Chip fallback authorization strategies to reduce fraud impact
Your credit union could continue to incur magnetic stripe fraud on EMV cards and ATMs if you have not yet set-up strong fallback authorization strategies.
Here are strategies you should adopt to better manage fraud impact resulting from fallback transactions on your EMV enabled cards or ATM machines:
- Work with your card processor(s) to block fallback authorizations on your chip cards so the fraud liability is not shifted to your credit union
- If you do not block fallback authorizations on chip cards, monitor your chip card transactions closely to ensure you are not experiencing fraud on these fallback transactions, aka “fallback fraud,” so you can stop the fraud early on.
- Verify you have chargeback rights against any merchant that processes unauthorized fallbacks on your chip cards
- Monitor reports from your processor for fallback authorizations so you can immediately capture and resolve any unauthorized or discrepant fallbacks
- Fallback authorization strategies for point-of-sale devices (POS):
- Require a PIN for a chip fallback transaction
- Set a dollar or transactional limit on fallback transactions for each chip card
- Block fallback authorizations at the POS
- Block all key entered fallback authorizations (card present – POS 01)
- Fallback authorization strategies for ATMs owned by your credit union:
- If your ATMs have switched over to EMV: Only permit use of chip-enabled cards at your chip-enabled ATMs – this includes for your chip-enabled cards and chip cards issued by other credit unions
- If you have not yet upgraded your ATMs to be EMV enabled: Set transaction and dollar limits for cards used at your ATMs to reduce the chargeback liability if another credit union’s chip card is used at your non-chip enabled ATM machines.
Contact your Allied Solutions sales rep for more information on how your credit union can better manage EMV fraud risks.
To receive ongoing education on fraud and security risk prevention, sign up for Allied’s Fraud & Security Risk Alert newsletters.