Why are e-commerce merchants liable for fraud?
E-commerce merchants accept card-not-present (CNP) transactions, which means neither the cardholder nor the physical card are present during the transaction. Since there is inherent risk in accepting these CNP transactions, the merchant accepts liability for each transaction (rather than the issuer). By making e-commerce merchants liable for fraud rather than the issuer, it means that the merchant bears sole responsibility for resolving fraudulent orders that are accepted by refunding the customer and handling subsequent issues.
E-commerce fraud often leads to disputes and chargebacks that can cost merchants additional losses in fines, fees and penalties. Since e-commerce merchants are liable for fraud, they are also monitored by their own bank (the acquiring bank) for fraud and chargeback ratios. Merchants who exceed the acceptable ratios for chargebacks may be placed on a high-risk monitoring program by the card brands and charged additional fees and penalties for additional fraud and chargebacks incurred.*
To prevent fraud and keep CNP transactions secure, merchants need to have a variety of tools and validation procedures in place. This may include verification tools made available by the card brands (3D Secure, etc) or other third-party tools and solutions.