Skip to main content

IHL: EMV costly, time consuming, out of date for most retailers


Franklin, Tenn. -- Most retailers will never recoup the expense that EMV imposes, according to research from IHL Group, and the study says there is a much better approach to protecting retailers and consumers.

The date October 1, 2015 looms as a deadline for U.S. retailers to conform to the new EMV card payment mandate being pushed by the credit card brands. If retailers are not compliant by that date, then liability for fraudulent card transactions shifts from the banks to the retailers.

“The single biggest problem with the EMV mandate is that it is focused on trying to solve last century’s problem and completely ignores the reality that retailers are facing today,” said Greg Buzek, president, IHL Group. “Twelve years ago when EMV was introduced into Europe it made tremendous sense. Today, it stands in the way of real data security by stealing critical budget away from focusing on the risks that retailers face from online hackers.”

According to IHL research, unless the merchant is on the front lines of fraudulent card transactions today (electronics, fuel, mass merchants or companies that sell gift cards for these retailers), the risk of fraudulent cards at the lane is extremely small compared to the other loss prevention and data security issues that retailers face.

Further, as seen in EMV implementations in Europe and Canada, over time the fraud simply moves online.

According to IHL, the risk of breach of customer data, retailers real concern, is almost entirely mitigated via end-to-end encryption and tokenization of the transactions. Basically, if the card data is never on the retailer’s network in any usable manner to hackers, it cannot be exploited. It allows for retailers to lock the doors to the entire house rather than just the front door like EMV and leaving the others open.

“Retailers who simply focus on EMV at checkout without focusing on end-to-end encryption and tokenization in all of their sales channels are actually opening up a significant security hole,” added Buzek. “Those retailers who do not put in extra security measures for online and mobile transactions for the holidays will find that their store fraud will simply move online (where EMV provides no protection), and they will still have hackers going after their data.”

Some other key highlights include the following:

• Today, the PCI process takes up to 55% of the total data security budget for retailers. Yet, until 75% of a given retailer’s card transactions are EMV compliant, the EMV costs are additive to what retailers are already paying for PCI compliance. Retailers have to do both.

• The typical EMV transaction will take five to eight seconds longer…. 1.3 seconds longer for card processing (according to POS Vendors), 4-6.5 seconds longer for customers to retrieve their cards, put them away, and complete the transaction process.

• Retailers will require more labor in their stores due to slower transactions and consumers leaving their cards in the payment device (EMV transactions require cards to stay inserted for the entire transaction, like old ATMs). 

• Consumers can expect much longer lines this holiday season as retailers and consumers struggle with a process introduced just before the critical shopping season.

• The average return-on-investment (ROI) for a $1 billion specialty store for EMV is – 77% over three years.

This ad will auto-close in 10 seconds