Fallback transactions are a natural side effect of EMV adoption and occur when a chip card cannot be read by a chip-enabled terminal for any number of reasons, including a damaged chip, a terminal that has been improperly configured or sometimes simply operator error. When this happens, the merchant may direct the user to swipe the card’s magnetic stripe creating a ‘fallback transaction’.
It’s important to note that while fallback transactions are rare, they can be prone to fraud as criminals attempt to circumnavigate the security of chip. In the U.K. and Canada, where EMV adoption has existed for more than a decade, there have been attempts to completely decline fallback transactions at the point-of-sale and ATMs. These bans didn’t last as issuers found that many of the fallback transactions merchants were submitting were legitimate.
For community bank issuers in the U.S., who want to strike the balance between security and customer experience to meet their customers’ needs, ICBA Bancard recommends that issuers develop a fallback strategy to proactively combat card fraud.
Unfortunately, this isn’t always a one-size fits all proposition, so issuers should be thoughtful when setting approval parameters so that legitimate fallback transactions aren’t inadvertently denied and valued customers aren’t inconvenienced. Examples of fallback parameters issuers might consider include:
- Daily Transaction Limits – Determine how many fallback transactions you are willing to approve within a 24-hour period on each account.
- Daily Authorization Limits – Consider declining fallback transactions that are more than a specific dollar amount. For example, an issuer might decide to decline all fallback transactions greater than $150.
- Overseas Transactions - Decline fallback transactions from overseas/foreign purchases.
- Transaction Type – Deny all card-not-present fallback authorizations.
- Time of Purchase - Consider declining fallback transactions outside of the merchant’s operating hours, for example between midnight and 4 a.m. for grocery stores.
Monitoring daily reports from your processor and looking for abnormal patterns can also be a helpful way of deterring fallback transactions. If you notice a customer has several of these transactions it may indicate a defective card or even possibly a counterfeit card. Additionally, excessive fallback transactions from a single merchant may indicate a terminal or a processor or a PIN debit network has not been properly configured.
Unfortunately, there is no single magic bullet to prevent card fraud. Just as the technology arrives to shore up one vulnerability, fraudsters look for another weakness to exploit. The best tactic issuers can follow is a multi-pronged approach that blends old-style methods like frequent report monitoring with new-age technologies like customer authentication (text and email alerts) and tokenization.
Visa and MasterCard have published some guidance on best practices for dealing with fallback and issuers should also contact their processors to learn more about setting up parameters.