Credit unions: Is it time to decline fallback?

Fallback occurs when a credit or debit EMV chip card cannot be read at a chip terminal when inserted and is processed by swiping the mag stripe. Fallback is typically seen in a market where EMV is first being introduced. An incorrectly configured terminal, terminals that are not set up to process “chip and PIN”, terminals that have not been programmed to route transactions over some networks, and in rare cases, defective chips within the card, are all potential or legitimate reasons for a chip card to not be capable of being read properly at the terminal. In these cases permitting the cardholder to complete the transaction by swiping the mag stripe card at the terminal seems like the proper way to minimize customer inconvenience.

Liability for fraudulent activity conducted in this manner lies with the issuer, not with the merchant/terminal owner. A thought leadership article published last year suggested that fallback transactions should not be declined by issuers, since the inconvenience to legitimate cardholders greatly outweighed the fraud using fallback, or in fraud terminology – EMV chip circumvention.

Several circumstances have changed since this time last year, all leading up to a decrease in “legitimate” fallback and a rise in fraudulent fallback transactions. Nearly all of the terminal configuration issues have been resolved, and while there are still many merchants that have not begun to convert their mag stripe terminals to chip-accepting terminals, the vendors in this space have the experience from other implementations to ensure that future conversions are less problematic. At the same time, fraudsters have developed new ways to force fallback and use magnetic stripe data obtained in the many breaches that have occurred recently. Creating real chip cards with chips devoid of any programming (not something the terminal expects), or chip cards with unreadable chips are ways to force the terminal to request the cardholder, in this case the fraudster, to continue the transaction by swiping the card.

continue reading »

More News