Retailers were given a deadline of Oct. 1, 2015 to adopt chip and pin technology to process credit-card transactions, or shoulder fraud liability previously taken on by the banks. Yet many retailers are still without operational Europay, MasterCard, and Visa (EMV) chip and pin machines.
A variety of reasons explain the delay, from hardware and software issues to a lack of urgency on the part of retailers. But some stores did get systems operational before the deadline.
The push for EMV systems in the U.S. is a response to increasing concerns about consumer data security, particularly after large-scale breaches of retailers such as Target and Home Depot, which left banks seeking a way to reduce their liability.
Merchants without operational EMV systems will bear the liability any time a counterfeit card is swiped at a store. But many believe the risk is low because they haven’t experienced fraud.
In the pool and spa business, many retailers have a level of familiarity with their customers. Some feel confident their risk of experiencing fraud is low. “... We know the people who are buying from us,” said Dan Lenz, vice president of All Seasons Pools & Spas in Orlando Park, Ill. “The potential of them using stolen information is pretty low. ”
At least one of the industry’s business-software producers agrees. Christina Braks, vice president of Vancouver, Wash.-based Evosus Inc., said none of its customers have experienced this type of fraud in the past year, based on a survey by Openedge.
Motivation to switch may depend, in part, on the products a retailer sells. “To the extent that a merchant sells high-ticket items, they have greater exposure and higher incentive to get set up with EMV,” said J. Craig Shearman, vice president of government affairs and public relations at the National Retail Federation.
Delays do not come solely as a result of retailer attitudes, and they aren’t limited to one or two industries. Some small- to medium-size firms have had difficulty getting their machines inspected after installation. Inspection is required before a new system can be used, so credit card companies can certify that the hardware was installed properly and the software works.
This has been a point of contention between credit card companies and retailers. “The card companies have tried to blame retailers, saying they installed equipment at the last minute, ” Shearman said. “The problem is that card companies didn’t give complete tech standards and details on how to install until the last minute.”
Larger stores, such as Wal-Mart and Target were able to comply earlier. Some smaller stores were able to complete their inspection process with help from previously assigned customer service representatives at the credit card company.
As often occurs with the implementation of new protocols, some say the standards for compliance keep changing, causing further lag time. In this case, they say the PCI Security Standards Council has shifted rules and regulations. “Hardware providers are having a hard time supplying the software providers with the updated hardware,” said Rachael Pritz, executive director of RB Control Systems, based in North Versailles, Pa.
To make its EMV devices available, RB Control Systems began beta testing last pool season in 3 percent of stores before offering it to the whole customer base. Initially, Pritz said, “We ran into speed issues and challenges with devices working with routers. We have resolved those challenges this year.”
Evosus is still in the testing stage of its EMV rollout. “We want to be cautious and make sure the process and change will be as seamless as possible,” Braks said.
One thing is for sure: EMV isn’t going away. But the technology and the way it’s used will continue to evolve, and hopefully get easier.