More

    Why EMV Rollout in the U.S. Is a Failure

    October 1, the deadline for credit card companies and retailers in the U.S. to make the switch to the new EMV chip standard and replace the old magnetic strip on credit cards, has come and gone. But according to Forbes, nearly 60 percent of consumers have yet to receive their new upgraded credit cards, nearly 70 percent haven’t gotten any information at all about the new chip technology, and those who have received the chip-enabled cards have no idea what the change is all about.

    Retailers are probably glad that the new credit cards aren’t in heavy circulation yet. Although they are responsible for any credit card fraud occurring at their place of business, merchants have been very slow to adopt the new technology. As International Business Times reported, only 27 percent of businesses were ready for the new standard on October 1, and by the end of the year, the number is expected to reach 44 percent of merchants who accept credit card payments.

    The point of the new cards is to decrease the risk of credit card fraud and provide a safer way for financial transactions. Similar to the European credit card experience, the new chip cards will change the way we check out at stores. Card users insert the card into an EMV terminal, where it remains throughout the duration of the transaction. No more swiping a magnetic strip. However, in its survey on consumer awareness of the new EMV changes, Harbortouch found that half of the respondents don’t believe that security is going to improve with chip-embedded cards.

    All we know for sure right now is that the adoption of the new system is progressing slowly. So why are businesses – and in turn, consumers – so hesitant to embrace EMV chip-enhanced credit cards?

    Why EMV Rollout in the U.S. Is a Failure - slide 1

    The Slow Road to EMV Implementation

    Click through for reasons why the U.S. EMV rollout is so far behind and completely missed the October 1, 2015 deadline, as identified by Sue Marquette Poremba.

    Why EMV Rollout in the U.S. Is a Failure - slide 2

    Consumer Card Replacement

    One possible reason for this slowdown is that banks are issuing chip cards to customers in phases – with consumers’ credit history and income as factors in determining priority order of receiving a new chip-enabled card, according to Jared Isaacman, founder and CEO of Harbortouch. “So if you have a low credit limit, you’ll be waiting a little longer for your EMV card than consumers with higher credit limits and larger incomes.”

    Why EMV Rollout in the U.S. Is a Failure - slide 3

    Supply and Demand

    Another reason the process is taking longer than expected, Isaacman said, is the vendors that actually manufacture the chip cards are having a difficult time keeping up with demand. Millions of cards need to be reprinted, so a lag in filling these orders is to be expected.

    Why EMV Rollout in the U.S. Is a Failure - slide 4

    Costs of Implementation

    The transition hasn’t been cheap. A Software Advice study found that 33 percent of retailers found the move to EMV compliance was too expensive. “The cost varies based on what the merchant has to update. Just getting a chip card reader or two isn’t a huge spend, but having to update a system’s entire backend can get very expensive,” said Justin Guinn, market research associate. “So it’s understandable that retailers are hesitant to make the spend, but the potential negative impacts, and risk factors of being liable for fraud, greatly outweigh the cost of upgrading to a compliant system.”

    Why EMV Rollout in the U.S. Is a Failure - slide 5

    A Lack of Buy-In

    Retailers aren’t buying into the need for the switch, either, according to the Software Advice study. Nearly a quarter of respondents said EMV compliance is unnecessary, and another 10 percent were totally in the dark about the EMV standard. “Some believe that the potential amount of chargebacks that they could be responsible for is miniscule, but as more and more retailers become compliant, the pool of retailers who leave themselves open to risk will inevitably grow,” said Guinn.

    Why EMV Rollout in the U.S. Is a Failure - slide 6

    Lack of Prep Time

    There wasn’t enough time for the changes. The U.S. market is the largest in the world, but was given the least amount of time for businesses to migrate to EMV before the liability shift went into effect. It took time for acquirers to become certified and able to process EMV transactions, Michael English, VP of Product Development for Heartland, one of the nation’s largest payment processors, explained. “ISVs and VARs could not start their development and certification process until the acquirers and processors were ready, which caused many POS systems providers to not be ready with a solution by October 1,” he added.

    Why EMV Rollout in the U.S. Is a Failure - slide 7

    PC Software Glitch

    There is a serious software glitch, according to Tim Lynch from Psychsoftpc. The software for taking credit cards through a PC is not ready or certified yet, he said, so small businesses that have invested money in systems based on this software are now being told to switch back to a separate terminal for charges and enter the data by hand into the PC. “The software is PC Charge, which is installed in 1000s of machines throughout the U.S.,” Lynch explained. “It, along with a USB card magnetic strip reader, turns any PC into a POS station. The company now says they are not going to update this software and it is no longer compliant. They are supposedly working on new software but it is not certified and may never be even finished.”

    Why EMV Rollout in the U.S. Is a Failure - slide 8

    Lack of Security Knowledge

    Retailers still don’t “get” security. There is an overall lack of knowledge of what constitutes a security threat, and too many companies don’t have the steps in place to address a security problem or a fraudulent act. As Srii Srinivasan, co-founder of Chargebackgurus.com, stated, “We have spoken to too many business owners that have been hit by fraud even in ‘card present’ transactions. They start investigating about their liability and take steps to learn about fraud protection ONLY after they have lost significant amounts of money.”

    Why EMV Rollout in the U.S. Is a Failure - slide 9

    Transaction Processes Confusion

    A lot of confusion also exists about how to use the cards in certain types of transactions. According to Michael English, both industry players and POS providers are unsure how the EMV standards will work with regard to tipping, tip adjustment, and special transactions, such as bar tabs at check out, which are all allowed. “There are differences in the clerk and customer experience when comparing EMV to magstripe transactions, so training and retraining staff is necessary,” he said.

    Why EMV Rollout in the U.S. Is a Failure - slide 10

    The EMV Standard

    Migrating to the EMV standard isn’t impossible. The issue will sort itself out as retailers (and probably the general public, for that matter) start hearing horror stories about non-compliant merchants being hit with large chargebacks due to fraudulent charges, Justin Guinn pointed out. “As more and more chip cards hit the market,” he said, “those non-compliant merchants will assume liability over many more consumers. Once retailers themselves experience or see their peers be faced with large chargebacks to cover fraudulent charges, they’ll be much more motivated to move to EMV compliance.”

    Why EMV Rollout in the U.S. Is a Failure - slide 11

    Next Steps

    All that being the case, it is necessary for retailers to get a better grasp on the security of credit cards and POS transactions. The EMV standard is not going to solve every security threat, and eventually, hackers and other cyber criminals will find a way to outsmart the system. In order to keep up with the security threats and prevention measures, Srinivasan recommended the following steps:

    1. Assign a designated resource to read about the latest trends in retail fraud and upgrade their stores with the latest technology to prevent fraud.
    2. Create a Change Control Manual that can be implemented in a short period of time when security changes need to be implemented.
    3. Motivate employees and have monthly briefings with all employees to keep them aware of all retail security threats and how they can better prepare themselves when dealing with credit card transactions.
    Sue Poremba
    Sue Poremba
    Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.

    Latest Articles