Let’s paint two seemingly harmless scenarios for you. A customer comes into your business and attempts to pay for a purchase with an EMV chip card.
- The transaction fails despite your terminal being EMV certified, so you decide to proceed by allowing the customer to swipe his chip card.
- The transaction can’t be processed properly because your EMV terminal isn’t certified to process EMV transactions or doesn’t have an EMV slot. You work around this by asking the customer to swipe the chip card instead.
Great, you got paid! However, both of these examples illustrate an EMV fallback. A fallback transaction occurs when you opt to process a payment with the next-best technology. However, there’s a big distinction between these two scenarios.
In scenario No. 1, your business isn’t liable for fraud so long as you appropriately identify the transaction as an EMV fallback, authorize it online and it gets approved by the issuing bank. In contrast, scenario No. 2 falls squarely under the guidelines of the liability shift, which states that the merchant is liable for any fraud resulting from a swiped chip card. Why is there a distinction? In scenario No. 1, the business upgraded its technology to the new standard. In scenario No. 2, it didn’t.
Swiping a chip card in an outdated terminal undermines the security measures meant to keep your business and consumers safe from fraud. How so? As a quick refresher, EMV chip cards contain a computer chip that generates a unique code for every transaction. This makes it harder (but not impossible) for fraudsters to replicate cards. Chip card technology, however, only works when used alongside an EMV-capable credit card reader. An old-school terminal simply defaults to the traditional magnetic stripe for payment, which is far easier to copy.
EMV Fallback Is a Security Risk
As a business owner, allowing an EMV fallback to occur can put your business at risk in two ways. First, fraudsters are beginning to intentionally create faulty EMV chip cards with the knowledge that many business owners allow EMV fallbacks to occur. This is why scenario No. 1 detailed above is dangerous if you don’t properly identify the transaction as a fallback.
Swiping a rejected EMV card could result in chargebacks and cause your business to lose revenue and inventory (not to mention, jeopardizing your merchant account should you have excessive chargebacks).
Second, swiping an EMV chip card in an outdated terminal could result in a bank-initiated chargeback even if the transaction wasn’t fraudulent. This is a measure the card-issuing banks implemented to dissuade merchants from swiping chip cards. Unfortunately, it can be incredibly challenging for businesses to obtain EMV-certified equipment due to lengthy certification queues. Even if a provider claims to offer EMV terminals, the chip slot might be ineffective, resulting in EMV fallbacks on all chip card transactions.
Avoiding EMV Fallback
EMV fallback is a risk for your business, but you can mitigate it.
- Partner with an EMV-certified provider: Look for a provider that is EMV Level 3 certified (the highest level) to ensure that you’re not paying simply for a credit card reader with an extra slot. If the equipment isn’t certified, you’re left with the same outdated technology you started with.
- Use a credit card terminal that ensures proper processing: PayJunction’s Smart Terminal has the ability to detect when a customer swipes a chip card or inserts a magstripe card. This can reduce incorrect processing of chip cards, which is especially important with a customer-facing terminal.
It might seem like a lot of work (and expensive) to make equipment upgrades, but when the alternative is an increased rate of chargebacks, fraud and potential merchant account termination due to EMV fallback, it’s clearly worth the investment to upgrade to technology that will protect your business.
Has your business accepted EMV fallbacks? Are you in the market for new EMV-ready terminals? Let us know how your search is going in the comments section below!
Editor's Note: This post was originally published in August 2017 and has been updated for comprehensiveness and accuracy.