If your credit card issuer has already sent you a new card featuring a metallic square on its face, congrats. You’re ready for the national shift to a data-encryption card technology known as EMV. In fact, you may be more prepared than the majority of U.S. retailers.
EMV — short for Europay, MasterCard and Visa — is a card technology that uses embedded computer chips to create a unique, encrypted identifier for each point-of-sale transaction. The identifier is impossible to duplicate, making it harder for fraudsters to counterfeit cards and steal your personal and financial data.
EMV has been a standard around the world for years, but the U.S. has been slow to pick it up — until now. The recent boom of large-scale data breaches and rising fraud rates has jump-started the migration to EMV technology as the industry tries to better protect consumers and reduce fraud costs.
In fact, retailers have until October 1, 2015, to make the full transition to EMV acceptance. After that date credit card issuers will no longer be liable for cardholder losses from data breaches at merchants who haven’t upgraded their payment systems to accommodate the new EMV-chip cards. The responsibility for cardholder losses due to data theft will then become the burden of the merchant who has not upgraded.
Estimations of the U.S. payment industry’s progress towards EMV compliance vary slightly. Financial research firm Aite Group estimates approximately 70 percent of credit cards will be converted by the end of 2015 while Mercator Advisory Group has set an estimate at 58 percent of cards. Either way, the odds that you will be holding at least one EMV credit card by the end of next year are pretty good.
But the odds that your favorite retailers will be able to appropriately process those new cards by the deadline are not nearly as good.
Mercator Advisory Group estimates that only 26 percent of merchants’ point-of-sale systems will be EMV-ready by the end of 2015, which could mean major expenses for them if they are hit by a data breach after the liability shift goes into effect. Plus, the longer it takes merchants to make the switch, the longer consumers will be missing out on the increased data security EMV card technology provides. EMV cards in the U.S. will still come with mag stripes to help ease the transition, but if they are swiped as a magnetic stripe card, the collected payment data won’t be encrypted and will be as vulnerable to data breaches and counterfeiting as it is now.
So if the switch to this technology is so crucial, why aren’t merchants keeping pace with card issuers?
In short, the switch to EMV technology isn’t cheap or easy.
The cost of implementing EMV — new cards, ATM readers and POS devices — will total approximately $8.65 billion, according to Javelin Strategy and Research. About 15 million retail POS terminals need upgrading and with each device upgrade costing around $500, the hit to retailers will quickly add up.
Merchants also need to make sure their payment processing software is capable of accepting and safely processing EMV card data, which is a big behind-the-scenes change since mag stripe technology was implemented in the 1950s. For some this could mean not only buying new software, but also training and/or hiring new employees.
While it may be easy to question merchant heel-dragging and blame them for data insecurity — especially in the aftermath of recent data breaches — the U.S. switch to EMV payment technology is a big deal and not something that can happen overnight, no matter how badly we may need or want it.
In addition to the millions of POS terminals that need upgrading, approximately 360,000 ATMs and 1.13 billion credit and debit cards need to become EMV-compliant. It’s an entire infrastructure change.
So while the country’s move to EMV technology is something to look forward to, keep in mind that the transition will take time. The shiny new card in your wallet will work to its fullest capacity…eventually.
Until then, continue to use your mag stripe cards with caution and report any suspected fraud to your card issuer immediately.