With the Oct. 1, 2015 EMV deadline looming, U.S. retailers of all sizes are scrambling to update their payment processing systems. However, the retailers that don’t have the resources to make the required change are left liable for any future data breaches.
IHL Group released a report, titled: EMV: Retail’s “$35 Billion Money Pit,” indicating that retailers will have difficulty handling the financial consequences of the mandated shift to EMV-enabled cards and systems.
The industry-wide cost of the shift is expected to reach $35 billion, which is based on estimates established by the National Retail Federation and the National Association of Convenience Stores. The total was equated based on several factors, including: The cost of new equipment, new software for POS and payment devices, certification, installation, training, and 1.2 billion new chip cards distributed in the U.S. However, the number does not take labor costs and customer service disruptions into account.
“EMV only resolves one piece of security, and it’s the least concerning piece,” said Greg Buzek, President of IHL Group. “The biggest concern for retailers is a data breach, and EMV doesn’t really help in any way regarding a data breach. EMV also does nothing to help keep online transactions secure. Retailers that are not putting additional security measures into place to protect their online transactions are going to find themselves in situations where a certain amount of card fraud at the store level will increase greatly online.”
As an example of how the mandate will impact large retailers, the average ROI to implement EMV at a specialty store with $1 billion in revenue is expected to be -77% over three years, according to the report. Buzek attributes the negative ROI to both the costs to implement EMV as well as the impact on transaction speed in checkout lanes.
The report indicated that the typical EMV transaction will take five to eight seconds longer than the average transaction. The new transaction also would take 1.3 seconds longer for card processing, according to POS vendors, and also take an extra four to 6.5 seconds longer for customers to retrieve their cards, put them away and complete their transactions.
“The card has to stay in the terminal for the entire transaction, so not only are people going to be losing cards by not taking them at the end of the transaction, we’re going to see delays as a result of this process,” Buzek explained. Longer checkout times will have a significant impact on retailers during high-traffic periods such as the holiday season.
The shift to EMV-enabled cards and payment systems would mimic the move European, Asian and Canadian credit card issuers and banks have made over the last decade. While the EMV cards used globally are known as “Chip and PIN” cards that require a PIN number upon use, U.S. payment processors and card issuers will instead distribute Chip and Signature cards.
“When EMV was put into place throughout Europe in 2003 and 2004, it actually made sense because fraudulent cards were the main issue we were dealing with in that point in time,” Buzek said in an interview with Retail TouchPoints. “Online fraud, online hacks and the breaches at Target, Home Depot and other retailers were not happening back then en masse like they have been here. Now, the real risk has switched to massive card breaches. We’re advocating that rather than worrying about EMV. Retailers should have the end-to-end encryption and tokenization in place, so that card number will never be on their network. You never store it, so it can’t be breached.”