[wcoenen]

Only until October 2015. After that, card issuers will be liable[1] if they accept a fraudulent payment unless the EMV (i.e. chipped) card was present or (for online payments) they authenticated the card holder with 3-D Secure[2].

[1] http://blogs.wsj.com/corporate-intelligence/2014/02/06/octob...

[2] https://en.wikipedia.org/wiki/3-D_Secure