Know the Law: Who Is Liable for Chip-Based Credit Card Fraud?

Cameron G. Shilling
Director, Litigation Department & Chair of Cybersecurity and Privacy Group
Published: Union Leader
September 14, 2015

Q.  More and more of my customers are paying with credit cards that have chips in them.   Do I need a chip-based credit card reader?

A.  Credit card companies – not retailers or consumers – have historically absorbed the liability for fraudulent credit card transactions.  That will change on October 1, 2015.  If your business does not use EMV equipped card readers to process credit cards that utilize the new chip technology, then your business – not the credit card company – will be liable for fraudulent transactions.

The credit card industry in the United States has been transitioning for the last several years to cards that utilize embedded chips, in addition to the older magnet strip technology.  The reason is that the vast majority of credit card fraud occurs from the “skimming” of numbers from “swiping” a card’s magnet strip through a card reader.  Target, Home Depot, and TJX are just a few examples of such recent breaches affecting hundreds of millions of consumers.

Retailers outside of the United States started many years ago transitioning to chip technology, which is called “EMV.” Outside of this country, about 70% of all credit card readers employ EMV technology, compared to the relatively negligible adoption of EMV domestically.  As a result, the approximately $10 billion of annual domestic credit card fraud accounts for nearly half of global fraudulent credit card transactions, even though only about one quarter of all credit card transactions worldwide occur in the United States.

On October 1, 2015, there will be a change to the rules that major credit card companies apply to retailers and other credit card processors.  If fraudulent transactions occur using cards with chips, and the retailers/processors did not use EMV equipped card readers, then the retailers/processors – not the credit card companies – are liable for the fraudulent transactions.  By contrast, if a retailer/processor uses an EMV reader to process a chip equipped card, the credit card company is liable.  Also, credit card companies remain liable for fraudulent transactions using credit cards equipped only with a magnet strip and not the chip technology.

Because about 40% of credit cards in the United States presently have embedded chips, domestic retailers and credit card processors face significant potential liability for fraudulent transactions.  As a result, if your business processes credit card transactions, you should promptly convert to EMV enabled credit card readers.

Know the Law is a bi-weekly column sponsored by McLane Middleton, Professional Association. We invite your questions of business law.  Questions and ideas for future columns should be addressed to:  McLane Middleton, P.O. Box 888, Manchester, NH 03101 or emailed to knowthelaw@mclane.com.  Know the Law provides general legal information, not legal advice.  We recommend that you consult a lawyer for guidance specific to your particular situation.