For the first time, retailers are facing sizable costs for counterfeit transactions but still not taking measures to mitigate their own risk, raising the question – after six months, how effective is EMV in the U.S.?
Target, Home Depot, Wal-Mart and some other large merchants are now processing chip transactions, but there are still plenty of large and SMB retailers that haven’t installed the new equipment.
Despite such a lofty increase in financial liability, many small businesses are unaware of the consequences of not updating their payments systems.
A local restauranteur I spoke with recently about EMV said he had no idea it was an issue and that the restaurant had not been contacted to upgrade their POS systems and related software. I’ve spent years talking to another local vendor, a flower shop, about not storing credit cards on his unsecured public-facing servers, but he’s elected not to upgrade because he says: “we haven’t been hacked yet.”
It seems the response to EMV has been lackluster on both sides: 88% of retailers are still unable to process chip cards, according to a survey released last month by Boston Retail Partners, and consumers don’t seem to notice or care.
We’ve all had firsthand experience with this, bearing witness to point of sale terminals with tape over their chip readers, accompanied by cardboard signs that read “do not use chip card.” Why, when the EMV liability shift has been in place since October 1, 2015, are we still swiping?
The biggest inceptive for EMV adoption is that retailers who haven’t made the transition to chip cards are now liable for counterfeit transactions that used to be covered by banks. The costs of the fraud, known in the industry as “chargebacks,” are beginning to stack up and have even more potential to grow.
Chargebacks among small and medium-size merchants rose 15% in the fourth quarter from a year earlier, according to a recent survey by The Strawhecker Group. Other experts claim the total loss due to chargebacks is probably in the tens-of-millions of dollars, and will likely continue to rise.
Cameron Camp is a security researcher at ESET.