When Cardholders Dispute Valid Transactions
It was never meant to be like this. The global migration from magnetic stripe cards to the more secure chip-embedded cards was intended to add another layer of security against fraud. However, the reality is that during the transition to full EMV compliance, chargebacks are skyrocketing and it is the merchants who are paying the price.
In what appears to be an intentional and repeated practice, some cardholders are claiming after the fact not to have made card purchases that they actually did make, in order to be reimbursed by merchants through the chargeback process. This is known as friendly fraud. Card networks restate the need to move quickly to EMVTM chip cards to prevent this, but for a variety of reasons, many merchants have not been able to fully upgrade their POS systems. In addition, claiming they were not given enough time to upgrade to EMV, some merchants are threatening class-action lawsuits against the card networks. How did it come to this?
The “I Didn’t Buy It” Defense
The plan is simple and targets merchants that have not yet fully upgraded their point of sale to accept chip cards. A cardholder buys goods or services from a merchant, but then simply denies the transaction ever took place when their statement arrives. The payment amount is taken from the merchant and returned to the cardholder’s account, leaving the merchant out of merchandise as well as money. The cardholder now has effectively gotten the goods for free. This is not the intended use of the chargeback system, and it could be years before some merchants are able to upgrade.
As EMV migration continues, many merchants have not yet installed the new hardware needed to process chip cards and continue to be vulnerable. The ‘friendly’ fraudsters consciously scan for merchants who have not yet migrated to EMV as their potential victims. Bucking the trend for fraud to be increasingly high-tech, this crime targets low technology merchants. In many instances, the merchant loses even when they have physical evidence of the purchase by the cardholder; a signed receipt, or even photo or video evidence of the cardholder receiving the goods has not been enough sometimes.
Friendly fraud has been around for a long time, but since the liability shift in October, 2015, it is increasing at an alarming rate. But with the recent shift in chargeback liability, it is the merchants who are paying.
Blaming the Victim
It’s now seven months after the EMV liability shift in the U.S. and most merchants have not upgraded their POS. And it is not just the smaller merchants who are at risk; many national supermarket chains and restaurants do not yet accept chip cards. If retailers can’t accept EMV cards, then they are at risk for not only counterfeit fraud, but also this new wave of friendly fraud. This results in the merchant not only losing the goods and services, but also any fines and fees associated with the chargeback itself.
With merchants out of pocket, the obvious question is what the issuers are doing about this. On the surface, there is intent to deceive for monetary gain, so what can be done to curb this when repeated by a single cardholder? Are the issuers on the lookout for friendly fraud, and if so, what is the impact to the cardholder when identified?
Some merchants are fighting back.
From the merchants’ perspective, they have been made the victims in an unfair and one-sided situation. The very people who drove the change in fraud liability are the same people who benefit from making the merchants pay when fraud occurs.
A few lawsuits are already underway, and there is talk of merchants filing a class-action lawsuit against the major card networks of Visa, MasterCard, American Express, etc. They allege that the networks knew in advance that their EMV chip-card certifications would be delayed beyond the October, 2015 liability shift, that it was simply impossible for millions of merchants to upgrade all of their POS devices, and yet they went ahead anyway. Strong allegations.
The Transition Loophole
The migration to EMV was meant to be the solution, and it now looks to drive another wedge between the card networks, issuers and merchants. The problem is the transition period, but a full EMV certified migration will not be complete for some time. What can merchants to about it?
The trend will only continue and merchants need to have a friendly fraud prevention strategy in place to protect payments against unscrupulous consumers looking to game the system. Online merchants have had multiple layers of additional security to protect themselves for years (email confirmations, CVV2 verification, 3-D Secure, AVS, signed delivery documents, etc.), but main street merchants have fewer options.
Merchants and the card networks need to cooperate to solve this issue. But given the lack of action from the card networks, some merchants are looking to their lawyers to force a resolution. The bottom line is that no matter the size of your business, any merchant can be a victim of this type of fraudulent behavior. The only sure way to avoid charge backs from fraudsters, counterfeit or friendly, is to make sure you can process chip card transactions today.
- Should acquirers do more to help merchants during the transition they mandated?
- Are the card networks in some way guilty of causing the issue?
- Should merchants be forced to migrate to EMV quicker?
How else can merchants protect themselves during the transition?