Retailers plodding toward accepting higher-security payment cards

Target is speeding up support for chip-and-PIN payment cards to restore consumer confidence shaken by last year’s massive data breach. But many other retailers feel less of an urgency to adopt the more secure technology.

Target plans to complete the needed technology upgrade at payment terminals in its 1,797 U.S. stores by next September, which is about six months ahead of schedule, a spokeswoman for the retailer told IDG News. The total cost of the upgrade is $100 million.

During last year’s holiday shopping season, hackers broke into Target’s point-of-sale terminals and stole 40 million payment card records. The breach has spawned 80 lawsuits and cost the retailer $61 million in remediation costs in the fourth quarter of 2013.

Chip-and-PIN cards, which are widely used in Europe and elsewhere, use a microchip to store customer data, eliminating the less secure magnetic stripe found on most U.S. payment cards today.

Visa and Mastercard have set an October 2015 deadline for retailers to accept the new cards. Those that do not will be liable for fraudulent purchases made with the older cards.

As ominous as that sounds, many retailers are not hurrying to make the transition to the expensive technology required to accept the more secure cards. Experts estimate that the transition would cost the industry $30 billion.

“Retailers who I speak to are mainly planning to upgrade their terminals (to accept chip-and-PINn cards) as part of their normal upgrade cycles,” Avivah Litan, analyst for Gartner said. “I don’t see any of them rushing just to meet this liability shift deadline.”

The National Retail Federation declined comment on the credit-card companies’ timetable, but said it supported the move to more secure cards in general.

“If we’re going to transition to a more secure system, then we should transition to a chip-and-PIN-based system,” Stephen Schatz, spokesman for the trade association, said.

That move for many retailers won’t be completed by October 2015, said Randy Vanderhoof, executive director of the EMV Migration Forum, an independent, cross-industry group created to address issues related to the move to chip-and-PIN cards, which are also called smartcards.

“We’re going to be going through a transition phase that had begun two years ago and still has probably two or four more years to go,” Vanderhoof said.

By then, most consumers will have smartcards and the majority of retailers will have the technology in place to support them, he said.

Chip-and-PIN cards can improve security by requiring a PIN, or personal identification number, when making a purchase. However, most of the cards are configured to only require a PIN when making a debit transaction.

The biggest benefit of the cards is the chip, which prevents cybercriminals who have stolen credit card numbers from using them to make counterfeit cards.

Retailers face severe damages from a major data breach. A third of consumers whose personal data has been compromised avoid doing business with the retailer after a breach, a study released this week by Javelin Strategy & Research, found.

“Retail is highly commoditized,” Al Pascual, analyst for Javelin Strategy, said. “If Target doesn’t work out for me, than I can go across the street to any Wal-Mart.”

Wal-Mart has been pushing Visa and Mastercard to move faster in requiring chip-and-PIN cards, Avivah said.

“They want to standardize their equipment across the globe for economic reasons and the U.S. is one of the only countries that hasn’t yet moved to chip-card acceptance,” she said.