September 2016
 
Dear U.S. Payments Forum member,

I wish to welcome our members and guests to Chicago for our September gathering and the first in-person meeting of the U.S. Payments Forum organization. We are excited to kick off this meeting under the new name, one that reflects the expanded charter and focus on both EMV and other new and emerging payments technologies in the United States that protect the security of, and enhance opportunities for payment transactions within the U.S. We hope that you are pleased with the new graphics representing the changes that have taken place since we met in June.

We are delighted that so many members have already renewed their memberships in the new U.S. Payments Forum, and new members are joining every month. And yet as we start a new path for this organization, we are reminded that the culture and legacy of the EMV Migration Forum are never far away. In fact, many industry participants are still dealing with EMV chip technology and its implementation nearly one year after the October 2015 liability shift. Also, there are significant EMV milestones yet to come, such as the ATM liability shift, the retail petroleum liability shift, new faster chip transaction processing developments, and other solutions addressing the continued backlog that exists for merchants to get through EMV testing and certification. Those EMV-related issues will be front and center throughout the remainder of the year.

Many of you recently participated in a recent member survey asking what new topics beyond EMV that you wanted the U.S. Payments Forum to focus on in the future. The survey revealed the most popular topics:
  • Mobile payments technologies and the impact on issuers and merchants
  • Tokenization
  • Payments authentication using mobile devices
  • Integration of the mobile wallet “Pays” at the POS
  • EMVCo Payment Account Reference (PAR)
For this meeting, you’ll see that we added sessions to address mobile payments. We’ll also be looking at our Working Committees and assess how we are covering new topics. We look forward to having a great conference in Chicago and continuing our mission to serve the stakeholders in the U.S. payments market.

Randy Vanderhoof
Director, U.S. Payments Forum
 
In the Spotlight
EMV Chargeback Best Practices
Fraud impacts all stakeholders, and EMV implementation in the United States is aimed at reducing card-present fraud. Counterfeit card-present fraud represents a significant percentage of the overall payment card fraud in the U.S. 1 and EMV has been shown to be an effective tool in reducing this fraud 2,3,once the number of chip-enabled cards and chip-supporting payment acceptance devices reaches a critical mass. Changes in payment network rules that took effect starting in October 2015 seek to support the migration to EMV by placing liability for fraud – counterfeit, and in the case of most networks, also lost and stolen – with the party to the transaction that has not successfully transitioned to EMV chip technology. 4

Chip Liability Shifts and Chargeback Codes
In connection with the migration to EMV in the U.S. and implementation of payment network counterfeit and lost/stolen fraud liability shifts, chargeback reason codes were established for counterfeit, and lost/stolen EMV chip card transactions covered by those chip liability shifts (CLS) (“CLS chargebacks”).

These new chargeback reason codes are because the U.S. is not 100 percent chip enabled. To help ensure that purported CLS chargebacks are valid, network requirements exist that issuers must meet and networks should monitor chargeback activity for validity. There are other steps that issuers, acquirers and merchants can take, which in turn will help minimize the number of chargebacks opened.

Issuer Authorization Best Practices for Authorization

Magnetic Stripe Cards at any Terminal
If an issuer has not yet issued chip cards, or has begun but has not completely replaced all magnetic stripe cards with chip cards, they are strongly encouraged to continue to follow the risk management protocols in place today, as well as use the risk management tools available to detect and decide whether to decline high risk transactions. As with all magnetic stripe transactions the card security code on the magnetic stripe should be checked and validated, since the card security code 5 prevents fraudsters from altering values such as the expiration date on the card.

Chip Cards at a Magnetic Stripe Terminal
If an issuer has distributed chip cards, those cards will still be used at merchants who have not yet migrated to chip. Issuers are strongly encouraged to continue to follow the risk management protocols in place for magnetic stripe cards, as well as use the risk management tools available to them to detect and decide whether to decline high risk transactions. Once again, issuers should check and validate the service code on the chip card and the transaction type. In this case, however, they should decline chip card transactions with any service code starting with a number other than 2 or 6.

Chip Cards at Chip Terminals
If an issuer has distributed chip cards, and the card is used at a successfully certified EMV-capable terminal, issuers may wish to consider adjusting their risk protocols, since there is a high degree of certainty that the transaction is genuine if processed as a chip-on-chip transaction.

Merchant Best Practices for Obtaining an Authorization Response and Avoiding CLS Chargebacks

Merchants Who Are Not Yet Chip-Enabled
While the best defense against counterfeit fraud is to implement EMV chip technology, there are some best practices that merchants can implement to help reduce fraud for point-of-sale (POS) transactions before migrating to EMV.

  • Read and compare verification
  • Check cardholder’s ID, if necessary
  • Perform velocity checks
  • Establish a strategy for transactions that could involve counterfeit
  • Implement PIN prompting for debit transactions
Merchants Who Are Chip-Enabled
Merchants who are chip-enabled can take several steps to avoid chargebacks.
  • Scrutinize fallback transactions
  • Certify for online and offline PIN for both credit and debit
  • Maintain data quality across authorization and settlement messages
Issuer Management of Cardholder Disputes
In general, assuming the account is in good standing at the time of the transaction and regardless of the liability shift date or the POS entry mode, all network rules require that a transaction must be disputed by the cardholder as either counterfeit or lost/stolen prior to or on the date the issuer initiated a CLS chargeback. Issuers are encouraged to ensure that their systems recognize the differences in the liability shift dates and the transaction types to which the liability shifts apply, as they relate to transactions conducted on cards in their portfolios. For example, automated fuel dispenser (AFD) and ATM transactions are out of scope until the relevant payment network liability shift dates go into effect.

Merchant and Acquirer Best Practices for Disputing and Mitigating CLS Chargebacks
There are a number of valid reasons an acquirer or merchant may re-present a CLS chargeback, including: invalid documentation, incorrect service code, identification of the transaction as AFD or contactless, and other data that indicates that the transaction was valid. In any dispute, the authorization information, not the clearing information, for each individual transaction will help determine the validity of the reported CLS chargeback.

Network Differences for Lost/Stolen CLS Chargebacks
For networks that do not support lost/stolen liability shift, only counterfeit fraud may be charged back. For networks that do support lost/stolen liability shift, the cardholder must indicate the sale resulted from a lost/stolen, PIN-preferring card in order to issue a CLS chargeback for lost/stolen fraud and shift liability to the merchant. In addition, PIN (online or offline) must be higher priority than signature on the PIN-preferring chip card’s Cardholder Verification Method (CVM) list and the merchant terminal did not have the ability to support PIN or did not have a working PIN pad at the time of the transaction.

Conclusion
The issues surrounding liability shift, chargebacks and re-presentments are somewhat complex, but all hinge on the authorization process and data integrity. Most acquirer/merchant disputes of chargebacks are resolved between the issuer and acquirer/merchant. Where agreement cannot be reached, the final resolution rests with the network responsible for processing the transaction.
As issuer and merchant chip implementations become more robust and data quality improves, the occurrence of invalid CLS chargebacks is expected to decrease. More importantly, as the U.S. EMV migration progresses, the number of card-present disputes is expected to drop off as counterfeit fraud is reduced by EMV implementation. This is the ultimate goal of the U.S. migration to EMV and one on which issuers, merchants, networks and acquirers can all agree.

References
[1] “Global Card Fraud Damages Reach $16B,” PYMNTS.com, August 6, 2015, http://www.pymnts.com/news/2015/global-card-fraud-damages-reach-16b/
[2] “Card fraud figures,” UK Cards Association, http://www.theukcardsassociation.org.uk/plastic_fraud_figures/
[3] “Credit Card Fraud and Interac Debit Card Statistics – Canadian Issued Cards,” Canadian Bankers Association, July 2015, http://www.cba.ca/contents/files/statistics/stat_creditcardfraud_en.pdf
[4] “Understanding the 2015 U.S. Fraud Liability Shifts,” Version 1.0, EMV Migration Forum white paper, May 2015, http://www.emv-connection.com/understanding-the-2015-u-s-fraud-liability-shifts/
[5] Card security code examples: CSC, CID, CVC or CVC2, CVV or CVV2, PCSC

About this Article
This article is an extract from the white paper, “ EMV Chargeback Best Practices,” published by the EMV Migration Forum (now the U.S. Payments Forum) in June 2016.

 

 
New EMV Resources
New educational resources published for Forum members and the payments industry are available from the U.S. Payments Forum on the EMV Connection and GoChipCard.com web sites.
  • The Forum published a new white paper and hosted a successful webinar on EMV Chargeback Best Practices. The white paper and webinar discuss the appropriate treatment and mitigation of both counterfeit and lost/stolen chip liability shift chargebacks occurring after the liability shift dates for contact chip cards used in attended transactions. Both the white paper and webinar recording are available on the EMV Connection web site
  • The Card-Not-Present (CNP) Fraud Working Committee updated the white paper, Near-Term Solutions to Address the Growing Threat of Card-Not-Present Fraud, with two new appendices. The appendices provide industry definitions of CNP, related industry terms and high-level use cases and add a comparison of 3D-Secure Version 1.0.2 and Version 2.0
  • The Forum published an update to the Minimum EMV Chip Card and Terminal Requirements – U.S. matrix. The matrix includes the minimum card and terminal EMV requirements for the U.S. payment networks American Express, Armed Forces Financial Network (AFFN), China UnionPay, Discover, Jeanie, MasterCard, NYCE, PULSE, SHAZAM, STAR and Visa, in the context of the U.S. electronic payments marketplace and the October 2015 liability shifts. The July 2016 Version 2 update includes changes to incorporate requirements for the recently announced faster EMV solutions (i.e., Quick Chip and M/Chip Express) from American Express, Discover, MasterCard and Visa
  • The Smart Card Alliance Payments Council published the white paper, Contactless EMV Payments: Benefits for Consumers, Merchants and Issuers, and is hosting two webinars on the topic. The merchant-focused webinar is on Thursday, October 6, at 1pm ET/10am PT, and will focus on merchant opportunities and implementation considerations; a second issuer-focused webinar will be held on Wednesday, November 9, at 1pm ET/10am PT
 
Working Committee Projects
ATM Working Committee
  • The ATM Working Committee hosted the “Implementing EMV at the ATM Workshop” on September 19, their first session in an ongoing series of workshops designed to educate credit unions, community banks and independent providers about the transition to EMV at the ATM. The workshops target stakeholders that are not currently members of the U.S. Payments Forum in the local regions surrounding Forum events
  • As part of the workshop series mentioned above, the ATM Working Committee has coordinated with the National ATM Council (NAC) to present their next session of the “Implementing EMV at the ATM” workshop at the NAC2016 Conference & Expo on October 19 in Lake Buena Vista, Florida
Card-Not-Present Fraud Working Committee
Communications and Education Working Committee
For more information on Working Committee projects that are in process, please contact Mike Strock, mstrock@uspaymentsforum.org
 
Welcome New Members
  • ALDI
  • ATMequipment.com
  • Federal Reserve Bank of Atlanta - Retail Payments Risk Forum
  • PAX Technology Inc.
  • Reef Karson Consulting, LLC
 
EMV Migration Forum in the News
Your Guide To Mitigating Chargebacks,” SMB Retail Technology, August 24, 2016. Director Randy Vanderhoof provides best practices for mitigating chargebacks, based on the U.S. Payments Forum’s recent white paper, “EMV Chargeback Best Practices.”

Trade group to focus on all emerging payments in US,” Mobile Payments Today, July 21, 2016. In this article, Director Vanderhoof provides insight into the EMV Migration Forum’s expanded focus and name change to the U.S. Payments Forum.
 
 
Registration Open for Final Meeting of 2016
The last U.S. Payments Forum meeting of 2016 will be held December 8-9, Coral Gables, FL at The Biltmore Hotel. Registration is open now! Reserve your spot and make your travel accommodations before flights and hotels become booked. We look forward to seeing you.
 
Save the Date - 2017 Meeting
Make sure to save the date for the March 2017 Two-Day All Member meeting, which will be held March 27-29 at Renaissance Orlando at Sea World in Orlando, FL. Look for more information shortly.
 
About This Newsletter
The U.S. Payments Forum Quarterly is a publication for members, friends and supporters of the U.S. Payments Forum. The U.S. Payments Forum continues to support the chip migration while also broadening its focus to other new and emerging payments technologies in the U.S. Those technologies protect the security of, and enhance opportunities for, payment transactions within the U.S., and include tokenization, card-not-present transactions, point-to-point encryption, and mobile and contactless payments. Thank you for your interest, and please email us with any suggestions for future content.
www.emv-connection.com