An article in The Payments Review regarding fallback transactions suggest issuers need to rethink their authorization strategy for fallback transactions. Fallback transactions and how to assess their legitimacy were a hot topic when the EMV migration kicked off. A refresher on what a fallback transaction is:
Fallback occurs when a credit or debit EMV chip card cannot be read at a chip terminal when inserted and is processed by swiping the mag stripe. Fallback is typically seen in a market where EMV is first being introduced. An incorrectly configured terminal, terminals that are not set up to process “chip and PIN”, terminals that have not been programmed to route transactions over some networks, and in rare cases, defective chips within the card, are all potential or legitimate reasons for a chip card to not be capable of being read properly at the terminal. In these cases permitting the cardholder to complete the transaction by swiping the mag stripe card at the terminal seems like the proper way to minimize customer inconvenience.
In the early days of the EMV migration, issuers were likely to approve a fallback transaction even though they would bear the liability. In those days, fallbacks occurred most frequently because of unintended issues with the terminal set up. The networks and acquirers were monitoring their occurrence and working to fix issues. The majority of fallback transactions then were actually indented by the cardholder. But now, with the EMV liability shift nearly two years in the past, most of the merchant terminal issues or defective chip issues that created fallback transactions are largely in the past. Rethinking the fallback approval strategy should be considered:
Nearly all of the terminal configuration issues have been resolved, and while there are still many merchants that have not begun to convert their mag stripe terminals to chip-accepting terminals, the vendors in this space have the experience from other implementations to ensure that future conversions are less problematic. At the same time, fraudsters have developed new ways to force fallback and use magnetic stripe data obtained in the many breaches that have occurred recently. Creating real chip cards with chips devoid of any programming (not something the terminal expects), or chip cards with unreadable chips are ways to force the terminal to request the cardholder, in this case the fraudster, to continue the transaction by swiping the card.
Overview by Sarah Grotta, Director, Debit Advisory Service at Mercator Advisory Group
Read the full story here