Merchants Can Sue Networks Over the Chip Credit Card Rollout, Judge Finds

EMV-chip-cards

Small merchants who sued the credit card associations alleging a conspiracy connected to the conversion to chip credit and debit cards may proceed with their lawsuit, a judge has ruled. Billions of dollars could be at stake.

California federal court Judge William Alsup ruled Sept. 30 that a set of small merchants who sued Visa, MasterCard, Discover and American Express over the so-called EMV conversion back in March may indeed win their case and denied the card associations’ motion to dismiss the lawsuit.

The small merchants say their fraud bills have skyrocketed since conversion to chip debit and credit cards was mandated Oct. 1, 2015, blaming a backlog in bank-mandated certification of the chip card point-of-sale terminals they purchased. Stores that don’t use chip cards must now foot the bill for certain kinds of fraud, but the merchants maintain they were placed in an impossible circumstance by their banks and MasterCard, Visa, Discover and American Express.

Consumers can see evidence of the conflict when they shop at a store with a chip-ready point-of-sale terminal that hasn’t been turned on; it may even have a sticker that says “Swipe Card.”

On Friday, Alsup ruled the merchants’ allegations that the associations conspired against them when setting the conversion date and liability rules has enough evidence to proceed.

However, the legal victory by merchants is only a first step. Next, they must be certified as a class, and ultimately, they would have to win their case at the trial level.

Still, with the ruling, the merchants have cleared a significant legal hurdle. Now the associations must submit to discovery.

“We are disappointed that the court denied our motion,” MasterCard said in a statement. “As we move into the next phase of the process, we believe we have strong case that will allow us to put this matter behind us and focus on driving our business and relationships with our customers.”

American Express, Discover and Visa declined to comment.

As I’ve written before, the lawsuit claims the initial two plaintiffs — Milam’s Market and Grove Liquors — faced 88 chargebacks for fraudulent transactions totaling $9,196.22 from MasterCard and Visa between October 2015 – when the liability shift took place — and March 2016, plus a $5 chargeback fee for each item.

The stores were penalized because they weren’t yet accepting the new chip-enabled EMV credit cards. In the lawsuit, the stores said they had purchased the necessary equipment, but were not able to turn the readers on until certification — a step they allege was out of their control.

The associations argued against the conspiracy allegations by saying that they had input from merchants while setting the liability deadline. However, Judge Alsup found the small merchants’ arguments convincing enough to allow the lawsuit to proceed.

“Defendants … argue that the presence of merchants ‘in the room’ renders the alleged conspiracy implausible,” he wrote in his motion. “Not really. We would expect the giant retail chains to be involved in the planning, for they would be the first to get certified.”

In other words, involvement from the large retailers in the planning process doesn’t necessarily preclude the associations from conspiring against small retailers, the judge found.

“Plaintiffs have also alleged certain ‘plus factor’ that, when considered cumulatively, nudge the alleged conspiracy from conceivable to plausible as to Visa, MasterCard, and American Express,” Alsup continued.

The case against Discover has a nuanced difference, but Alsup ruled separately that its motion to dismiss was also denied.

The judge did dismiss merchant banks from the lawsuit, but noted that a case against them could be pulled back into the lawsuit if evidence points toward involvement in a conspiracy.

Since the lawsuit was filed, Visa and MasterCard have both announced initiatives to ease the burden of the kinds of things the merchants have complained about — namely caps on small-dollar chargebacks and a streamlined process for certification. The judge noted those steps were only taken after the lawsuit was filed.

“In the end, our hope is to secure some relief for the millions of merchants — many of them small businesses — who have suffered and continue to suffer enormous losses from this conspiracy,” Patrick J. Coughlin, an attorney representing the grocery store owners, said in a statement.

Remember, EMV chip cards are designed to prevent fraud in-stores, but they do little to shield against online card fraud, so it’s a good idea to still keep a close eye on your statements. And, if you ever have reason to believe your personal information was breached alongside your card numbers, keep an eye on your credit. (You can do so by pulling your credit reports for free each year at AnnualCreditReport.com and viewing two of your credit scores for free every 14 days on Credit.com.) A sudden drop in your scores is a sign identity theft is occurring.

Image: Valeriya

The post Merchants Can Sue Networks Over the Chip Credit Card Rollout, Judge Finds appeared first on Credit.com.

Are Chip Cards Counterfeit-Proof? Not Exactly

counterfeit-chip-card

Computer researchers may have found a flaw in chip-based credit cards. Though the cards are designed to combat fraudulent cloning, apparently there’s a way to rewrite the magnetic strip code so it resembles the standard Europay, MasterCard and Visa (EMV) card.

Researchers at the payment technology company NCR presented their findings at the Black Hat computer security conference last Wednesday, CNN Money reported. “There’s a common misperception EMV solves everything,” Patrick Watson, one of the researchers, reportedly told the site. “It doesn’t.”

All a thief has to do is alter the data on the magnetic stripe so that it fools the terminal, the researchers said. As a result, the researchers suggested retailers encrypt whatever they can to help protect customers.

For their part, major machine makers Verifone and Ingenico said that they offer end-to-end encryption on retailer’s machines, CNN reported. Meanwhile, Jason Oxman, a spokesperson for the Electronic Transactions Association, a trade group, said via email that the issue “actually has nothing to do with the chips” at all. Here’s why:

“Every magnetic stripe on a chip-enabled card has a code on it that tells the POS at a retailer that if the customer tries to swipe the card, they should be prompted to insert the chip card instead. This ensures that the chip is used instead of the magnetic stripe. What this researcher figured out a way to do is alter the code on the magnetic stripe to say to the POS ‘I am not a chip card,’ and then to ask the POS to send the transaction to the issuing bank for approval as a magnetic stripe transaction. This is called a fall back transaction because the transaction should be a chip transaction, but it will fall back to a magnetic stripe transaction.

The issuing bank, when it receives the authorization request, will know that the card is a chip-enabled card [despite] the bad code on the magnetic stripe card, and the issuing bank will make the decision whether to approve the fall back transaction or not, based on a variety of factors. (The hacked code on the magnetic stripe card can only fool the POS, not the issuing bank.)”

Doug Johnson, senior vice president of the Payments and Cybersecurity Policy division at the American Bankers Association, said it’s important to remember banks’ additional protections for customers.

“End-to-end encryption is an important security measure for retail point-of-sale transactions that merchants have endorsed and should implement,” he said. “At the same time, it is important to remember that bank customers will be fully reimbursed for any unauthorized transaction against their account.”

If you carry a chip card and believe you’ve been a victim of fraud, you’ll want to contact your credit issuer immediately to cancel the card. After that, it’s a good idea to monitor your credit reports for any additional signs of trouble. (You can see your free credit report summary, updated monthly, on Credit.com.) You may also want to change your financial account passwords and pins to be on the safe side.

Image: alice-photo

The post Are Chip Cards Counterfeit-Proof? Not Exactly appeared first on Credit.com.

Why You May Start Seeing More Chip Card Readers Soon

chip-credit-card-readers

The switch to chip-enabled credit cards last year came with a serious deadline: New rules went into effect in October making merchants more liable for fraud.

As is obvious to everyone who’s swiped when they should have inserted their card at a checkout line, the changeover hasn’t gone as smoothly as hoped. So, quietly, the credit card associations have taken steps to roll back the rules surrounding the changeover. The steps should be welcomed both by merchants, who will see their liability for fraudulent charges reduced, and consumers, who will soon see more chip-card machines as a result.

The new EMV credit cards were designed to take a bite out of credit card fraud. But in some cases, they’ve taken a bite out of merchant profits instead.

As of October of last year, merchants hit with fraud who weren’t using chip cards were declared responsible for counterfeit fraud by credit card associations Visa and MasterCard. The rule was intended to be the ultimate motivator to shift to EMV, encouraging stores to spend the $1,000 or so to upgrade their point-of-sale terminals.

Hundreds of millions of EMV chip cards have been put in the hands of consumers in the past year, and many are working as advertised at 1 million-plus merchants. But some stores have been slow to turn on chip card readers – they blame banks for a backlog in certifying the machines — which has led to huge fraud bills. One lawsuit alleged that some merchants have seen fraud rates rise 20-fold while they are waiting for new chip readers they purchased to get the green light from bank partners.

Other reporting by Credit.com found that in March, four out of five chip card readers weren’t turned on. (Again, a backlog in certification was blamed.) Perhaps in response, Visa announced in June that it was placing limits on the amount of fraud that non-EMV merchants could face. They also said they were working to streamline certification.

Effective July 22, Visa said it would temporarily prevent banks from forcing merchants to pay for counterfeit card frauds less than $25. Starting in October, banks will be limited to 10 counterfeit chargebacks per merchant account.

“These two changes together will significantly reduce the number [of] chargebacks that merchants are seeing,” Visa said in its statement. “Following these changes, merchants can expect to see 40% fewer counterfeit chargebacks, and a 15% reduction in U.S. counterfeit fraud dollars being charged back.”

The blocks will remain in effect until April 2018, when, theoretically, the kinks in the EMV conversion will be fixed. Visa also promised to give banks greater discretion in certifying EMV terminals, which should help merchants turn on all those chip readers.

“Visa recognizes the importance of having the industry help merchants get their chip terminal solutions up and running quickly so that everyone, especially consumers, can benefit from the powerful security protection of chip technology,” said Oliver Jenkyn, Group Executive North America, Visa Inc. “We’ve taken steps to simplify the process as much as possible and help reduce any challenges so merchants can move forward with chip adoption quickly.”

Fraud analyst Avivah Litan from consultancy Gartner Group applauded the move. “This is really meaningful,” she said. “The merchants must be getting totally slammed with every chargeback on the books.”

Also in June, MasterCard announced a similar program to speed up point-of-sale certification. In a statement, the association said it “continuously evaluates thresholds” relating to chargebacks.

“The whole industry wins when action is taken against counterfeit card fraud. Reducing terminal certification-testing time to a couple of hours from as long as a couple of weeks is one positive step we can take in a more mature market,” said Chiro Aikat, senior vice president of product delivery, EMV, for MasterCard.

Remember, EMV chip cards can help reduce fraud, but they’re not a fail-safe. In fact, the chip doesn’t protect your payment information when you’re shopping online, so it’s still a good idea to stick to trusted websites and monitor statements regularly for unauthorized charges. And, if you ever have reason to believe your personal information was compromised alongside your payment cards, it’s a good idea to monitor your credit for signs your identity has been stolen. You can do so by pulling your credit reports for free each year at AnnualCreditReport.com and viewing two of your credit scores for free each month on Credit.com.

Image:Rostislav_Sedlacek

The post Why You May Start Seeing More Chip Card Readers Soon appeared first on Credit.com.

Wal-Mart Sues Visa Over Chip Card Transactions

credit card fraud

Two industry giants are set to face off in court over that chip debit card in your wallet.

Wal-Mart filed a lawsuit against Visa on Tuesday, alleging the network is forcing its customers to use signatures in lieu of PINs when paying with chip-based debit cards, The Wall Street Journal reports

This compromises customers’ security, Wal-Mart asserts, making them vulnerable to fraud.

“PIN is the only truly secure form of cardholder verification in the marketplace today, and it offers superior security to our customers,” Wal-Mart said in an emailed statement. “VISA nevertheless has demanded that we allow fraud-prone signature verification for debit transactions in our U.S. stores because VISA stands to make more money processing those transactions. We believe VISA’s position creates unacceptable risk to customers and its actions and rules are inconsistent with federal law.”

Visa did not immediately respond to Credit.com’s request for comment.

Protecting Your Payment Information

Retailers have been steadily upgrading their terminals to accept chip-enabled credit cards and debit cards — which generate a dynamic security code each time you pay and are, therefore, considered much harder to counterfeit — before and ahead of new network rules that went into effect last October. These rules essentially require merchants who haven’t upgraded to cover the cost of fraudulent transactions. (Prior to the shift, financial institutions generally covered the cost of fraud.)

Chip-and-PIN cards, which are prevalent abroad, have been touted as more secure than the signature-based chip cards widely adopted in the U.S., largely due to the fact that there’s one more number a thief would need to obtain before they used a card (the PIN) and that they protect cardholders from lost and stolen card fraud.

Of course, regardless of whether you are using chip-and-PIN- or chip-and-signature-based payments, it’s important to monitor financial accounts. Chips, after all, aren’t a fail-safe when it comes to fraud. (They do little to protect your information, for instance, when shopping online.) And the sooner you report suspicious charges to your issuer, the fewer hassles and potential liability you’ll face.

You’ll also want to check your credit if you ever have reason to believe your personal information was compromised alongside your payment information. You can do so by pulling your credit reports each year at AnnualCreditReport.com and viewing your two free credits scores each month on Credit.com.

More on Credit Cards:

Image: iStock

The post Wal-Mart Sues Visa Over Chip Card Transactions appeared first on Credit.com.

Careful: 5 Credit Card Scams to Be Aware Of

5ThingsILearnedAboutMoneyin2015

Identity thieves will do whatever it takes to swindle you out of your hard earned cash. But it doesn’t always stop there as credit cards are also a viable option.

In the past few years, we’ve watched as several big-box retailers, including Target and Home Depot, scrambled to make amends with customers who were affected by breaches to their payment processing systems.

Those stories were plastered all over the news, but we don’t see nearly as much coverage of the isolated incidents that cost consumers millions of dollars and sabotage their credit each day. 

Let’s take a closer look at some common credit card scams:

1. Fraud Alerts

Many credit card issues have fraud departments intact to monitor activity. So when you receive a call alerting you of an issue with your card, chances are you’ll be more than willing to do whatever it takes, including confirming personal information, to get the problem resolved. But proceed with caution as you may be at the hands of a fraudster.

A better option: call your card issuer directly to confirm an issue even exists and resolve it from there.

2. Skimming

This scam is the reason why I always try to use cash when dining out. It’s as simple as pie for perpetrators since all they have to do is swindle you out of your credit card and swipe it through a skimming machine to obtain all your account information. Once they’ve done so, new cards with your data can be created and used to fund a lavish dining experience, shopping spree, or whatever they choose to spend the money on.

3. Jury Duty

Have you been summoned to jury duty in the past? If so, you’ve received a court notice with instructions on the date, time and location to report. But what happens if you receive a call stating that you’ve missed an assignment and must confirm identifying information to avoid a trip to the slammer? If you’re wise, you’ll hang up the phone and give the court a call. Reasoning: fraudsters use this tactic to con you out of your social security number, address, date of birth, and other account information, creating the perfect opportunity to hijack your identity.

4. Chip Cards

Select credit card issuers recently welcomed the EMV credit cards to their arsenal. The deadline to switch was October 1, and fraudsters found a way to capitalize on the transition. How so? By contacting account holders via email and requesting that they confirm personal information in order for a new card to be issued.

5. Debt Consolidation

“For a low monthly fee, you can take care of all your credit card obligations and be debt-free in just a few short years. All you have to do is confirm your account information, make a one-time payment, and you’re all set.”

Wishful thinking. But unfortunately, scores of individuals succumb to this tactic out of sheer desperation and once they realize the alleged company is a scam, their deposit is already gone along with all their personal and account information.

The post Careful: 5 Credit Card Scams to Be Aware Of appeared first on ReadyForZero Blog.

Are Chip Cards Exposing You to a Deeper Form of Identity Theft?

credit building mistakes

U.S. consumers have finally been liberated from archaic technology that used to protect them and their credit cards from identity theft. Millions of Americans now have chip-enabled credit cards, and the results of this sweeping change are in.

An estimated 13 million consumers fell victim to identity theft fraud in 2015, according to Javelin Strategy and Research’s latest annual Identity Fraud Study. That represents a small (3%) increase over the firm’s 2014 findings, but a more serious type of ID theft — new account fraud — actually doubled last year. It’s too soon to know why exactly, said the folks at Javelin, but chip cards could be behind the shift.

A More Dangerous Kind of Fraud

“Fraud is changing in a way that makes it more dangerous,” said Al Pascual, director of fraud and security at Javelin. “There is some troubling news, but some good news, too.”

Chip credit and debit cards, also known as EMV cards, make creation of counterfeit credit cards nearly impossible for identity criminals. Fraud rings used to take stolen account data from big retailers like Target and print the account numbers onto fake credit cards for use by criminals. But that route is growing extinct as EMV use grows. So those criminals undertake other frauds, such as using stolen Social Security numbers to open up brand new credit cards in victims’ names.

“With the much-anticipated U.S. shift to EMV well underway, fraudsters are transitioning along with consumers,” the Javelin report said. “This drove a 113% increase in incidents of new account fraud, which now accounts for 20% of all fraud losses.”

New account fraud had declined for the past three years.

The results aren’t a big surprise; plenty of experts predicted that EMV wouldn’t end fraud, but rather shift it to other forms. It also doesn’t mean the shift to EMV was a mistake; it does mean that, as criminals move to other forms of crime, bankers and retailers have to react.

New Account Fraud Harder to Detect

In the meantime, there are new headaches for consumers. Detecting new account fraud and recovering from it is much more complex than disputing fraudulent charges on an existing card.

The Javelin report also found that victims of data breaches are now more likely to become victims of fraud than in the past. Last year, 1 out of 7 breach victims were hit by fraud; this year, the odds increased to 1 in 5.

Pascual said he wasn’t surprised by that finding because database thefts in 2015 often involved Social Security numbers and other personal information — think of the Anthem health care database theft — rather than merely credit card information, as in the Target and Home Depot thefts.

“We had been projecting this kind of change. But it was compounded by the fact that last year was a big year for theft of sensitive information. There were 64% more Social Security numbers exposed in 2015 than 2014,” he said.

Not surprisingly, victims of Social Security number data theft were dramatically more likely to suffer new account fraud — 4% of Social Security number theft victims versus 0.6% of the general public, Javelin said.

The news isn’t all bad. The overall amount of fraud continues to drop, from $23 billion in 2010 and $16 billion in 2014 to $15 billion last year. And the amount of existing card fraud dropped from $9 billion to $8 billion last year, the report said.

But in another shift expected by the financial industry, so-called “card-not-present fraud” — fraud where a physical card need not be presented, like online or telephone shopping — overtook point-of-sale fraud, Javelin said.

The banking industry isn’t sitting still. To combat increases in card-not-present fraud, merchants and banks are slowly turning toward digital token-based systems that would do for online transactions what chips do for in-person transactions.

But that shift is slow, so the usual advice to consumers is even more imperative this year: Check credit card statements every month for fraudulent charges, and check credit reports at least once each year for signs of new account fraud. You can get your credit reports for free at AnnualCreditReport.com and you can get your credit scores for free every month on Credit.com.

In the cat-and-mouse game played by thieves and the financial industry, things might get worse for consumers before they get better.

“Criminals have to find a way to get paid,” Pascal said.

The annual Javelin study of ID theft victims is in it 13th consecutive year. The firm surveyed 5,111 U.S. consumers in 2015 and has surveyed 64,000 respondents since 2003. The study is independent, the firm said, but funded by LifeLock Inc. 

More on Credit Cards:

Image: iStock

The post Are Chip Cards Exposing You to a Deeper Form of Identity Theft? appeared first on Credit.com.