A new survey conducted by Vision Critical on behalf of TD Bank has found that significant obstacles, and some misconceptions, still stand in the way a full month after the October 1 deadline for the liability shift imposed by the EMV consortium (Europay, MasterCard, Visa) on North American retailers and their point-of-sale (POS) payment processing terminals.
In part, the EMV liability shift has been introduced to bring chip-and-pin cards, already widely used in Europe, to North America where they will replace the famously leaky and insecure magnetic stripe cards, which have been in use for about 40 years now.
Mainly, however, the liability shift’s actual goal is to get credit card companies like Europay, MasterCard and Visa off the hook for fraudulent transactions, which up until now they have simply eaten as a cost of doing business.
It is, literally, a shift in liability from the credit card companies to individual retailers who, after October 1, are liable for any fraudulent transactions made using their payment processing terminals.
This liability shift has been in effect in Europe since January 1, 2005.
“Businesses of all sizes need to think about the potential long-term effects of not installing the more secure EMV system,” said TD Bank’s Head of U.S. Bankcard and Merchant Services Julie Pukas. “One fraudulent transaction could be costly, and implementing EMV payment technology acts like an insurance policy for businesses if they have this unfortunate experience.”
According to the survey, 58% of merchants reported that the cost of adopting the new technology had put them off upgrading their point-of-sale terminals.
Merchants in the survey reported anecdotally that they were looking at a cost of over $1,000 to upgrade each terminal, when in fact the actual cost reported by merchants who have upgraded was on average approximately $450 each.
“Small businesses carefully balance income and expenses as a best practice, and a conversation with their banker or merchant services provider can help determine the true costs associated with converting,” said Pukas. “Small merchants that make few transactions may need only one EMV terminal, making the switch to the compliant technology less likely to be a strain on their business’ budget.”
But as Pukas points out, the cost of a single fraudulent transaction on a retailer’s point-of-sale terminal could easily dwarf the cost of installing the new technology.
But it’s unclear whether merchants are even aware that a “liability shift” means that they are now on the hook for a cost that has normally been absorbed by credit card companies.
It’s estimated that fraudulent transactions surpass $8.6 billion per year in the U.S., with that figure projected to climb to $10 billion and perhaps higher if the old magnetic stripe technology isn’t phased out.
What retailers don’t seem to realize is that they, not the credit card companies, will be liable for absorbing that cost if they don’t meet the new requirements.
If the numbers are as bad around merchant adoption of the new technology as this new survey suggests, then the lack of mass uptake by merchants represents a fairly serious failure by the credit card companies and their representative organizations to educate merchants about the consequences of not taking action or reacting to the deadline.
Ten per cent of respondents said they had no plans to upgrade to the new technology, while 9% were unaware of the liability shift.
Another survey, conducted in September, showed that just 27% of merchants in the U.S. would be compliant by the deadline.
There are misconceptions, too, around security and fraud regarding chip-and-pin technology, with 73% of small business owners reporting that they are “not very/not at all concerned” about fraudulent transactions taking place on their machines.
Of merchants who haven’t upgraded yet, 13% offer lack of concern about security as their main reason for not doing so.
Meanwhile, 70% of merchants who have made the change report security and fraud protection as the #1 benefit of the new technology.
Vision Critical conducted a survey of 501 small business owners who use a credit or debit card POS terminal for processing payments between October 1 and October 7, the week after the EMV liability shift came into effect.