CHICAGO-—The card networks are reporting progress among issuers and acquirers in the U.S. transition to EMV-chip cards, but some big retailers are still lashing out against the expectation that they upgrade their point of sale hardware.
A panel, which consisted of major retailers, an acquirer and a merchant association executive, was unanimous in its criticism for the EMV mandates at the Ramp Mobile Retail Services conference here.
Visa, MasterCard, American Express and Discover Financial Services each expect most merchants to put the technology in place to handle EMV payments by October, 2015 (fuel merchants have an additional two years).
If the merchants fail to upgrade their hardware, they face an added burden for fraud liability on EMV cards.
The U.S. is late to the game in its switch to EMV, adopting the technology well after many countries have already begun using it.
Still, the card brands tout the lag as good because they can draw upon their experience in other countries to ease the transition here.
But to merchants, “EMV technology is old,” says Bill Deichler, manager of payment methods for Arkansas-based Murphy Oil Inc. “By the time we get it rolled out, a new upgrade would be coming.”
Murphy Oil has 16,000 gas pumps to convert to EMV acceptance, representing an upgrade that will cost millions of dollars, Deichler says. Even though gas-station merchants have until 2017 to convert to EMV, Deichler says Murphy Oil likely won’t make the switch.
“We handle fraud on our own, with our own police on payroll,” Deichler says.
Dee O’Malley, senior director of payment acceptance for Best Buy Co. Inc., says her company doesn’t have the luxury of opting out of EMV.
“Fraudsters like the stuff in our stores, so we have to meet these deadlines,” O’Malley says.
However, even though EMV helps combat card-present fraud, the U.S. transitiion to the technology has been wrought with problems, O’Malley says. For example, many U.S. issuers chose not to require the use of a PIN to add security to EMV-chip card payments.
“It needs to be chip-and-PIN rather than chip-and-signature, for one thing, and it also does not address the shift in fraud to card-not-present [transactions]” she adds.
Visa supports chip-and-signature as a way to help merchants to convert more quickly to EMV, but MasterCard has spoken out in favor of the added security that chip-and-PIN provides.
The Merchant Advisory Group has long stressed the points O’Malley highlighted, but group CEO Mark Horwedel mentioned a few more EMV problems when he took his turn as a panel member.
“EMV should be an open system in the U.S., not a proprietary operation of the card brands,” Horwedel says. “The MAG also is concerned that no debit-card transaction code has been established, and we also believe if we convert to EMV, the industry should get rid of the mag-stripe all together.”
To meet federal requirements for debit routing, the networks must have a common debit code for EMV.
Some factions in the industry are debating whether to insist on a single code or to work with a limited number of codes.
Bob Balogh, vice president of sales for Cincinnati-based Vantiv Inc., says a lack of awareness about EMV among smaller merchants will pose a challenge for the U.S. transition.
“There are just a lot of merchants who aren’t familiar with EMV or what to do about it,” Balogh says.
Vantiv has met all of the Visa requirements for April 1, the date by which acquirer processors were expected to have systems in place to accept EMV transactions, Balogh says.
Many merchants appear unlikely to establish full EMV adoption “until the last minute,” Balogh says. “But many are moving toward it,” he adds.
Criminals will find the weak terminals and card-not-present opportunities once EMV is established in the U.S., Balogh says. “Don’t wait until you’ll be a target,” he cautions
While many agreed that merchants have to think about how they will convert to EMV, some said ignoring the process is a legitimate option.
“Eventually, this technology will be broken [by fraudsters], and you have to ask if there is any value in going into a process like this,” says John Gapinski, president of Secured Retail Networks. “If I was a merchant, I wouldn’t do it.”
Deichler echoes that sentiment.
“I read a recent study that indicates EMV terminals can be corrupted, so it’s not a catch-all solution,” Deichler says. “We need a security standard for the whole merchant community, not just for the card networks and the financial institutions.”