Understanding EMV Liability Shift in Regard to PIN Transactions

Posted by Karen Erdelac on Nov 14, 2016

Understanding EMV Liability Shift in Regard to PIN TransactionsIn a recent survey conducted by TSYS (Total System Services) 78% of Americans stated they prefer to pay by credit or debit card while only 9% prefer to use cash.  This is a trend that is continuing and the small business owner needs to be educated and account for this change.  There have been many changes to liability laws regarding EMV card transactions and here we’ve provided a breakdown of the differences.


EMV allows POS systems to offer different options when it comes to processing PIN based debit and credit transactions.  Merchants can enable PIN entry for PIN based EMV cards, disable PIN entry or allow cardholders to decide whether to enter or skip (“bypass”) entry of their PIN number.

Disabling or bypassing the security around PIN has different implications which ISVs, resellers and merchants should be aware of.  Sterling Payment has different EMV solutions that support different PIN options.

Who is impacted?

With a small number of US issuers and most non-US issuers issuing PIN based EMV cards, any merchant processing EMV transactions may receive a PIN-based EMV card.  In most cases, the cardholder merely enters their PIN number and the transaction is processed normally.

However, many merchants are unsure how to process PIN based transactions in situations where in-line tip (i.e. tip prompting) is not practical, such as table service restaurants where the merchant does not have a pay-at-the-table terminal.  In these situations, the POS application may be prompting for a PIN number and since the cardholder is sitting at a table, the merchant is unsure how to proceed.  In addition, PIN based transactions cannot be tip adjusted, as this defeats the security advantages of a PIN.  Many such merchants have been inquiring as to options to disable or bypass PIN entry in these cases.


american-express-89024_640.jpgSterling Payment offers several options for accepting EMV transactions along with PCI compliance.  All support PIN, and have different options for disabling or bypassing PIN for merchants requiring tip adjust.

Standalone POS (non-integrated):

Ingenico iWL250 & Veriphone VX 520 Merchants can procure a standalone Pay-at-the-table wireless terminal such as the Ingenico iWL250 Bluetooth terminal.  This terminal allows for in-line tip and can support up to 7 portable terminals to a single Bluetooth communications base.

Merchants can procure a standalone countertop terminal that allows tip adjustments on EMV card transactions such as the Verifone Vx520. This terminal disables PIN acceptance to allow for subsequent tip adjustments. 

Semi-Integrated POS:

Merchants using Datacap NETePay US EMV, TwinTran Server or IPTranLT on TSYS have the option to disable PIN.  This will allow the merchant to adjust the transaction.  See below for implications of disabling PIN.

Merchants using PAX EMV on TSYS can advise the cardholder to Bypass the PIN when prompted.  See below for implications of using PIN Bypass.

Implications of Disabling PIN (Datacap and TSYS Verifone Vx520)

Merchants have been advised that they will bear the chargeback liability related to lost/stolen and counterfeit PIN cards if they have not implemented an EMV solution.  However, if a merchant has implemented an EMV payment solution but have disabled PIN entry, then the merchant will be accepting liability for lost, stolen counterfeit fraud involving a PIN based EMV card.  While PIN based cards represent only a small percentage of overall EMV cards in the US, we should always be advising ISVs/Dealers/Merchants that if PIN is disabled, they will be liable for PIN based card fraud.

Implications of PIN Bypass (PAX)

When a merchant has implemented a solution that prompts the user for PIN entry on PIN based EMV cards, the liability remains with the issuer if the PIN is bypassed and the issuer approves the transaction.  The intent of this feature is for cardholders that have forgotten or do not know their PIN.  Merchants should be advised that this is not intended to be used as the norm by the merchant nor their staff.  For example, a traditional table service restaurant where the server is bypassing the PIN is not the purpose of PIN Bypass.  When PIN entry is bypassed, the issuer may decline the transaction.  Also, PIN Bypass is monitored by MasterCard for misuse/abuse and the merchant could be subject to fines with prolonged use.

While the transition to an updated card processing system can be expensive, the consequences involved with delaying the conversion could be devastating.  Quikstone Capital Solutions offers merchant cash advances that can help fund new EMV systems as well as any other improvements your business may need.Apply Now

Topics: PCI compliance