Given an estimate that each year $8 billion in fraudulent card purchases are made in the U.S., one might think that retailers and the consumers who buy from them would want to take precautions.
Not so, according to research by CardHub.
In October 2015 a big deal was made about the shift in liability for card losses due to the transition to EMV, or chip-enabled credit and debit cards. The responsibility to make good on fraudulent card use then shifted to whoever in the payments chain—card issuer, financial institution, or retailer—failed to switch the software and hardware from magnetic stripe to embedded computer chipped cards.
Now, six months after that deadline, most consumers are receiving replacement cards from their banks with the new chips. Retailers, however, responsible for installing new point-of-sale devices capable of reading those chips, seem to be sorely lacking.
“The retailer response…has been shockingly muted,” according to a CardHub release detailing results of its 2016 EMV Adoption Survey. At the same time, consumers have shown a marked indifference to how the new technology might protect them.
Portrait of payments apathy?
CardHub conducted a two-part study. It polled 55 major retailers as well as 1,000 individuals, normalized by age, gender, and income to reflect U.S. demographics for income-earning adults. It claims its survey has a 3.2% margin of error.
Results, in brief, are as follows:
• 42% of retailers have not updated the terminals in any of their stores.
• 43% of retailers that have experienced data breaches in the past five years have not updated their point-of-sale terminals.
• 56% of people say they don’t care if a retailer’s payment terminal is chip-enabled.
• 44% of people say they don’t have, or don’t know if they have, a smart-chip credit card.
• 62% of people don’t understand the difference between major card security standards.
• 44% of people who checked their credit report recently understand that chip cards offer better security than magnetic-stripe cards.
No anti-bank backlash
What’s noteworthy for bankers in this survey is the apparent lack of urgency regarding secured payments among both retailers and consumers. Banks shouldn’t feel too complacent, but the CardHub researchers don’t see much immediate negative reactions that their customers might have about their banks.
“Our research does not support a consumer backlash theory,” Jill Gonzalez, CardHub analyst involved in the survey, tells Banking Exchange. “We actually found that 56% of consumers don’t care if a retailer’s payment terminal is chip-enabled, and another 40% don’t think it’s a deciding factor. Since the majority of chip-enabled cards were shipped to consumers without a formal request process, it seems they’re indifferent about not only receiving the new cards, but using them as well.”
Much has also been said about the need to educate retailers and consumers about the improved security aspects of chip cards.
“Many banks have already gone to great lengths to educate their customers on how to use EMV cards via in-store signage, updated billing documents, and/or updated websites,” says Gonzalez. “The real missed opportunity here is explaining why they should use them—the benefits of this new technology and the decreased security risks that come with it. We found that 62% of consumers don’t understand that chip cards better protect against fraud than magnetic-stripe cards.”
Confirmation found in separate research
CardHub’s survey roughly correlates with a separate survey, by The Strawhecker Group, released in mid-February. It estimated at that time about 37% of U.S. merchant locations were EMV-ready.
However, prior to that, Strawhecker, a management consulting company, had predicted that more than 40% of merchants would have transitioned by that time, indicating a slower pace of implementation than expected.
“It appeared that some merchants delayed EMV migration completely until the holiday season ended to prevent friction and confusion at the checkout line,” says Jared Drieling, business intelligence manager at Strawhecker.
That may cost them. The group says, “Merchants need to understand the consequences of delaying EMV migration now that they will face the fraud liability risk.”
This group predicts that by June 2016, consumers will be able to use their chip cards at 50% of U.S. merchant locations. EMV readiness, it says, is not expected to reach a threshold of at least 90% of merchant locations until 2017.
Some big players went all-in, some all-out
CardHub tallied the compliance percentage of many major retailers as of March 2016. Those it found 100% compliant—meaning stores equipped with updated point-of-sale terminals—include these: Walmart, Target, Home Depot, Walgreens, CVS, BestBuy, Macy’s, Rite Aid, HEB, Kohl’s, Dollar General, Gap, Nordstrom, Menard’s, Trader Joe’s, and Michael’s.
Some major retailers CardHub lists as having 0% compliance include these: Publix, Ahold USA, TJX, Albertsons, Food Lion, Pizza Hut, Shoprite, BJ’s Wholesale Club [which has a chapter of its own in payments fraud annals], Whole Foods Market, J.C. Penney, 7-Eleven, Bed Bath and Beyond, Aldi, Ace Hardware, Family Dollar, Wendy’s, Staples, Burger King, BeBe, and Nieman Marcus.
According to the EMV Migration Forum, as of the end of 2015, about 400 million EMV cards have been issued in the U.S., with about 675,000 merchant locations accepting EMV chip transactions.
How it’s playing in DC
In a March 15 letter to all members of Congress, the American Bankers Association's James Ballentine, executive vice-president for congressional relations and political affairs, emphasized that “the United States is already the largest chip card market in the world, with saturation expected to reach 98% by the end of 2017.”
However, he said, “Retailers are lagging behind, choosing not to turn on their chip readers, or even turning them off.
“Chip technology is the key security feature, whether the consumer signs for a purchase or enters a PIN. Retailers need to tell criminals that their tills are closed by turning on their chip card readers now.”
- Why ‘Explainable AI’ is the Next Frontier in Financial Crime Fighting
- TD Bank Survey: Fraud Top of Mind, But Financial Institutions Lack Training
- How to Protect Sensitive Financial Data from Ransomware with Next-Gen Cloud Infrastructure
- Hack Attempts: BSA Officers Are Not immune
- The Biggest Myths About Young People and Money