by Joe Finizio, Vice President of Sales & Marketing, ASI
A pro-sports player ran up a $6,000+ tab entertaining his entourage in a trendy club. The club was not yet upgraded to process EMV transactions. The credit card was signed and signing of the charge slip was captured on the security camera; however, when the customer disputed the charge saying he was not at the club and did not make the $6,000 purchase, the charge was removed from the pro’s credit card invoice and the liability for that charge transitioned to the club. The club disputed the charge-back, showed the signed card and disclosed the security camera footage of the signing to no avail. Because the club was not EMV compliant, they had no recourse.
This gap in compliance and the liability shift has created an opportunity for what is being called “friendly fraud,” which is defined as fraud from an entity known by the merchant. How can this be you ask? To answer this question, we need to take a step back in time (cue smoke and twilight zone music) …
On October 1, 2015, a deadline was imposed by the card brands for all U.S. merchants (hospitality, retail, grocery) that said they should be processing EMV/Smart/Chip payment transactions. If the merchant was not able to process EMV payment transactions, the liability for a fraudulent charge would then be placed on the merchant. Before the EMV deadline, the liability was on the card issuer for the fraudulent charge; however, EMV provided the opportunity to shift that liability to the merchant.
We are now five months past the deadline and the lack of compliance by both small and large merchants is widespread. Many of the supermarkets, mass retailers and restaurants I frequent are not able to process EMV transactions. Again, as of the deadline, merchants not able to process EMV transactions now own the liability for a fraudulent charges. (…and what about all those Ziosk terminals, does Olive Garden throw them away?)
Why the delay? Many of the merchant-based industry associations have complained about the cost for EMV implementation. It’s been characterized as a $30 billion dollar solution for a $10 billion dollar problem. The industry association representing petroleum retailers and convenience stores (NACS) estimates it will cost $9,500 per fuel pump for an EMV upgrade, which is why C-Stores have been given until October 1, 2017 to upgrade the fuel pumps before the liability shift. On the POS side, some of the delay has been due to the complex certification process for integrations that include POS software, payments software and payments devices. Every card brand and type of transaction must be tested and certified. That means lots of development, integration, testing, certification and cost.
Now back to the story at the beginning of this article. Could a situation like that really happen? Although not all “friendly fraud” is that blatant, the answer is yes. In fact, the National Restaurant Association was initially advising members not to worry about meeting the EMV deadline because they felt fraudsters would not bother to commit credit card fraud for a dinner! Well, two things are happening: some of the public has figured out that they can take advantage of the liability shift for merchants not yet able to process EMV payments and some of the public is committing credit card fraud for the value of a meal. Since the deadline, the EMV liability shift to merchants, both “card not present” fraud (online purchases) and now “friendly fraud,” has increased while “card present” fraud is beginning to decline.
The bottom line is no matter the size of your business, all merchants are at risk. To avoid charge backs from fraudsters, make sure you can process EMV payment transactions today.