AUSTIN, Texas (10/7/14)--The deadline for merchants to upgrade their payment systems with chip-card technology-enabled equipment is a year off. But even with 12 more months of lead time, there's a growing concern that many retailers still won't be ready when Oct. 1, 2015, arrives.
Part of the holdup might be that retailers are underestimating the time and expense it will take for them to make the upgrades, which could include both hardware and software modifications (CreditCards.com Sept. 30).
Chuck Winter, an information technology specialist at global consulting firm North Highland, told the Austin, Texas-based CreditCards.com that there's been a lack of focus from merchants on making the upgrades and that, because merchants in general aren't seeing the cards coming into their stores, there's a reluctance to install the new technology.
The Credit Union National Association maintains that while technologies such as EMV and tokenization may help begin to curb the growing problem of data security, ultimately, these technologies alone are inadequate to address the exploding problem of breaches of consumer financial information through retailers' systems.
CUNA strongly argues that if the U.S. Congress wants to stanch the data flow, it must impose on merchants the same magnitude of strict regulations on payment data protection that financial institutions must meet, especially because the majority of breaches occur at retailers' stores.
"EMV, tokenization and other technologies are critical to the innovation of the payments system; however, the key role for Congress to play in addressing the issue of merchant data breaches is to make sure all of the participants are playing by the same set of rules, and that merchants that permit breaches to occur are responsible for the costs incurred by others," CUNA wrote in a letter to the House Financial Institutions subcommittee on financial institutions and consumer credit in March.
Meanwhile, there seems to be a question about whether this basic first step will even be taken by some merchants.
Despite its prevalence in foreign markets such as Europe, where more than 80% of cards contain EMV chips and more than 95% of card readers are equipped with the technology, widespread implementation of EMV in the United States still appears a long way off (CreditCards.com).
Further, even if there's a rush to make the upgrades to payment systems in the months leading up to the 2015 deadline, which, according to Winters, could certainly occur, it's possible the companies that produce the technology will not be able to keep up with the demand, forcing further delays in implementation.
It also seems many small businesses have not yet bought into the changes, in part because they aren't sure of the demand for the use of the technology, the credit card website said.
Shannelle Armstrong-Fowler, owner and chief stylist at plus-size bridal boutique Haute & Co. in Chicago, told Creditcards.com that it's important for her to understand the cost implications before making the upgrades. However, unless and until retailers upgrade their systems with the EMV technology by next year's deadline, they will be liable for any counterfeit fraud that takes place at their stores if an EMV card is presented.
Small businesses also may hesitate to make the upgrades because they don't yet feel it's necessary.
Big-box stores such as Wal-Mart and Target may already have equipped their checkout terminals with EMV technology, which will continue to serve mag-stripe-only cards, but the smaller operations that have not historically had issues with fraud may not believe it's worth the cost.
Those smaller companies may soon find themselves in a fraudster's crosshairs, however, especially if the larger companies bolster their security systems with updated equipment.