Transaction Security
H017WR70
H017WR70
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Selected Industry Trends<br />
Who is Liable for Card-Present Fraud?<br />
Consumers<br />
Depending on the situation,<br />
merchants or issuers can be<br />
held liable for card fraud; while<br />
consumers are typically not<br />
responsible for fraud, it can<br />
leave victims feeling vulnerable<br />
and insecure, thus creating a<br />
lack of trust in transaction<br />
security infrastructure<br />
• Under the Electronic Fund Transfer<br />
Act: if loss is reported within 60<br />
days of occurrence, the consumer’s<br />
liability is limited under federal law<br />
Pre-EMV<br />
• As a practical matter, consumers<br />
are rarely if ever charged<br />
Merchants<br />
• Merchants are typically not held liable<br />
for card fraud when the card is present<br />
and a signature is collected<br />
• However, businesses that suffer<br />
security breaches can be held liable for<br />
significant fraud expenses under certain<br />
conditions (e.g. poor security,<br />
negligence, etc.)<br />
• For card-not-present transactions, the<br />
implementation of 3D-Secure (discussed<br />
later) shifts any fraud liability away from<br />
merchants to issuers<br />
Issuers<br />
• Due to operating regulations, the<br />
burden of fraud reimbursement<br />
typically resides with issuers<br />
• Issuers may look to go after<br />
counterparties to recoup losses, but<br />
issuers are typically hit the hardest<br />
Post-EMV<br />
• Consumer’s limited liability<br />
protection will remain in effect after<br />
the October 1, 2015 EMV deadline<br />
‒ Possible exception if the cardholder<br />
acts with negligence, but the<br />
burden of proof lies with merchants<br />
and issuers (1)<br />
• As a practical matter, consumers<br />
probably will not be charged<br />
• Liability for counterfeit card-present<br />
transactions will shift to the merchant<br />
if they are not EMV-compliant with<br />
proper terminals<br />
‒ Retailers that upgrade their<br />
hardware by the October 2015<br />
deadline will eliminate the potential<br />
liability<br />
• EMV does not directly impact rules<br />
around card-not-present transactions<br />
The party that does not offer<br />
EMV-compliant devices<br />
(merchant) or cards (issuer) will<br />
face liability for counterfeit cardpresent<br />
transactions<br />
• EMV does not impact rules around<br />
card-not-present transactions<br />
Source: Data Protection Report, NerdWallet.<br />
(1) NY Times, “Consumer Liability Unlikely to Change With New Credit Cards.”<br />
16