The cost of paying for fraudulent credit card transactions, previously covered by the credit card companies, shifted to the retailers themselves last October -- unless they upgraded their payment terminals to accept new chip-based cards.
According an April report by The Strawhecker Group, small and midsized merchants saw a 31 percent increase in the number of chargebacks right after the liability shift took effect.
The shift was first announced in 2011, so merchants had plenty of time to upgrade, but few did.
In fact, today, eight months after the deadline, only 1.4 million retail locations accept chip cards, Mastercard reported. That's out of a total of about 14 million, or just 10 percent.
Some large retailers like Walmart, Kroger, Home Depot, Target, Best Buy and CVS have completed the switch, according to a report released last week by CreditCardForum, but 40 percent of the top retailers are not -- including Costco, McDonald's and Safeway.
As a result, some merchants have seen chargebacks increase dramatically.
Some banks have even been charging merchants for types of fraud that merchants are not supposed to be liable for, according to a report by IHL Group analyst Greg Buzek.
Plus, to add even more insult to injury, while the new EMV compliant terminals reduce some fraud for merchants that have upgraded, the criminals just move to other places -- like merchants who haven't upgraded yet.
"Fraud is shifting, in part, to brick and mortar stores where EMV has not been implemented," said Aaron Press, payments director at LexisNexis Risk Solutions.
In addition, Press said, card-not-present channels like online commerce sites has been steadily increasing.
"The rate of increase has accelerated in the past 18 months, which appears to correlate to the shift to EMV," he added. According to LexisNexis research, payment card fraud losses are up 11 percent compared to last year, largely due to card-not-present transactions.
Online fraud will only continue to grow as more merchants upgrade their payment terminals, said Mike Lynch, chief strategy officer at security vendor InAuth. In other countries that moved to EMV the shift took about three years, he said.
"Fraudsters are still going to have success at the point of sale for a while," he said. But online fraud will probably increase by another 80 to 90 percent, he said. "So we haven't seen the worst of it."
According to an April report by fraud prevention vendor Forter, e-commerce fraud rates went up 11 percent since the October liability shift.
Why haven't more merchants upgraded? Some of the fault is actually with the credit card companies themselves.
Sign up for CIO Asia eNewsletters.