Sixty-six percent of IT decision makers, including C-suite executives, believe that the chip-and-signature form of EMV does not offer credit card holders sufficient security, and that chip-and-PIN should be required, according to a new survey on EMV readiness from Randstad Technologies.
Fifty-eight percent of 84 IT decision makers, who represent a cross-section of affected industries, are actively preparing for the EMV technology transition. At the same time, 42% have either taken no steps or are unaware of any progress being made. A majority of respondents indicated little concern for the magnitude of risk associated with missing the liability shift deadline, with 58% stating it will have limited or no impact on their company's bottom line.
The deadline in question is Oct. 1, when, under Visa and MasterCard rules, most U.S. businesses, including banks, must transition to EMV-capable technologies or become newly liable for any costs incurred from fraud using old magnetic stripe technologies.
The survey also queried respondents about the two distinct types of EMV (chip card) implementation: chip-and-signature, and chip-and-PIN. Sixty-six percent of respondents believe that chip-and-signature does not offer credit card holders sufficient security, and that chip-and-PIN should be required.
"I'm surprised there's such a disconnect between companies' seriousness about the EMV transition and their actions to make it happen," says Dick Mitchell, Randstad Technologies Solutions director. "I'm even more surprised that there is anyone—let alone 28% of respondents—who believe chip-and-signature is more secure than the technically superior chip-and-PIN."
Little pressure from consumers
The survey also found that 55% of respondents think the Oct. 1 liability shift deadline should be delayed. Both lack of time and access to technical deployment expertise were cited as the biggest obstacles to meeting the deadline.
"Because fraud liability has traditionally fallen to credit card companies and banks, consumers have never borne the brunt, and thus aren't demanding more secure payment technology," Mitchell says. "While businesses understand the importance of more secure payment technology, without this push from consumers, many merchants aren't feeling the pressure to get all their affairs in order to meet the October deadline."
Randstad Technologies surveyed 84 IT decision makers within large-scale (those with 100 or more sites) national businesses to gauge their readiness for the EMV liability shift deadline. Respondents included C-level and director-level staff within top industries affected by the deadline, including retail, hospitality, restaurants, financial services, and others. The survey was conducted from May 13, through June 19.