What Mastercard 4871 Means
Mastercard reason code 4871 is a Chip/PIN Liability Shift chargeback. It is filed when a fraudulent transaction occurred at the point of sale where the card's chip was read — but PIN verification was not completed or the terminal lacked the PIN entry capability required by the card's chip data.
Mastercard's EMV liability framework works on a "better technology wins" principle. When a chip card is used at a chip-capable terminal, but the terminal cannot handle PIN verification that the card requires, the liability shifts to the merchant. This is distinct from 4870 (Chip Liability Shift), which covers counterfeit magnetic stripe fraud where the chip was not read at all.
The 4871 scenario most commonly arises when a PIN-preferring debit or credit card is used at a signature-only terminal, or when a terminal's PIN pad is out of service and the transaction falls back to a contactless or signature method. The card's chip data identifies it as PIN-preferring; if the terminal cannot accommodate that preference, Mastercard holds the merchant responsible for any resulting fraud.
Cross-Network Equivalents
| Network | Code | Name | Key Difference |
|---|---|---|---|
| Mastercard | 4870 | Chip Liability Shift | Chip not read at all; counterfeit magnetic stripe used |
| Mastercard | 4871 | Chip/PIN Liability Shift | Chip read but PIN verification bypassed or unavailable |
| Visa | 10.1 | EMV Liability Shift Counterfeit Fraud | Counterfeit chip card; swipe at non-EMV terminal |
| Visa | 10.2 | EMV Liability Shift Non-Counterfeit Fraud | Lost/stolen chip card; PIN bypass or fallback transaction |
| Discover | UA06 | Chip and PIN Transaction | Chip/PIN transaction where merchant terminal lacked PIN capability |
Common Triggers for 4871
- Signature-only terminals: Terminal accepts chip but uses signature instead of PIN — liability shifts if card required PIN
- Broken or bypassed PIN pads: PIN entry device is out of service; transaction completes via signature or contactless fallback
- PIN bypass on contactless transactions: Tap-to-pay transaction where PIN was required above the contactless floor limit but not collected
- Fallback transactions: Chip fails to read; transaction falls back to swipe without PIN — highest liability exposure
- Software not updated: Terminal hardware supports PIN but firmware/software version does not enforce it for certain card types
- Attendant override: Cashier bypasses PIN prompt and processes transaction as signature to reduce checkout friction
Deadlines and Timelines
| Event | Timeframe |
|---|---|
| Issuer files chargeback | Up to 120 days from transaction processing date |
| Acquirer notifies merchant | Typically 1–5 business days after chargeback filed |
| Merchant response deadline | 45 days from acquirer notification (check your processor — may be shorter) |
| Pre-arbitration (if escalated) | 45 days from representment decision |
| Arbitration filing | 45 days from pre-arbitration decision |
Evidence That Can Win
- Terminal certification records: Documentation showing your terminal was PIN-capable and certified under Mastercard's EMV program at the time of the transaction
- EMV chip transaction data: Full chip transaction record (DE 55 data) showing PIN was entered and verified — this is the primary winning evidence
- PIN verification data from the chip record: The transaction's TVR (Terminal Verification Results) and ARC (Authorization Response Code) confirming PIN was collected
- Terminal logs: Point-of-sale system logs showing the cardholder was prompted for PIN and entered it during the transaction
- Card's chip data indicating offline PIN or no CVM required: If the card's chip data shows it did not require online PIN verification, liability may not shift
- Authorization response data: Issuer authorization records confirming the transaction was approved with chip and PIN
- Surveillance footage: Video showing the cardholder interacting with the PIN pad (supplemental, not primary evidence)
Common Mistakes When Responding
- Submitting only a signed receipt: A signature does not overcome the PIN liability shift — you need to prove PIN was entered, not just that some form of cardholder verification occurred
- Confusing 4870 and 4871: These codes require different evidence. For 4871, chip data confirming PIN entry is what matters; for 4870, the issue is whether the chip was read at all
- Not retrieving DE 55 data: The chip transaction data (DE 55) is the authoritative record of how the transaction was authenticated. Many merchants do not know how to retrieve it. Contact your acquirer or payment processor immediately
- Assuming EMV terminal automatically protects you: EMV-capable does not mean PIN-capable. A terminal that accepts chip but only supports signature CVM can still trigger 4871 liability shift
- Relying on fraud being "implausible": The 4871 liability shift is mechanical — it does not require the issuer to prove fraud beyond reasonable doubt. If your terminal lacked PIN capability, that is usually sufficient to shift liability
- Missing the response deadline: Mastercard's 45-day response window is shorter than many merchants expect. Your processor may impose an even shorter internal deadline. Calendar the deadline the day you receive the chargeback notice
How to Respond to a 4871 Chargeback
- Retrieve the full EMV chip transaction record. Contact your acquirer or processor and request the DE 55 data for the disputed transaction. This contains the TVR, ARC, and CVM list — the data that determines whether PIN was collected.
- Verify terminal certification status. Pull your terminal's EMV certification documentation. Confirm whether the terminal was PIN-capable (CTLS/contact PIN pad present and operational) at the time of the transaction.
- Check the CVM (Cardholder Verification Method) results. The TVR byte that indicates CVM results will show whether PIN was successfully verified. If it shows PIN verified (offline or online), you have a strong representment case.
- Review terminal logs. Pull transaction logs from the POS system for the disputed transaction date. Confirm the flow: card inserted → chip read → PIN entry prompt → PIN entered → authorization request → approval.
- Compile your representment package. Include: EMV chip data, terminal certification docs, PIN verification evidence, terminal transaction log, and authorization record. Structure the package to show PIN was required and collected.
- Submit within your processor's deadline. Do not wait for the 45-day Mastercard limit — your processor likely has a shorter internal cutoff. Submit as soon as your package is complete.
- If PIN was not collected, accept the chargeback. If your terminal was not PIN-capable or if logs show PIN was bypassed, the chargeback is likely valid under Mastercard's rules. Accept it and use the incident to justify a terminal upgrade.
Prevention: What to Fix Going Forward
- Upgrade to PIN-capable terminals: Ensure every terminal in your estate supports both contact PIN and contactless PIN above the CVM floor limit. Mastercard's floor limits vary by country — know yours
- Disable PIN bypass options: Remove any cashier-facing options that allow PIN to be bypassed in favor of signature. The short-term friction reduction is not worth the liability exposure
- Enforce contactless floor limits: Configure terminals to require PIN for contactless transactions above the applicable floor limit (typically $100 in the US, lower in some international markets)
- Monitor fallback transaction rates: Track the frequency of chip fallback to swipe in your POS data. A rising fallback rate suggests hardware issues. Mastercard monitors merchant fallback rates and elevated rates can trigger enhanced scrutiny
- Keep terminal firmware current: Ensure payment terminal firmware and EMV software kernels are updated. Outdated software may not enforce current CVM requirements for newer card types
- Train staff to not override PIN prompts: Operational training should explicitly prohibit cashiers from pressing "bypass" on PIN prompts or processing chip-read transactions as signature when PIN is requested by the terminal
Frequently Asked Questions
What is the difference between Mastercard 4870 and 4871?
Both are EMV liability shift codes, but 4870 covers counterfeit chip fraud where a cloned card was used at a non-chip terminal, while 4871 specifically covers Chip/PIN liability shift — situations where a PIN-preferring card was used at a terminal that could not verify the PIN. The 4871 liability shift applies when the chip was read but PIN verification was bypassed or the terminal lacked PIN entry capability.
Can I win a 4871 chargeback if my terminal accepted chip but not PIN?
In most cases, no. If your terminal was not PIN-capable and the card was PIN-preferring, Mastercard's rules shift liability to you. The issuer successfully authenticated the card as requiring PIN, and your terminal's inability to complete that verification is treated as a technology gap that you bear. The only exception is if you can demonstrate the card's chip data did not require PIN or that a signature fallback was explicitly permitted for that card type.
Does 3D Secure help with Mastercard 4871?
No. Mastercard 4871 is a card-present, in-person transaction code. 3D Secure is an online (card-not-present) authentication protocol and provides no liability protection for physical point-of-sale transactions. Defense for 4871 must be based on terminal certification, chip transaction data, and PIN entry records from the actual terminal.
If I upgrade to a PIN-capable terminal, do I still need to respond to existing 4871 chargebacks?
Yes. Upgrading your terminal eliminates future 4871 exposure but does not resolve chargebacks already filed against past transactions. Each outstanding dispute requires a separate response. For chargebacks on transactions that occurred before your upgrade, your only options are to demonstrate the original transaction met the PIN requirements at the time, or accept the chargeback.