NEWS ANALYSIS: Merchants of all sizes are taking legal action against big credit card companies and banks over claims of excessive chargebacks and complex rules that weaken security.
When the EMV card liability shift happened in October 2015, things seemed to be fairly straightforward.
If a merchant wanted to avoid new rules transferring liability for stolen or counterfeit cards to them, they needed to accept the more secure types of payment cards outfitted with an EMV chip.Those cards, widely accepted nearly everywhere in the world except in the U.S., are nearly impossible to counterfeit, and provide great security in transactions because they can be used with a PIN code authenticated by the credit card network.Unfortunately, that’s not how things worked out. October came, and merchants began buying the new credit card readers and POS systems designed to accept the EMV cards.
But then the merchants found that their supposedly secure transactions actually weren’t secure and the credit card companies weren’t protecting them from losses despite their buy-in to the new technology.This was because the big credit card companies, primarily MasterCard and Visa, were requiring that each credit card terminal be certified and because the same companies were not permitting the use of cards that used PIN codes for authentication.
Merchants discovered that it became nearly impossible to obtain certifications for those terminals from the credit card companies.
Furthermore, even though merchants had the new credit card terminals, they were getting hit with the cost of fraudulent transactions anyway.
The problem with using PINs at terminals was more complex and caused a lot of finger-pointing.
The use of PINs at a card reader requires access to a PIN processing network.
If you’ve ever used a debit card to buy something at a store, then your use of the PIN used that network.But with the advent of EMV cards, the credit card companies decided that the PIN network they’d been using wouldn’t do and instead required a new authentication network, run (surprise) by Visa and MasterCard.Another complication emerged when the credit card companies decided that merchants could no longer require the use of PINs, but also had to allow the use of signatures for their chip enabled cards. Perhaps it should be no surprise that the processing of signatures through those captive networks was suddenly much more expensive than it was to use other networks.All of a sudden, merchants were being hit in two directions.
They were seeing a huge increase in chargebacks because of fraudulent card use and they were finding that they couldn’t protect themselves by demanding the use of more secure chip and PIN cards.In some cases it became worse than it had been, because merchants were now not able to insist on PIN use for chip-enabled debit cards, meaning they now had to accept the liability for those in addition to the credit cards.Because of those issues, there are now two sets of lawsuits.
In one, some large retailers including Walmart, Home Depot and Kroger are suing because the credit card companies and their issuing banks won’t let them require PINs for payment cards that have them, including debit cards, where until now PINs were already the standard.