounterfeitChip card used at non-chip terminal
4871Chip Liability Shift - Lost/StolenChip card lost/stolen, used at non-chip terminal

Amex

CodeNameWhen Used
F30EMV CounterfeitCounterfeit chip card
F31EMV Lost/Stolen/NRILost, stolen, or never received

Discover

CodeNameWhen Used
UA05Fraud - Chip CardEMV counterfeit
UA06Fraud - Chip Card Lost/StolenEMV lost/stolen

Fighting EMV Liability Chargebacks

When You Can Win

ScenarioDefense
Chip was actually usedProvide chip transaction receipt showing EMV data
Terminal is certifiedProvide EMV certification documentation
Card wasn't chip-enabledBIN data showing non-chip card
Technical malfunction documentedTerminal logs showing forced fallback

When You'll Likely Lose

ScenarioWhy
Swiped a chip cardDidn't use available technology
Keyed a transactionNo verification at all
EMV not enabledConfiguration issue = your fault
Repeated fallbackPattern suggests avoidance

Evidence to Collect

EvidencePurpose
Transaction receiptShows entry method (chip/swipe/keyed)
Terminal certification docsProves EMV capability
Terminal batch reportShows transaction details
Chip data (ARQC/TC)Cryptographic proof of chip use

Contactless and Mobile Wallet Liability

Mobile Wallets (Apple Pay, Google Pay)

FactorLiability Implication
TokenizedToken represents card, not actual number
Device authenticationBiometric or PIN on device
LiabilityGenerally shifts to issuer

Mobile wallet transactions typically provide strong liability protection because:

  • Token is device-bound
  • Requires device authentication
  • Transaction includes device data

Contactless Cards

FactorLiability Implication
EMV contactlessUses chip technology wirelessly
Liability shiftYes, same as chip dip
Fraud rateGenerally low

Special Cases

Card-Present but Keyed

Sometimes you have the card but can't dip/swipe:

  • Damaged chip and mag-stripe
  • Reader malfunction
  • Phone order with card in hand

Liability: Still yours. Network rules don't care why you keyed.

Best practice: If chip and swipe both fail, request different payment method or decline transaction.

Hotel and Rental Pre-Authorization

ScenarioLiability
Initial auth (check-in)Chip used = protected
Incremental authMay not require card-present
Final captureBased on original auth

Hotels and rentals have special rules allowing delayed/incremental charges. Liability depends on original authorization method.

Recurring Transactions

ScenarioLiability
Initial chip transactionProtected
Subsequent recurringMIT (merchant-initiated) rules apply
Stored credentialBased on original capture method

Recurring billing after initial chip transaction generally maintains protection, but rules are complex. Check with your processor.

Terminal Compliance

EMV Certification Process

StepDescription
1. HardwareTerminal must support EMV
2. SoftwareEMV application loaded
3. L2 certificationNetwork-specific testing
4. L3 certificationProcessor/acquirer testing
5. DeploymentActivated in production

Maintaining Compliance

ActionFrequency
Firmware updatesAs released
Certification renewalsPer network requirements
Security patchesImmediately
Reader cleaningWeekly minimum

Terminal Inspection Checklist

  • Chip slot clean and unobstructed
  • No overlays on chip slot or PIN pad
  • Tamper-evident seals intact
  • Firmware current
  • EMV enabled (not bypassed)

Regional and Network Variations

Visa

  • Liability shift effective October 2015 (US)
  • Gas stations extended to October 2020
  • Specific rules for quick service restaurants

Mastercard

  • Similar timeline to Visa
  • Specific rules for certain MCCs
  • Standin processing rules

American Express

  • Liability shift effective October 2015
  • SafeKey (3DS) for CNP liability
  • Different rules for OptBlue merchants

Discover

  • ProtectBuy for authentication
  • Similar chip liability rules
  • Smaller issuer base

Future: Tap-to-Phone

Emerging technology allows phones to act as terminals:

FactorStatus
TechnologyPhone accepts contactless payments
CertificationNetwork programs exist (Visa Tap to Phone, etc.)
Liability shiftGenerally applies
SecuritySoftware-based security model

Watch this space for evolving rules.

Scale Callout

VolumeFocus
Under $50k/mo CPEnsure terminals are EMV-enabled. Don't overthink.
$50k-$250k/mo CPMonitor fallback rates. Clean readers regularly.
$250k-$1M/mo CPTrack liability shift chargebacks. Investigate patterns.
Over $1M/mo CPDedicated terminal management. Regular certification audits.

Where This Breaks

  1. Assuming chip = protected. Terminal must be certified AND EMV enabled AND chip actually used. Check all boxes.

  2. Ignoring fallback rates. High fallback rates signal terminal issues—and potential liability gaps. Monitor and fix.

  3. Keyed transactions for "convenience." Every keyed transaction is liability exposure. Minimize ruthlessly.