Liability Shift Explained: How to Protect Your Business from Chargebacks and Fraud

Liability shift means that in the case of a fraudulent transaction or chargeback, the financial responsibility can move from your business (the merchant) to the card issuer (the customer’s bank) — but only if the payment was processed using a secure and compliant method.

If your payment method doesn’t meet security standards, you may be liable for the full refund and any associated fees.

Without liability shift, you could face:

• A full refund to the customer

• Chargeback fees (typically £15–£25 per case)

• Loss of the goods or services already provided

• Increased chargeback ratio, affecting your merchant account standing

• Potential penalties or account suspension from your payment provider

✅ Ensuring liability shift is applied to your transactions is one of the most effective ways to reduce your risk and protect your revenue.

There are several payment methods that can provide liability protection — depending on how the transaction is taken and what technology you use.

✅ 1. Chip and PIN (In-Person Payments)

• When customers insert their card and enter their PIN on a PDQ machine, the transaction uses EMV security, which qualifies for liability shift

• This means if a chargeback happens, the issuer is usually responsible, not you

Best for: Shops, restaurants, salons, and other face-to-face businesses

Top tip: Always make sure your terminal supports Chip and PIN and is regularly updated. Avoid manually keying in card details, as this removes liability protection.

✅ 2. Contactless Payments

• Most contactless payments (under £100) are also protected, as long as your card machine and the customer’s card support EMV contactless

• Some higher-value contactless payments may require a PIN for added security

Important: If a PIN is requested and skipped (due to customer refusal or a system error), you may lose liability protection for that transaction

Best for: Fast-paced environments like cafés, food vans, pubs, and pop-up shops

✅ 3. 3D Secure for Online Payments

• 3D Secure is the online equivalent of Chip and PIN. It verifies the cardholder during checkout using:

  • A code sent to their phone

  • Face ID or fingerprint in a banking app

  • Secure login via their bank

• The latest version, 3D Secure 2.0, offers a smoother user experience and better fraud protection

Liability Shift Applies When:

• 3D Secure is completed successfully

• The transaction is flagged as authenticated or attempted

• The card issuer accepts the 3D Secure request

Best for: Ecommerce businesses, online retailers, service providers, bookings and subscriptions

Tip: Not all website platforms or payment gateways support full 3D Secure integration by default — always check before signing up.

❌ 4. Manual Keyed Entry or Magstripe (No Liability Shift)

• Manually entering card details (common in MOTO payments or when a Chip and PIN terminal isn’t available) does not qualify for liability shift

• This also includes swiping the magnetic stripe on a card, which is considered outdated and insecure

Best for: Only use when absolutely necessary (e.g. telephone payments or card-not-present sales)

How to Reduce Risk:

• Use AVS (Address Verification System) and CVV checks

• Collect full billing details and clear proof of service

• Ensure your payment provider includes fraud screening tools

There are no specific transaction value limits for liability shift under current UK card scheme rules — it applies regardless of amount, as long as the secure method is used.

However:

• For contactless payments, the £100 transaction cap still applies for convenience, but not for fraud protection

• For low-value online transactions, certain 3D Secure exemptions may apply — if these are used and the transaction is later disputed, liability may stay with you

✅ Best practice: Use 3D Secure or Chip and PIN for all higher-value and high-risk transactions to ensure you're covered.

While liability shift is a security benefit, it’s still important to understand the related costs and setup requirements.

• 3D Secure Support: Most modern gateways include this, but some older setups may charge extra or require manual integration

• PCI DSS Compliance: Without this, you may be charged monthly fees (£5–£15) or even lose your protection

• Outdated Terminals: Older PDQ machines may not support the latest contactless or Chip and PIN updates — upgrading is often worth the investment

• Custom Web Integration: If you use a developer, ensure your checkout process supports 3D Secure 2.0 and Strong Customer Authentication (SCA)