Behind the Plastic Curve. Half of U.S. Retailers to Miss October 2015 Deadline for Upgrading Credit and Debit Card Payment Systems.

Posted on April 21st, 2014 by Dan Rampe

EMV

Credit card networks set an October 2015 deadline for U.S. merchants to upgrade their payment systems to the chip-based smart card standard, EMV. The “E” of EMV stands for Europay and the “M” and “V” stand for MasterCard and Visa, the companies that first backed the technology.

Chips in EMV cards, rather than the magnetic strips on most US credit and debit cards, make it harder to copy account numbers and security codes. And because EMV cards create a unique code for each transaction, they are more difficult to hack or counterfeit.

Since just about everybody agrees EMV cards are an improvement over the cards used in the United States today, what is the problem with converting to them?

That’s what Olga Kharif and Bianca Vazquez Toness explored in their piece on businessweek.com. (Following is an excerpt from that piece that has been edited to fit our format.)

One reason for the delay is the upgrade’s high cost—$500 to $1,000 per payment terminal, according to researcher Javelin Strategy & Research, a division of Greenwich Associates. Retailers are also concerned that the switch will slow checkout times and that it remains unclear how the EMV software will work with debit cards. “It is not a question of just turning it on,” says Margaret Chabris, a spokeswoman for 7-Eleven, “EMV specifications are still being finalized.”

Still, some big retailers, including Wal-Mart Stores, Kroger and Target, have pushed ahead with the upgrade. Wal-Mart started updating its payment terminals in U.S. stores eight years ago. The company says it has progressed slowly because of a lack of industry support, despite the clear benefits. “We saw the fact that it was being implemented in the U.K. and many other countries around the globe; we saw the fraud decrease once this solution was implemented,” says Mike Cook, assistant treasurer at Wal-Mart.

All of Wal-Mart’s 4,838 U.S. stores (including Sam’s Clubs) have the chip-based hardware in place. Of those, 1,000 have turned it on. By year end, Wal-Mart says, the new payment terminals will be running in all of the company’s U.S. locations. “We want to activate early if there are any problems or bugs to be worked out,” Cook says.

For terminals to provide added security, customers must have chip-enabled cards. “Part of the reason we haven’t pushed faster is there’re just no cards out there for acceptance,” Cook says. Today, with about 1 billion cards in use in the U.S., just 20 million chip cards have been issued, according to Smart Card Alliance. Only 20 percent to 30 percent of U.S. card holders will have the new cards by the deadline, says Nick Holland, an analyst at Javelin.

The new cards can cost up to $2 each, compared with pennies for the magnetic-stripe models. “We’ve got 10 million cards in inventory out in the field,” says Mark Putman, a senior vice president for First Data which offers prepaid card services. “At $2, we are probably looking at a $20 million investment, which I am going to defer for as long as possible.”

Retailers are willing to do their part to improve security, the National Retail Federation says, but banks and card companies also have a responsibility to update their systems. That includes making and issuing chip-enabled cards.

The price for not complying could be high. Credit card companies have said most retailers and banks will be liable for some fraudulent in-store transactions if they don’t have the new system. Even so, “merchants aren’t crazy about this migration to EMV, and many of them are fighting it tooth and nail,” says Julie Conroy, an analyst at Aite Group.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.