Though most merchants will be liable for fraud if they do not upgrade to EMV-chip card terminals by the start of October, many do not see themselves affected by fraud on the same scale as the major retailers that have suffered massive data breaches.
While the Target breach of 2013 "made a lot of noise" in the industry, small businesses have to realize that the card numbers stolen in a major breach become counterfeit cards that will be used at their businesses, said Michael Moeser, director of payments for Javelin Strategy and Research.
"All of the media attention is on the large breaches, but no one talks about what happens to the bakery down the street, but that's where the fraudsters will go, to the point of least resistance," Moeser added.
As of October 2014, only 22% of small and micro businesses were prepared to accept EMV chip-card transactions. Of the remainder, only 36% planned to implement the technology within the next year to meet the card networks' October 2015 deadline.
This leaves "a large base uncovered" when the Oct. 1 liability shift takes hold, moving the cost of fraud chargebacks to the party unable to handle chip cards. For those businesses, reality will set in when they start seeing fraudulent transactions on their statements in November, Moeser said.
Cost remains the biggest obstacle for 30% of small businesses, while 14% stated new hardware requirements were a key issue, according to Javelin's latest research on small business EMV readiness.
Javelin conducted an online survey of 250 businesses between October 2013 and October 2014, targeting half at between the $100,000 to $1 million mark in sales, and half at between $1 million to $10 million in annual sales.
"When we go out and do the research and find that only one of three merchants understands what EMV is, that says there is a knowledge gap," Moeser said.
Half of the small businesses in 2013 reported having no knowledge of the EMV shift and that number decreased only 6% in 2014, the study said.
Globally, EMV-chip cards have become the standard for eliminating counterfeit fraud at the point of sale.
Though 56% of small businesses claim to know about payment security issues, only 40% say they are knowledgeable about the Payment Card Industry data security standards. In addition, many small business owners are trying to grasp how the various mobile wallet offerings may affect their businesses.
"Merchants are basically asking what they are going to get for this EMV upgrade," Moeser said. Most are interested in a "two-fer," getting EMV and maybe Apple Pay acceptance at the same time, he added.
Indeed, 45% of merchants in the study indicated they would update their current point of sale terminals if the new system would enable Apple Pay or Android Pay.
Rather than wait to upgrade to EMV only if they can land a special deal, merchants should become more aware of what is at stake with counterfeit fraud, Moeser said.
"It speaks to a lack of understanding or knowledge they have in terms of the fraud," Moeser added. "They are not understanding that if I walk in [with a counterfeit card] and they can't take the chip card, they would bear the fraud."
Though EMV cards have a magnetic stripe on them to keep them compatible with older technology, EMV terminals are programmed to decline a swiped magnetic stripe transaction from a card issued with an EMV chip.
Many in the industry have acknowledged that acquirers have to take on more of a consultant role in the final weeks to the liability shift date.
"If the small business takes on a $100 fraud charge, all it takes is about four more cards like that, and you have replaced the cost of an EMV terminal [in fraud damages]," Moeser added.