Now that the much-publicized October 1 EMV liability shift deadline set by Visa, MasterCard, American Express and Discover has passed, merchants across the U.S. are working diligently to implement new EMV-enabled payment terminals that will better protect customers at the point of sale and reduce their own liability for card fraud.
While the nationwide conversion to EMV security is paving the way to a future nearly free of counterfeit cards, there are pitfalls along the way that credit unions need to understand.
“EMV technology brings new levels of security to consumers by hindering a fraudster’s ability to create counterfeit cards,” said Michelle Thornton, director of product development for CO-OP Financial Services. “However, the EMV cards consumers have in their wallets today also feature a magnetic stripe. Although this allows these cards to work with terminals that are not yet EMV-enabled, it also creates a window of opportunity for fraudsters and puts credit unions in an uncertain position.”
A 2015 study by Mercator Advisory Group, Inc. titled “Debit Transactions in an EMV World: A Practical Guide” explains why.
According to the report, “Having magnetic stripe data still available creates transactions called ‘fallbacks.’ If a consumer is uncomfortable using the chip on a card, the chip on the card is damaged, or the terminal is not reading cards properly, the card can be swiped, and the transaction will ‘fall back’ to a magnetic-stripe transaction.”
Fallbacks and Fraud
While fallbacks are legitimate transactions that make purchasing more convenient today for merchants and consumers, Thornton advises credit unions to pay close attention to these transactions.
“As long as EMV cards come equipped with magnetic stripes, a fraudster can steal a chip card, deliberately damage the chip and then copy stolen card information onto the magnetic stripe,” she said. “When the card is inserted into an EMV terminal and the chip doesn’t work, the transaction will likely be swiped using the stolen information.”
The Fallback Dilemma
According to Thornton, whenever a fallback occurs, credit unions should proceed with caution.
“As an issuer, the credit union will have the benefit of knowing that the transaction is a fallback, but may not have the data to assess whether it is legitimate,” she said. “So it can be very easy to unknowingly authorize a fraudulent transaction. And when this happens, the credit union is liable for the damages. At the same time, whenever a legitimate fallback transaction is denied by the credit union, the member can be inconvenienced considerably – and for no apparent reason.”
So what should credit unions do to minimize their liability for fraud while protecting their members’ interests?
“We advise credit unions to document and follow up on fallback transactions to ensure that the fallback is a legitimate transaction,” said Thornton. “We don’t recommend denying all fallbacks as this could be very disruptive to members that use your debit and credit cards.”
She continued, “There will be a day when the magnetic stripe is a thing of the past, but for now, credit unions and their members need to actively monitor account activity. Advanced technologies can help, such as analytics systems that assist credit unions in identifying potential points of compromise, and smartphone apps that members can use to set their own card controls and alerts. Teaming with members in the fight against fraud is always the best approach, and one that will save time, money and headaches for everyone involved.”
Learn more about the migration to EMV now in progress in CO-OP’s EMV Common AID white paper.
The post Navigating Fallbacks: Why EMV Adoption Brings New Challenges at Checkout appeared first on Insight Vault.