When a stolen credit card is used, and a chargeback is then filed, who takes the loss_ – quora mastercard debit young

TL;DR: in most situations, the issuer takes the loss. The only reason why a merchant would be liable for online or in-store purchases is that the store does not process payments to the current standard, e.G., by disabling 3dsecure for online payments—which is the merchant’s choice—or by failing to have an EMV-enabled POS.

The question is simple, but the answer requires an algorithm. Let’s outline the main criteria, define a few terms and then, address your question in more details.

• criteria and definitions

• does it matter if the purchase is online vs. In-store?

when a stolen credit card is used and a chargeback is filed, who takes the loss?

• the algorithm: who takes the loss?

1. Criteria definitions.

First, online purchases are called “card not present” (CNP) transactions, whereas in-store purchases are called “card present” (CP) transactions.Mastercard debit young

Second, there are subtypes of fraud for CP purchases, notably counterfeit fraud and lost or stolen card fraud. For CNP purchases, there is only one type of fraud: lost or stolen card fraud.

Third, whether the card is EMV-enabled (with a chip [1]) matters, notably for stores that don’t have the latest EMV-enabled points of sales (POS [2]).

Finally, apple and best buy are called the merchants in a transaction scenario. They have a commercial bank called an acquirer [3]. Together, the acquirer and the merchant represent the acquiring side. On the other end of a transaction, the card holder has a bank called the issuer [4], which represents the issuing side.

2. Does it matter if the purchase is online vs. In-store?

— yes it matters; see below.

3. When a stolen credit card is used and a chargeback is filed, who takes the loss?Mastercard debit young

—for CP transactions, the issuer takes the loss in most cases. For CNP transactions, the issuer is liable if 3dsecure is used, but if it is not used, the e-merchant is liable.

4. The algorithm: who takes the loss?

The algorithm below is not completely accurate (see [5]), but it should be pretty close.

• if the transaction is an online purchase ( CNP)

• if the transaction is 3dsecure-enabled, the issuer is liable.

• if the transaction is 3dsecure-disabled, the acquirer/e-merchant is liable.

• if the transaction is an in-store purchase ( CP), there are various scenarios

• for counterfeit cards:

• if the card has a chip, the POS is chip-enabled, and the transaction is processed as EMV, the issuer is liable.

• if the card has a chip and the POS is chip-enabled, but the transaction is not processed as EMV, a fall back to the magnetic stripe is used for the payment.Mastercard debit young then the issuer is still liable, but limits may apply.

• if the card has a chip and the POS is not chip-enabled, the acquirer/e-merchant is liable, essentially because it did not update its POS terminals.

• if the card only has a magnetic stripe, the issuer is liable.

• for lost or stolen cards

• if the card only has a magnetic stripe, the issuer is liable.

• if it is a chip card requiring a PIN code but the merchant does not have a chip-enabled POS, the acquirer/merchant is liable.

• if it is a chip card requiring a PIN code but the merchant POS is chip-enabled and did not collect the PIN, then the acquirer/merchant is liable.

• in all other cases, the issuer is liable.

In addition, note that where the payment is made may matter:

— is it a national payment from the united states, europe, or elsewhere?Mastercard debit young

— is it a cross-border payment?

I hope this information helps. As usual, feel free to reach out with questions or comments.

Fabrice works at ubivar ( https://www.Ubivar.Com), a saas solution that helps e-merchants to verify payments and prevent fraud.

References

[1] EMV – wikipedia

[2] point of sale – wikipedia

[3] acquiring bank – wikipedia

[4] issuing bank – wikipedia

[5] understanding the 2015 U.S. Fraud liability shifts