Skip to content
Jeremy-Telman
ContractsProf Blog
Official Blog of the AALS Section on Contracts

What’s in YOUR Wallet? (Maybe not an EMV-chip card…)

By Mark Burge
December 5, 2015

CapOne Viking TV

While checks have long been governed by the Uniform Commercial Code, credit and debit cards are primarily creatures of private contract. Some of the most important contracts controlling card-based payment systems are ones to which you, as a mere end user, are not a party. Both consumers who use cards and merchants who accept them generally do so through their banks. These banks, in turn, are contracting members of credit card networks, like MasterCard and Visa. Most of us will never actually see these bank-to-network contracts, but they are hugely important for allocating liability among the parties handing a payment card transaction.

On October 1, 2015, these network agreements underwent a major change known as the “EMV Liability Shift.” In general terms, this meant the liability for unauthorized was allocated to incentivize the adoption of EMV-chip cards that would ultimately replace the outdated magnetic-stripe cards long popular in the United States.  “EMV,” if you are wondering, stands for “EuroPay, MasterCard, Visa,” who were the three original adopters of the standard, but all major cards are onboard with EMV today.

I knew that the October 1 shift was coming and that it was a big deal to players in the payment-card industry. This is why I was greatly surprised that, as of October 1, I had received precisely ONE card containing an EMV chip, and that was for the travel credit-card issued to me by my university employer. I to this day have heard nary a peep from my personal card-issuer banks, when I thought they would be tripping over themselves to give me a chip-enabled replacement card. Many point-of-sale card terminals now have a slot in which to insert an EMV card, albeit still retaining the traditional mag-stripe swipe capability. But my cards are still chipless.  How can this be, when the EMV Liability Shift was clearly going to be a big deal?

I may have found the answer to this mystery in this short piece by practicing attorney Christopher H. Roede, who described the liability shift with an important detail (underlined) that I had somehow missed until now:

Under these new credit card network rules, the liability for certain types of unauthorized or fraudulent credit card transactions shifted from the issuing bank and the credit card networks to the party that adopted the lowest level of EMV compliant technology. If, for example, a bank issued a cardholder an EMV compliant card, the merchant had not installed EMV compliant card readers, and an unauthorized transaction occurred at the merchant’s location by use of a counterfeit card, the merchant (and not the issuing bank) is liable for the fraud.

To me, that explains a great deal about the card-issuing banks’ non-urgency to move customers over to EMV-chip cards. They just aren’t worried enough about the cost of having non-compliant technology to issue new cards in an expedited manner.  While EMV will improve the card-issuer’s position as against non-adopting merchants, failure to adopt is not putting them in any worse position than they were in before October 1.  Under the Truth-in-Lending Act and Regulation Z [12 C.F.R. §1026(b)(1)], the issuer banks were already liable for most unauthorized use of consumer credit cards. My employer-issued card is not subject to TILA as it isn’t a consumer credit card, so my university had significant incentive to make sure that its bank upgraded all employee credit cards were replaced before October 1.  And that is exactly what happened.

Consumers, I suppose, will get chip-based credit cards when the issuer banks feel like getting around to it. It’s apparently not THAT urgent for them.

Posted in:
Current Affairs, E-commerce and Web/Tech