< Back to Blogs

EMV and the Fallback Mechanism

April 19, 2019

blog-image
Chargebacks
Counterfeiting
Damaged Chip
EMV Challenges
EMV Good Practices
EMV Migration
Fallback
Fraudulent Fallback

Fall back transaction is the word that came into picture along with EMV – the work around to make successful transaction in case the chip or terminal chip reader does not work. However, this is looked upon as a huge security threat in the era of trillion transactions. Fallback should not be appreciated as it leads us back to the less secure magentic stripe system.

There was no fallback concept during magnetic stripe era as there was no alternative technology to be leant on, except perhaps manually typing in the card details. After EMV, fallback was introduced as an option to make transaction till the time the entire ecosystem migrates to EMV infrastructure. Unfortunately, despite the progress in EMV, fallback is still being used as a work around to reduce decline in transactions.

How is fallback used now – during the EMV era?

Generally, there is possibility that either the chip on card or the reader in terminal does not work properly. In that case, when the card is inserted in the terminal, the terminal detects that chip is not being read. Then terminal prompts to swipe the card and the transaction will be processed as magstripe transaction, without chip data and a fallback indicator. Issuer approves transaction based on magstripe data fields details.

Another possibility of transaction leaning to fallback mode is when the particular AID (Application Identifer) is not loaded in the terminal. The terminal will be unable to identify the chip due to absence of AID terminal and prompts the user to swipe the card to process the transaction in fallback.

Damaged Chip – Are they an issue?

The main pillar for EMV standard is security, which prevents counterfeiting of cards. So, if a chip is damaged then complete security is compromised. EMV provides three level of security i.e. card authentication, card holder authentication and issuer authentication. Once the chip is damaged at least card authentication and issuer authentication are not performed. Whereas card holder authentication is still possible for PIN based transactions only. Card with damaged chip is as good as holding a magnetic stripe card.

Merchants should ideally reject transactions on damaged chip even in the fallback mode.

Fraudulent Fallback

As fall-back is a workaround process, it can be performed intentionally. If a chip is not even damaged, a fall-back can be initiated inserting the card in the opposite direction. The terminal will detect it as chip failure and will prompt to swipe the card to process it as a magstripe transaction.

This is done intentionally many times by merchants with fraudulent intention and initiate such transactions with perfect chip, so that counterfeiting is possible. After counterfeiting the card with magstripe data, a card can be created with dead chip or without chip and transaction is initiated with the counterfeited card to debit customer account.

Good Practices

These are a list of good practices, which can be practiced to reduce fall-back and remove them completely:

1. After proper terminal integration certification bank or payment brand should ensure proper field roll out of each terminal or terminal application

2. Periodic follow-up for the expiry of EMV L1 & L2 certification and re-certifying terminals with expired certificates

3. Periodic follow-up for expiry of terminal L3 certification of each terminal deployed in the field and re-certifying terminals with expired certificates

4. Regular monitoring or data analysis on fall-back transaction count coming from a particular terminal with maximum number of cards and try to replace such terminals     on priority.

5. Regular monitoring or data analysis on fall-back transaction count coming from a particular card and replace the card as soon as possible. Issuer should have     monitoring system for fall-back transactions.

6. Periodic exhaustive training should be provided to terminal vendors or manufacturers, issuers, MSPs and even to Merchants and card holders.

Increasing Chargebacks

EMV standards were introduced to reduce the number of chargebacks being raised for fraudulent transaction. But due to extensive increase in fall-back transaction counts, the objective is not being fulfilled. With mentioned remedies to reduce fall-back transactions, the number of chargebacks can be reduced easily.

Author:
Indranil Chakraborty

Related Posts

Consulting is a real feather in our cap – this is what our customers say!
April 10, 2024
Consulting is a real feather in our cap – this is what our customers say!

Payhuddle Consulting has got you covered. Our Level 3 consulting focuses on acquirer needs, with remote consulting services available in 35 countries. We help banks avoid testing pitfalls and handhold them through testing and certification. Our consultants are available during their work time, and we've helped banks undergo certification across various terminal types. Trust us, our credentials speak for themselves - we are an EMVCo-qualified Level 3 tool provider, Discover Accredited E2E certification service provider, and Visa accredited CVES provider. Contact us today to learn more.

Why should payment schemes consider a tool with automated capabilities to convert test files into TSEC format?
December 29, 2023
Why should payment schemes consider a tool with automated capabilities to convert test files into TSEC format?

Simplifying Integration Testing and Certification for Payment Schemes. How to streamline and automate TSEC file creation, ensuring compliance with EMVCo L3 standards.? Read this article to learn more.

Phone:
+91 80 43943434
Email:
info@payhuddle.com

Regd. Office Address

427/ 14, First and Second Floor,
9th Main, 5th Block,
Jayanagar,
Bangalore - 560041.

google-maps-iconLocate us on Google Maps
Payment Schemes
Payment Schemes
Products
TectoLithosMantleRigelPhysical Test CardsTSEC Editor
Solutions
Acquirers / ProcessorsIssuersTerminal VendorsMobile Payment Apps
Services
DPAS E2E CertificationDiscover ConsultingVisa CVESOutsourced Product DevelopmentTest Tool DevelopmentConsulting
Resources
blogCase StudiesVideosNewsEbooks
Contact Us
Subscribe to our newsletter
© 2024 PayHuddle Solutions Pvt. Ltd.
Terms of Use
Privacy Policy

We care about your data, and we'd use cookies only to improve your experience. By using this website, you accept our use of such cookies. For more information please refer our Privacy Policy.

AcceptDeny