Digital Identity Blog

Thought leadership for cybersecurity, fraud and digital channel professionals

Behind the Plastic Curve. Half of U.S. Retailers to Miss October 2015 Deadline for Upgrading Credit and Debit Card Payment Systems.

By ThreatMetrix
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.
Follow ThreatMetrix ThreatMetrix's Most Recent Posts:

Credit card networks set an October 2015 deadline for U.S. merchants to upgrade their payment systems to the chip-based smart card standard, EMV. The “E” of EMV stands for Europay and the “M” and “V” stand for MasterCard and Visa, the companies that first backed the technology.

Chips in EMV cards, rather than the magnetic strips on most US credit and debit cards, make it harder to copy account numbers and security codes. And because EMV cards create a unique code for each transaction, they are more difficult to hack or counterfeit.

Since just about everybody agrees EMV cards are an improvement over the cards used in the United States today, what is the problem with converting to them?

That’s what Olga Kharif and Bianca Vazquez Toness explored in their piece on (Following is an excerpt from that piece that has been edited to fit our format.)

One reason for the delay is the upgrade’s high cost—$500 to $1,000 per payment terminal, according to researcher Javelin Strategy & Research, a division of Greenwich Associates. Retailers are also concerned that the switch will slow checkout times and that it remains unclear how the EMV software will work with debit cards. “It is not a question of just turning it on,” says Margaret Chabris, a spokeswoman for 7-Eleven, “EMV specifications are still being finalized.”

Still, some big retailers, including Wal-Mart Stores, Kroger and Target, have pushed ahead with the upgrade. Wal-Mart started updating its payment terminals in U.S. stores eight years ago. The company says it has progressed slowly because of a lack of industry support, despite the clear benefits. “We saw the fact that it was being implemented in the U.K. and many other countries around the globe; we saw the fraud decrease once this solution was implemented,” says Mike Cook, assistant treasurer at Wal-Mart.

All of Wal-Mart’s 4,838 U.S. stores (including Sam’s Clubs) have the chip-based hardware in place. Of those, 1,000 have turned it on. By year end, Wal-Mart says, the new payment terminals will be running in all of the company’s U.S. locations. “We want to activate early if there are any problems or bugs to be worked out,” Cook says.

For terminals to provide added security, customers must have chip-enabled cards. “Part of the reason we haven’t pushed faster is there’re just no cards out there for acceptance,” Cook says. Today, with about 1 billion cards in use in the U.S., just 20 million chip cards have been issued, according to Smart Card Alliance. Only 20 percent to 30 percent of U.S. card holders will have the new cards by the deadline, says Nick Holland, an analyst at Javelin.

The new cards can cost up to $2 each, compared with pennies for the magnetic-stripe models. “We’ve got 10 million cards in inventory out in the field,” says Mark Putman, a senior vice president for First Data which offers prepaid card services. “At $2, we are probably looking at a $20 million investment, which I am going to defer for as long as possible.”

Retailers are willing to do their part to improve security, the National Retail Federation says, but banks and card companies also have a responsibility to update their systems. That includes making and issuing chip-enabled cards.

The price for not complying could be high. Credit card companies have said most retailers and banks will be liable for some fraudulent in-store transactions if they don’t have the new system. Even so, “merchants aren’t crazy about this migration to EMV, and many of them are fighting it tooth and nail,” says Julie Conroy, an analyst at Aite Group.

By ThreatMetrix Posted