Are retailers (and consumers) ready for EMV?

As chip-and-pin credit cards make their way into consumer's wallets, the industry has been steadily preparing for the fall deadline.

A few weeks ago, I got two fat envelopes in the mail. Each one held a new credit card inside along with instructions on how to use that card. Then, when I stopped at my local grocery store, at Nordstrom, even the corner liquor store, each had a new reader with a slot at the bottom into which I could slide those new cards.

The switchover to EMV which stands for EuroPay, Mastercard, Visa in the U.S. is coming. The payment system already widely adopted in the rest of the world (hence EuroPay in the name) is set to become the norm after October 1, 2015.

Liability shift to less secure

The transition to EMV is also accompanied by a liability shift, wherein liability for fraudulent, card-present transactions will lie with whoever is less secure in processing those payments. If the card is chip-enabled but the retailer can't accept chip transactions, for example, the retailer would be liable. This edict came down from major card issuers, which pushed retailers to accept the change or be on the hook for those charges.

Even though the rollover deadline is months away, some retailers have already changed how they accept payments so that they're ready ahead of the deadline and ready to take those chip cards that some consumers already have in hand.

[Related: Is EMV the silver bullet to credit card fraud?]

Retailers retool

"In 2012, when the [payment] networks announced this directive, and we were going to our retail clients and asking them 'do you need help understanding this?' at the time it wasn't really on the top of their minds," says Michele Orndorf, financial and retail industry strategist at Kurt Salmon. "Moving over and upgrading Point of Sale is clearly an investment that is going to hit the bottom line. It's not something they were going to do two years in advance if they didn't have to."

That attitude started to change in 2013, and now the trickle of switchovers has been a flood. "I would say your top retailers the Targets, the Macys the Bloomingdales they've already done it. They're ahead of the game," she says.

As that deadline looms closer, middle-tier retailers are starting to catch up. "They're realizing 'wow we have to do this,' and that's who we're getting the questions from now," Orndorf says.

Cards are coming or already here

Just as retailers are retooling how they'll accept payments, consumers are getting new chip-enabled cards too.

"Things are going well and things are very busy," says Phillipe Benitez, vice president of business development for EMV and mobile payments for Gemalto, which has issued 4 billion EMV cards globally. "You've been receiving EMV cards in the mail, even without asking for them. That's the case for all the major U.S. issuers."

Plus, the U.S. credit card market is highly concentrated, Benitez says, with the top 10 card issuers representing the majority of cards in circulation. All 10 are on board with the change, which means most consumers will have a chip card in hand well before the deadline, if they don't have one already.

Orndorf adds that consumers are more likely now to hop on board a card change because of the recent flood of retail hacks. "All the data breaches of the last three years helped the situation," she says. Consumers are aware of the need for change. "Also Apple Pay coming out has shone a spotlight on security. Consumers are starting to take notice," Benitez says.

One noticeable gap in EMV reader adoption is on retail-branded store cards cards that can be used only at one company. "Initially they may think that they don't need to put a chip on those," Orndorf says. "As consumers start to use their chip cards and recognize in their minds that it's more secure, they may chose to use what they consider is the more secure card if their store card doesn't have a chip on it."

That means lost revenue for retailers, which may force retailers them re-think the store card and put chip on those as well. A chip can hold a lot more information, too, says Orndorf.

[Related white paper: Not meeting the Chip and PIN deadline could cost U.S. businesses billions!]

"Ultimately the chip can deliver things like loyalty rewards at point of sale. Many other types of applications can be added to that chip," she said, which may further push retailers in the chip direction for their store-branded cards.

Who will lead?

The question next will be who teaches consumers how to use the cards. Even though chip-reading terminals are already in stores, when will consumers start using them? And what kind of delays will that cause at the check out line?

Right now, Orndorf says, banks are educating their customers with how to use their new cards, but that responsibility will ultimately fall onto the person who has to make the transaction happen. "The retailer is going to have to educate their sales associates," she says. "It's not a smooth transition from swiping your own card to have to dip the card." Until consumers get into the store and try to use their new cards, she says, they can't understand what the change will be.

"Sales associates are going to be critical to keeping the line moving," she says.

Benitez points out the failure of consumers to embrace contactless credit cards 10 years ago as a sign that it's hard to get people to change en masse, but he sees hope in the acceptance of contactless EMV transactions already happening globally. Contactless EMV transactions "around the world is taking off, which is increasing card use and increasing revenue for merchants," he says. It's also increasing the speed at point of sale for consumers and that, ultimately, will decide how consumers adopt a new way to pay.

Join the CSO newsletter!

Error: Please check your email address.

Tags Nordstrome-commercepayment processingsecurityvisaindustry verticalsinternet

More about AppleGemaltoMastercardNordstromVisa

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jen A. Miller

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts