The obvious question is: Why? Especially given the liability risk. Especially since EMV makes “card-present” transactions much less vulnerable to fraud, and the U.S. currently holds the dubious distinction of leading the world in that area of cybercrime.
Not to mention that the U.S., which prides itself on being among the most technologically advanced nations in the world, lags behind most other countries in implementing this technology.
According to experts, there are a number of reasons. First, the deadline is not a law. Failure to meet it will not produce fines or criminal sanctions.
The most widely reported “incentive” to adopt it is the so-called liability shift, which means that whichever party – the merchant or the card issuer – has the “lesser” technology will be held liable for fraudulent transactions.
If a customer has a chip card but a merchant can only do swipe-and-signature, the transaction will still work, but the merchant will bear the cost of any fraud. Or, if the merchant has a new terminal but the customer doesn’t have an EMV card, the card issuer eats any fraud costs.
Adrian Lane, security analyst and CTO at Securosis, argued in a recent research paper that there is much more involved than the liability shift – much of it very good for merchants – but he said much of the resistance to the change is because, “merchants are being asked to incur significant costs and operational disruption to solve a banking problem rather than a merchant problem.”
He added that it is much more complicated than, “a straight equipment swap.”
Mark Horwedel, CEO of the Merchant Advisory Group, agrees. He said the large majority of the burden – especially the financial burden – of this transition falls on the merchants.
“This is the most complicated and most costly point-of-sale (POS) project that’s ever been foisted on merchants. They’re making us pay for 75% of the conversion,” he said, adding that in Europe, networks lowered their interchange fees or offered to share some of the cost of installing new equipment. Besides that, he said, U.S. merchants pay transaction fees that are seven to eight times those paid in Europe.
“Credit cards are a bank product,” he said, “and on their face they are unsafe, but the industry has made a one-sided effort to shift the expenses (of making it more secure) to the merchants.”
He also complained about the time allowed for the shift. “Four years is not enough,” he said. “In Canada it was eight to 10 years. It is a huge overhaul.”
Dick Mitchell, solutions director at Randstad, said there is no big push from consumers demanding the EMV system, “so many businesses just aren’t feeling the urgency to upgrade their systems. Part of that is because consumers have historically been insulated from the liability, but there has also been a lack of education.”
Sign up for CIO Asia eNewsletters.