Confused. That’s the best word to describe retailers more than a month after the October 1 deadline passed for businesses to become EMV-compliant – by installing new EMV-capable credit card readers and acquiring certifications from various payment networks, among other requirements. The resulting liability shift means business owners are now on the hook for any fraud problems that arise from credit card transactions in their stores if they don’t migrate to the technology.
But, in a twist, Time recently reported that only about a third of merchants have actually completed the migration, according to analyst estimates. For many small businesses, the cost of EMV migration is steep, and there are questions regarding the technology setup and compliance requirements. Some retailers may find the EMV transition is as simple as replacing or upgrading existing hardware and software. But other merchants use sophisticated point-of-sale (POS) systems to manage not only payments, but also critical business functions like inventory, scheduling and promotions, so figuring out the right path to EMV compliance is a challenge.
[ ALSO ON CSO: Is EMV the silver bullet to credit card fraud? ]
At the same time, several large, high-profile retailers say the new EMV standard doesn’t go far enough. For example, some big U.S. retailers, such as Target and Walmart, are stepping up efforts to require PINs to be used with chip-embedded cards to even more forcefully prevent fraud. Banks, however, are resisting any effort to invest further in PIN technology, as is already used with debit cards.
[Related: Feud heats up over chip cards, FBI warning]
Finally, even businesses with EMV-enabled terminals are dealing with confusion on the consumer side, as shoppers get used to having their cards inserted into terminals – EMV transactions take several seconds longer to process than traditional credit card swipes.
EMV confusion no surprise, say experts
The number of perplexed retailers who have yet to make the switch to EMV is no surprise, says Gary Staub, chief marketing and sales officer for Sterling Payment Technologies. “It’s been clear for a while that many merchants wouldn’t be able to make the switch to EMV technology in time,” he says.
Small and medium-sized businesses will be slower to adopt EMV because of the costs associated with the transition, says Jay Townsend, senior associate in Booz Allen’s retail business. Some also harbor a negative perception that EMV won’t offer any additional protections. “There is also a standing misperception that smaller retailers are flying under the radar of cyberthreat actors,” he says.
Still, this is just the beginning of a lengthy migration process, says Jared Drieling, business intelligence manager at The Strawhecker Group, a management consulting company focused on the global electronic payments industry. “There are pluses and minuses associated with EMV but all in all, we need to view this as the starting line versus a deadline,” he says. “I don’t think that this confusion is a bad omen for EMV’s future – this is a large and complicated migration, so it will take time.”
PIN likely to remain a niche
Big Box retailers are advocating for the use of PIN-based cardholder verification because it affords an added and critical layer of protection, particularly against lost and stolen card fraud, says Townsend: “We believe that PIN is the next logical step that retailers and card issuers will adopt to provide an additional layer of protection for consumers and point of sale environments.”
But, while it would further increase security, requiring PIN is likely to remain a niche, Staub maintains. “There seems to be a strong feeling among card issuers and brands that American consumers aren’t ready for another substantial change to how payments are processed,” he says.
In addition, some experts maintain there are pros and cons with both chip and PIN and chip and signature measures. “Although several entities are pushing for chip and PIN and have called chip and SIG a half measure, chip and SIG is likely the best immediate solution as not all retailers support PIN purchases,” says Drieling. “Also, note that issuers see more revenue from SIG based purchases – I would argue that chip and SIG offers the most cost-effective and immediate solution in counterfeit fraud.”
What small retailers need to keep in mind about EMV migration
The EMV transition has been a challenge for many businesses, but smaller businesses that without much in-house technology expertise are at a particular disadvantage. Here are three things retailers need to keep in mind about migrating to EMV:
- Deploy an EMV solution that meets your business needs. Small business owners should be looking at EMV now, but they also need to take the time to make sure that they’re deploying a solution that meets the needs of their business. “It doesn’t mean that merchants should attempt to quickly cobble together a compliant solution,” Staub says. “They need to identify an upgrade path that enables EMV payments while also maintaining and building on the broader value to their operations.”
- Take precautions to help minimize the risk of fraud. Retailers that have yet to implement EMV technology can still take appropriate precautions to minimize risk. “Check the signature on a receipt to make sure they match those on the card,” says Staub. “And, ask customers for identification for unusually large transactions.”
- Remember that EMV compliance takes time. It’s not the end of the world if you’re a merchant and you didn’t upgrade by October 1, says Drieling. “It’s going to take years for total EMV migration to take place,” he explains. “Small businesses that don’t see much fraudulent transactions may take a wait and see approach or simply conclude that the investment doesn’t make economic sense. In other cases, if you’re a merchant who may potentially see higher fraudulent transactions and have not migrated to EMV, you may be in for a rude awakening.”
This story, "For retailers, confusion reigns after EMV rollout" was originally published by CIO.