The EMV liability shift occurs Oct 2015 and the United States expects six million to eight million EMV cards to be deployed by the end of the year. Payment solutions giant Ingenico Group believes many merchants will not be ready. (Ingenico Group is an active member of both the Smart Card Alliance and the EMV Migration Forum, which are cross industry organizations focused on easing the U.S. EMV implementation.)
Based on his expertise in EMV transitions, Ingenico Group North America president Thierry Denis offers the following observations and advice:
• If Tier One merchants aren’t already well down the path of implementing EMV payment acceptance solutions, they are already behind. Of the very largest retailers, probably 80%-90% of them will be done with EMV conversions and production by the liability shift. If they don’t make the liability shift, they will be within a few months of it. On the other end of the range, small merchants who use their acquirer’s point-of-sale devices and preprogrammed devices, may be in a better position than the middle tier of merchants.
• The medium-sized merchants rely a lot on third-party system integrators who are not ready, for the most part. There are a lot of questions coming from them, there’s a lot of interest, but they’re not as far along as they really need to be. We think that they are going to be the long tail of this issue and they’re going to be the ones that will go into 2016, and start solving that issue and implementing EMV during 2016.
• Merchants who don’t transition to EMV are likely to be targeted by hackers. We’ve seen this in other countries. Hackers know which merchants still use magstripes, and we’ve seen hacks quickly migrate to those targets.
In fact, when countries implement EMV, there is a well-documented migration of credit card data theft toward countries (like the U.S.) that still use magstripe technology.
• Consumers are getting EMV cards in the mail now and will be looking to use these cards at the retailers they visit, as they know EMV cards are more secure. If merchants are not ready to accept them, they will appear behind the times and not taking security seriously enough for their customers.
• P2PE goes hand in hand with EMV at the point of acceptance. As Merchants are strategically planning they should look for a vendor who can support multiple offerings for their P2PE solution, so that the merchant can choose which works best for their business.
• Identify either a dedicated team or individual whose sole responsibility is EMV. Otherwise, merchants tend to lose focus. This is a complex transition, with a lot of moving parts. Someone needs to lead the charge, and that person needs to have executive-level backing in order to minimize red tape and get things done.