EMV will also not address online fraud, skimming, or other types of identity theft, and experts predict criminals will switch more of their efforts online. Stolen card numbers could still be used to buy things online, and there will be more examples of ACH fraud, check fraud, and account takeovers, Santhana said.
If fraud is a large pie, the slice representing the face-to-face counterfeit card problem will shrink, but the online fraud slice will get bigger. The fraud pie isn't going to get any smaller because of EMV.
"Once you seal off one vector, attackers switch to a different one," Santhana said.
An expensive decision to not switch
Replacing hardware and software throughout the country to be EMV-ready was a massive undertaking, and it was not cheap. McGraw estimated billions of dollars in costs. Retailers who've already been burned by data breaches and fraud-prone organizations were already on track to switch. Walmart switched over more than a year ago, for example.
In the years before Target, telling all the merchants they have to go out and buy new systems was a hard argument to make, McGraw said. In that sense, the retail breaches had a silver lining, as it motivated banks and merchants to make that shift.
The smallest businesses may not be as motivated to switch because the transaction amounts they would have to absorb are much smaller. In the case of businesses like dry cleaners, the customer has to come back, making a fraudulent transaction less likely, Santhana noted. It's the midsized and large retailers who will not be able to absorb the costs of fraud or weather the reputational damage caused by a major fraud incident, Baxley said.
"It's like buying insurance. Some won't buy, and the smart ones do," McGraw said.
For the retailer, this was strictly a hardware change as they needed to invest in new card readers and point-of-sale systems, but there were associated costs, such as training employees on how to use the new systems. Part of the delay in the EMV rollout was also a resource issue: Merchants had to wait until their banks and their payment gateway/processors had been certified to use EMV, before they could deploy the hardware and test to ensure the new systems were working.
For merchants still on the fence, there's another "carrot" to make the work worthwhile: future-proofing to accept more modern payment methods, such as contactless payments.
For merchants who've wanted to take advantage of Google Wallet or Apple Pay, upgrading to EMV would address that change at the same time.
The switchover may have been a little rough, but it positions retailers to take advantage of the new changes looming. As people get used to chip-enabled cards, contactless payments, and even biometrics to pay for things, future upgrades and enhancements will be less disruptive, thanks to EMV. "Maybe by 2018, we can get smart enough to use the PIN," adds McGraw.
Sign up for CIO Asia eNewsletters.