The Oct. 1, 2015 deadline has come and gone for retailers to adopt chip and pin technology to process credit-card transactions, shifting fraud liability from banks to merchants. Yet many retailers are still without operational Europay, MasterCard, and Visa (EMV) chip and pin machines.
A variety of reasons explain the delay, from hardware and software issues to a lack of urgency on the part of retailers. But some stores did get systems operational before the deadline.
The push for EMV systems in the U.S. is a response to increasing concerns about consumer data security, particularly after large-scale breaches of retailers such as Target and Home Depot, which left banks seeking a way to reduce their liability.
Merchants without operational EMV systems will bear the liability any time a counterfeit card is swiped at a store. But many believe the risk is low because they haven’t experienced fraud. “I couldn’t tell you the last time we had fraud with a customer who had the card in hand. We’ve had a few issues over the phone,” said Blaine Benson, general manager of Phoenix-based B&L Pools, whose stores are in transition, with about half using chip.
This confidence also may result from the nature of the pool and spa business. Many retailers have a level of familiarity with their customers. “... We know the people who are buying from us,” said Dan Lenz, vice president of All Seasons Pools & Spas in Orlando Park, Ill. “The potential of them using stolen information is pretty low. ”
At least one of the industry’s business-software producers agrees. Christina Braks, vice president of Vancouver, Wash.-based Evosus Inc., said none of its customers have experienced this type of fraud in the past year, based on a survey by Openedge.
One’s motivation to switch also may depend on product selection. “To the extent that a merchant sells high-ticket items, they have greater exposure and higher incentive to get set up with EMV,” said J. Craig Shearman, vice president of government affairs and public relations at the National Retail Federation.
But the potential for an incident is still there. For smaller businesses, that can be enough prompting to comply. Seattle-based Olympic Hot Tub transitioned in the summer of 2015 and became fully operational by September. “I would rather make sure that it can never happen rather than waiting for it to happen and reacting,” said Don Riling, company vice president. “We have had some customers who have had fraud issues in the past.”
But delays do not come solely as a result of retailer attitudes. Some small- to medium-size firms have had difficulty getting their machines inspected after installation. This is required before a new system can be used, so credit card companies can certify that the hardware was installed properly and the software works.
This has been a point of contention between credit card companies and retailers. “The card companies have tried to blame retailers, saying they installed equipment at the last minute, ” Shearman said. “The problem is that card companies didn’t give complete tech standards and details on how to install until the last minute.”
Some stores were able to complete their inspection process with help from previously assigned customer service representatives at the credit card company.
As often occurs with the implementation of new protocols, some say the standards for compliance keep changing, causing further lag time. In this case, they say the PCI Security Standards Council has shifted rules and regulations. “Hardware providers are having a hard time supplying the software providers with the updated hardware,” said Rachael Pritz, executive director of RB Control Systems, based in North Versailles, Pa.
To make its EMV devices available, RB Control Systems began beta testing last pool season in 3 percent of stores before offering it to the whole customer base. Initially, Pritz said, “We ran into speed issues and challenges with devices working with routers. We have resolved those challenges this year.”
Evosus is still in the testing stage of its EMV rollout. “We want to be cautious and make sure the process and change will be as seamless as possible,” Braks said.
One thing is for sure: EMV isn’t going away. But the technology and the way it’s used will continue to evolve, and hopefully get easier.