Oct 1, 2015 was EMV Day. After the long-awaited liability shift, who is ready for the new card security protocol and who is not? Newly released reports from The Strawhecker Group and leading insurer, The Hartford, point to broad swaths of businesses where EMV readiness is sparse. But that's OK for now, because so is card issuance.

EMV (for Europay, MasterCard and Visa) is a security protocol for chip-embedded (smart) cards and card-accepting terminals. It is considered far superior to storing card and cardholder information on mag stripes because it employs encryption to mask card information exchanges. EMV cards are also too difficult for fraudsters to reproduce to make counterfeiting cards profitable for them.

All merchants now must be EMV-compliant; deadlines for acquirers have already passed. Any merchant or other party in a transaction stream that is not EMV compliant is financially liable for losses from data breaches that stem from that lack of compliance. Historically, issuers have borne much of the cost associated with data breach-related fraud.

However, a survey of small businesses just released by The Harford indicates 50 percent of small-business owners don't even know about the EMV liability shift. Among those surveyed, 86 percent are not yet ready to accept chip cards, the company said. Less than one-quarter (24 percent) of those with EMV terminals said they made the switch to avoid being held liable for fraudulent transactions.

Some verticals more prepared

TSG released data in early September 2015 suggesting just 27 percent of all merchants would be ready for the liability shift by Oct. 1. A subsequent report ranks EMV readiness by vertical markets. TSG said it surveyed a minimum of 75 credit and debit card accepting merchants in each category.

Shoe stores, as a group, are best prepared; 69 percent have EMV hardware installed, TSG reported. Department stores and men's and boy's clothing stores follow in EMV readiness, with 59 percent and 57 percent, respectively. Stationary stores are the least prepared – just 23 percent have EMV terminals installed.

Mike Strawhecker, a TSG Principal, said, "It makes sense that certain retail merchant types are more ready than others for the liability shift, as some are much more likely to potentially see fraudulent transactions." Most big-box merchants were ready months ago, Strawhecker added.

The National Retail Federation blames financial institutions and their technology partners for the holdups. "Retailers are further along in the conversion process than credit card companies," NRF General Counsel Mallory Duncan said in a policy statement published Sept. 30. He also said many merchants have EMV terminals in place but continue to swipe cards because the devices haven't been certified as EMV compliant.

TSG's analysis identifies four key hurdles to EMV implementation: processor readiness, gateway readiness, merchant business management software readiness and replacement POS terminal readiness.

Card issuance lags big time

Meanwhile, eConsumer Services said its analysis suggests large numbers of U.S. consumers aren't ready for EMV either. Fifty percent of consumers with one or more credit or debit cards have not yet received EMV cards, said Gary Cardone, Chief Executive Officer of the firm. What's more, 67 percent of those with one or more credit or debit cards have not received any information from their financial institutions about EMV cards.

A new survey from ACI Worldwide paints an even bleaker picture. Among the 1,000 credit and debit cardholders surveyed, 59 percent have not yet received EMV cards, ACI reported. Among consumers who have received chip cards, 32 percent are aware the United States is moving to EMV security; the majority have no idea why they were sent chip cards.

In a statement about the survey findings, Mike Braatz, ACI Senior Vice President for Payments Risk Management, said, "[I]f consumers are unaware, the implications for retailers come October and throughout the holiday shopping season could be major."



Source: greensheet.com