Six months ago (October 1, 2015) the new EMV (Europay, MasterCard, and Visa) law went into effect. In short, the law states that whoever has the lesser technology – retailer or bank—will now be responsible for fraud.
With such high consequences—the per-record cost of a data breach reached $154 this year—why have we seen such low adoption? Many people didn’t even receive an EMV card until recently and you can expect to find chip and pin readers in fewer than one in five brick-and-mortar merchants.
Do you take the chip?
That’s what all of us seem to be asking when we are about to make a purchase and more often than not, we hear that we are still supposed to slide. Anyone who knows about the EMV law wonders, “why?” Why would merchants accept the risk of being held responsible for a data breach—especially when most of them have the chip reader?
Payments expert Allen Weinberg has a great blog post about why America has been slow to adopt chip and pin payments, and as you probably guessed, the main motivation is money.
As Weinberg explains, many companies, especially the large ones, don’t want to be the ones to “educate America” on how to use the chip and pin. It takes time and money to train employees how to use it and then slows down the lines when those employees need to train customers. This was especially true during the holiday season. Lines were already long for holiday shopping, retailers didn’t want to slow those lines down and risk upsetting customers.
For smaller companies, Weinberg explains that one of the main reasons they are not adopting EMV is because of the set up cost. POS systems need to be modified and upgraded to accept chip and pin; this is both time consuming and expensive. They also need to join the long line of merchants waiting for certification.
Based on all of this, many merchants have chosen to take the risk and “lie in wait.” They want to wait until customers already know how to use the technology. They want to wait until the demand for EMV tech goes down, so maybe the price will. They want to wait until the certification process does not take so long.
What does this mean for you?
As a consumer, it doesn’t mean much. Just continued confusion every time you walk up to the cashier. Also, expect that confusion to continue; Visa has said it has typically taken about three years after the liability shifts in other countries before 90% of card transactions were conducted using a chip and pin card.
If your job is in payment security, this affects you greatly. Push the C-suite to make the full shift to EMV payments. Non-compliance is not a smart strategy. Yes, it costs money to make the switch, but it will cost more money when you have a major breach—and not just money. A data breach leads to bad PR, additional time needed to fix the problem and loss of business.
Share with us why you have EMV working at your business or why not on Facebook.