Visa is acknowledging a merchant EMV migration logjam by loosening fraud chargeback policies and enabling faster chip card certifications for merchants.
The card brand is introducing two modifications to its liability policy for merchants not yet accepting chip-card technology. In a change that goes into effect July 22, Visa will block all U.S. counterfeit fraud chargebacks less than $25. Another change, that takes hold in October, will limit to 10 the number of counterfeit fraud transactions that issuers can charge back to merchants and their acquirers from a single card account. Both changes will remain until April 2018.
At first glance, the $25 chargeback block may not appear as a significant help to merchants, because it was generally considered to be the type of chargeback that issuers would not bother with, mostly because the cost for banks globally to process a chargeback can run between $15 and $50. But that has been changing rapidly.
"Depending on the degree of automation, there are many banks now that can charge back, cost effectively, for those transactions less than $25," said Mark Nelsen, Visa's vice president of risk products and business intelligence.
The change will be painful for issuers in the short term because many are now operating systems that can process chargebacks at a cost of about $1, said Julie Conroy, research director and fraud expert with Boston-based Aite Group.
"That means they can seek chargebacks of only $1 with their systems," Conroy said. "But the concern for many of them now is having the IT work done by July 22 to accommodate the policy change."
In also limiting chargebacks on a fraudulent card account to 10 transactions, merchants will see a benefit in avoiding losses when criminals use the same card at different merchant sites in an attempt to avoid detection, Nelsen said.
With the ongoing data breaches that compromise significant numbers of payment credentials, the number of counterfeit cards roaming networks to find safe landing places is likely to increase. Their targets will be merchant locations void of the EMV technology that stifles counterfeit fraud.
"When you look at the total number of card accounts that have more than 10 fraudulent transactions, that number is small, but it is something we can implement to help merchants as they get ready for EMV," Nelsen said.
In addition to helping merchants avoid some chargeback costs, the transaction limit reinforces the responsibility that issuers already have in detecting and acting on counterfeit fraud quickly to get those cards off the books, Nelsen said.
The policy changes together will significantly reduce the number chargebacks merchants are seeing, Nelsen added. Following these changes, merchants can expect to see 40% fewer counterfeit chargebacks, and a 15% reduction in U.S. counterfeit fraud dollars being charged back, he said.
The policy shift may carry a little more weight with merchants still taking mag-stripe card transactions than the initial "incentive" Visa had in place in 2011 when first pushing the potential of PCI scope cost reductions for having a certain percentage of Visa transactions through EMV rails.
The major card brands put the EMV migration liability shift into place, starting in October of 2015, making the party unable to issue or accept chip cards liable for fraud at the point of sale.
Since that date, the industry has been plagued with merchant complaints about certification process backups and an unwieldy amount of chargebacks, many of which they felt were not entirely related to the EMV process.
"While I have not had the opportunity to discuss these changes with members, they appear to be positive for merchants and it is good to see Visa taking steps to remove some of the barriers to EMV implementation as well as mitigate some of the damages to merchants associated with chargebacks," Mark Horwedel, CEO of the Merchant Advisory Group, said in an e-mail issued to media.
Horwedel reiterated that it has been more than eight months since the card networks' "unreasonable dates set for a liability shift," one that was delayed over technology debates regarding debit transaction routing and has proven to be costly for most merchants. In addition, he said merchant organizations are gathering information related to issuers abuse of chargeback rules and authorization methods.
"Hopefully, all of the networks will address the shortcomings of the U.S. EMV implementation by rolling back their unreasonable liability shifts …" Horwedel said.
With the liability policy changes helping fraud costs, Visa is also looking to move more merchants into the EMV world faster. The card brand has streamlined its testing requirements, amended and simplified the terminal certification process as well as offering resources and technical expertise as needed to reduce certification processes "by as much as 50%."
Most of this streamlining centers on whether a merchant needs offline authorization as part of the EMV equation. Unlike Europe in the early days of EMV, which suffered from unreliable communications infrastructure, the U.S. has more advanced technology for online authorization from the point of sale.
As such, merchants can eliminate much time in the certification process by forgoing the testing that would allow offline authorization in the rare cases it might be needed because of network or other technology snags. Offline authorization has made sense in some cases for low-value transactions when a merchant chooses to authorize locally and forgo online/real-time authorization. But even those cases are becoming rare in the U.S.
"Offline authorization has very limited value in the U.S," Nelsen said. "Here, every time you present a card at the POS, or as an online authorization, it is sent to the issuer in real time. We already process 100% of transactions online in real time, so offline is not really needed."
However, merchants still can choose to include offline capabilities, and there remains some terminals in the U.S. that operate in that manner, Nelsen said. "What we are saying is to focus on what is needed in this marketplace to provide the liability protection, but remove all of the complexity not needed for that environment."
In addition to making the development, testing and certification of EMV for merchants less time-consuming, Visa is also providing acquirers more authority to determine the appropriate level of testing required to assure a merchant's solution is ready. Part of that process may evolve into a setup to avoid duplication testing in which acquirers share certification test results with other acquirers, who can take that information into account when working with similar merchant configurations.
The faster certification process falls in line with the Quick Chip advancements being offered to merchants through Visa, MasterCard and American Express. The Quick Chip technology, designed to speed up the EMV chip card reader process at the POS, was also achieved by dropping many of the authorization checks that were in place in the original EMV coding. In other words, U.S. EMV chips seeking authorization do not have to go through the same process, and offline checks, as those used originally in Europe.
The process and policy changes represent a peace offering from Visa, coming at a time when the card brand is at a heightened pace of legal turmoil with merchants. Both Walmart and Home Depot have filed lawsuits against the card brand in the past few weeks for perceived debit routing violations that steer the retailers away from what they consider stronger security with PIN transactions.
"It is definitely throwing a bone to merchants and will certainly have a dollar impact on the plus side for merchants and the negative side for issuers," Aite's Conroy said. "It is probably not as far as what merchants would like to see, but Visa is certainly feeling pressure to do something and, even though they can't make everyone happy, this is a step forward."