The card networks are reporting strong progress among issuers and acquirers in the U.S. migration to EMV-chip cards, but many retailers are still lashing out against the expectation that they upgrade their point of sale hardware.
A panel consisting of major retailers, a processor acquirer and a merchant association executive was unanimous in its criticism for the EMV mandates at the annual Ramp Mobile Retail Services conference in Chicago on April 16.
Visa, MasterCard, American Express and Discover Financial Services each expect most merchants to have the technology in place to handle EMV payments by October, 2015 (fuel merchants have an additional two years). If the merchants fail to upgrade their hardware, they face an added burden for fraud liability on EMV cards.
The U.S. is late to the game in its switch to EMV, and the card brands have said this is a good thing, since they can draw upon their experience in other countries to ease the transition here.
But to merchants, "EMV technology is old," says Bill Deichler, manager of payment methods for Arkansas-based Murphy Oil Inc. "By the time we get it rolled out, a new upgrade would be coming."
Murphy Oil has 16,000 gas pumps to convert to EMV acceptance, representing an upgrade that will cost millions of dollars, Deichler says. Even though gas-station merchants have until 2017 to convert to EMV, Deichler says Murphy Oil likely won't make the switch.
"We handle fraud on our own, with our own police on payroll," Deichler says.
Dee O'Malley, senior director of payment acceptance for Best Buy Co. Inc., says her company doesn't have that luxury.
"Fraudsters like the stuff in our stores, so we have to meet these deadlines," O'Malley says.
However, even though EMV helps combat card-present fraud, the U.S. migration is wrought with problems, O'Malley says. For example, many U.S. issuers chose not to require the use of a PIN to add security to EMV-chip card payments.
"It needs to be chip-and-PIN rather than chip-and-signature, for one thing, and it also does not address the shift in fraud to card-not-present [transactions]" she adds.
Visa supports chip-and-signature as a way to allow merchants to more quickly convert to EMV, whereas MasterCard has spoken in favor of the added security that chip-and-PIN provides.
The Merchant Advisory Group has long stressed the points O'Malley highlighted, but group CEO Mark Horwedel mentioned a few more EMV problems as a panel member.
"EMV should be an open system in the U.S., not a proprietary operation of the card brands," Horwedel says. "The MAG also is concerned that no debit-card transaction code has been established, and we also believe if we convert to EMV, the industry should get rid of the mag-stripe all together."
To meet federal requirements for debit routing, the networks must have a common debit code for EMV. Some within the industry are debating whether to insist on a single code or to work with a limited number of codes.
Bob Balogh, vice president of sales for Cincinnati-based Vantiv Inc., says a lack of awareness about EMV among smaller merchants will pose a challenge for the U.S. migration.
"There are just a lot of merchants who aren't familiar with EMV or what to do about it," Balogh says.
Vantiv has met all of the Visa requirements for April 1, the date by which acquirer processors were expected to have systems in place to accept EMV transactions, Balogh says.
Many merchants are not likely to establish full EMV adoption "until the last minute," Balogh says. "But many are moving toward it," he adds.
Criminals will find the weak terminals and card-not-present opportunities once EMV is established in the U.S., Balogh says. "Don't wait until you'll be a target."
While many agreed that merchants have to think about how they will convert to EMV, some said ignoring the process is a legitimate option.
"Eventually, this technology will be broken [by fraudsters], and you have to ask if there is any value in going into a process like this," says John Gapinski, president of Secured Retail Networks. "If I was a merchant, I wouldn't do it."
Deichler echoes that sentiment.
"I read a recent study that indicates EMV terminals can be corrupted, so it's not a catch-all solution," Deichler says. "We need a security standard for the whole merchant community, not just for the card networks and the financial institutions."