Retail EMV Adoption: Eyes Wide Open March 01, 2014 Resource Type News Articles Categories: C-store Retail Petroleum Managed Networks Networking HughesON Managed Network Download news article The U.S. banking industry has a sense of inevitability concerning adoption of the EMV (Europay MasterCard Visa) smartcard standard. And the threat of industry-imposed deadlines combined with the steady drip of recent high-profile security breaches at stores like Target and Neiman Marcus only help to strengthen that mindset. But the fact is that EMV adoption remains in a holding pattern with U.S. retailers. While it may well be inevitable, the future is both uncertain and threatening for retailers. Banking executives—who have been well indoctrinated by the EMV talking points of Visa, MasterCard and American Express—would be wise to consider the issue from the retailers’ perspective. Indeed, it would better prepare everyone for what promises to be an expensive and disruptive transition to digital chip-and-pin cards in the U.S. market. In a nutshell, U.S. retailers are feeling abused and confused. While they are being offered both a carrot and stick from credit card providers to upgrade their payment infrastructure to EMV-enabled cards, the carrot is puny and the stick feels more like a club. The good news is that retailers who conduct over 75 percent of their transactions with EMV-enabled terminals will not have to submit their annual PCI (payment card industry) audit reports to the payment brands, saving them money on PCI compliance costs. However, the downside is that retailers still bear the burden of PCI compliance. In the event of a breach, retailers who are non-PCI compliant will not be protected by “Safe Harbor” provisions and will be held fully responsible for the fines associated with non-PCI compliance. So while cost of preparing annual reports may represent some savings, even EMV-enabled retailers will still incur all of the costs associated with insuring full PCI compliance. Card issuers say the smart chip standard will reduce retailers’ fraud exposure while increasing security. Yet, the current plan for EMV implementation in the US is lacking a critical security element— the PIN code. The U.S. implementation will be based on chip-and-signature. A signature doesn’t offer any meaningful protection. Fraudulent transactions are not rejected based on signature mismatches. The fact is, card issuers and retailers experience fraud differently. While the difficulty in replicating the chip in an EMV card provides some protection for card issuers during POS transactions, the U.S. implementation of EMV does nothing to protect retailers from fraud associated with card-not-present (CNP) transactions. Consider that in 2012 there was $11.27B of credit and debit card fraud (Nilson Report, Aug 2012), of which card issuers experienced 63 percent of the losses primarily at the POS. Retailers on the other hand experienced a whopping 37 percent of the losses in card-not-present (CNP) transactions (e.g. Web, phone, mail order). To make matters worse, failure to comply with the card issuers mandate by the October 2015 deadline will shift the fraud liability for POS transactions from card issuers to non-EMV compliant retailers. From the retailers’ perspective, it is a lose-lose situation. Retailers will either make enormous investments in a solution that doesn’t provide CNP/PIN protection, or they will suffer the associated liability of fraudulent credit card transactions. It’s going to cost them one way or another. How EMV impacts brand reputation with consumers is another issue retailers are trying to figure out. To be frank, consumers don’t care about EMV. The current card system is convenient and easy to use. In their minds, retailers, card issuers, and the rest of the “system” exist just to fulfill their responsibility to protect themselves and consumers from hostile attackers. Even as we learn that the personal information of an estimated 110 million consumers was stolen in the recent Target breach, there hasn’t been widespread consumer revolt…..yet. But consumer opinions might change as these high profile breaches become regular occurrences. Consumer attitudes could also shift dramatically as some retailers slowly move to EMV systems. Suddenly, consumers may favor EMV cards—and the stores that support them—over those that don’t because of the perceived security benefit. Tech savvy millennials, for example, who came of age in the digital world may naturally gravitate toward EMV-enabled retailers. Ironically, future technological uncertainty is also one of those factors holding retailers back. While a chip represents an improvement over a mag stripe, at the end of the day a chip is just a “dumb computer.” Today’s smartphones provide a far superior potential platform for implementing much-needed end-to-end security, capable of evolving ahead of future threats. And for the next generation of consumers, their personalized mobile devices are no less important than their wallets. During his Senate testimony, Mallory Duncan, National Retail Federation SVP and General Counsel, effectively described EMV as “spending billions to combine a 1990’s technology (chips) with a 1960’s relic (signature) in the face of 21st century threats.” Regardless of what one may believe about EMV, retail as an industry is in desperate need of a solution for credit and debit card fraud. In the wake of the Target breach, J.P. Morgan and Chase did the unthinkable – they imposed spending limits on consumers in the middle of the holiday shopping season. Evidently credit and debit card fraud is now more painful than the lost sales caused by interfering with a consumer’s desire to buy. The bottom line is U.S. retailers, credit card issuers, banks, and everyone else with a stake in the future of credit card payment systems clearly need a comprehensive solution to reduce card fraud and increase security in the U.S. market. But to retailers, the current proposed implementation of EMV represents an extremely expensive investment for a solution that does not address basic problems (e.g. CNP transactions) and is lacking critical elements of fraud protection (e.g. PIN). Instead of threatening retailers through forced adoption of an inadequate solution, the U.S. should consider alternative approaches that not only meet current needs of all parties involved— but most importantly protect consumers from evolving future threats. Related Resources Brochures Don’t Let Your Network Slow Down Your Business! November 30, 2020 Case Studies C-Store Franchise Strengthens Customer Payment Protection with Hughes PCI Compliance Suite November 17, 2020 QDOBA’s Transformation Anchored in Stable Network March 20, 2020 Global Brand Deploys Pan European Managed Network Solution February 05, 2019 A Leading Retail Petroleum Franchisee Enjoys Faster Network via HughesON ActiveTechnologies July 10, 2018 M&T Bank Case Study April 10, 2017 VoIP Adoption Leads to Free PCI Upgrades for Major Quick Service Restaurant March 17, 2017 Videos Restaurant POS and Security Upgrade April 24, 2020 2:32 Whatever IT Takes for the Holidays April 24, 2020 4:01 Environmental Disaster Averted April 24, 2020 3:14 Hurricane Crisis Response Actions April 24, 2020 2:50 Video: HughesON Secures Every Aspect of Payment and Network Chains in Retail Petroleum February 13, 2019 3:39 Location Analytics December 10, 2018 1:01 Do It All With HughesON Managed Services September 20, 2018 News Articles 2019 U.S. Carrier Managed SD-WAN LEADERBOARD April 22, 2020 2018 U.S. Carrier Managed SD-WAN LEADERBOARD May 22, 2019 Hughes Launches Fully Managed SD-WAN Solution for Distributed Organizations April 09, 2017 4 Items That Omnichannel Forgot April 10, 2014 Solution Sheets Hughes Fixed Wireless by 2pifi April 17, 2020 HT2000L Multi Path Terminal Solution Sheet August 27, 2018 HughesON™ Managed Security Services August 21, 2018 Hughes HR4700 Branch Gateway May 30, 2018 HR4860 Secure SD-WAN Gateway May 18, 2018 HughesON MPLS Broadband Journey December 28, 2017 Hughes Managed Services December 28, 2017 Infographics Why Hughes as a Managed Service Provider April 10, 2020 HughesON Managed Services October 31, 2019 How To Secure Your C-Store's Network September 05, 2019 Redefining Convenience September 05, 2019 Redefining Convenience: EMV and Mobile Pay at the Pump February 14, 2019 Digitally Empowered Stores Stretch Data Networks to the Breaking Point November 01, 2018 RIS News Location Analytics Infographic July 30, 2018 MPLS to Managed SD-WAN Journey January 24, 2018 Managed SD-WAN November 15, 2016 eBooks State of the Brick and Mortar Stores March 25, 2020 Major Changes Coming to Your Network? February 25, 2020 Retailers, Are You Addicted to Bandwidth? November 14, 2019 Report Redefining Convenience: Mandates, Market Forces, and Digital Transformation April 11, 2019 Hughes Networks SD-WAN Managed Service Ticks All the Right Boxes February 05, 2019 White Papers Getting Stakeholders on the Same Page, Part I March 15, 2019 Getting Stakeholders on the Same Page, Part II March 15, 2019 Managed SD-WAN: Delivers a Better Experience for Highly Distributed Organizations November 15, 2016 HughesON ActiveTechnologies August 02, 2016 HughesON Network Solutions with Hughes ActiveTechnologies February 18, 2014 Data Sheets HT2000L Multi Path Terminal Datasheet August 27, 2018 Fortigate 30E April 17, 2017