EMV apathy? Why small businesses are avoiding the POS upgrade
After years of build up, the October 1 liability shift to EMV standards is finally just days away.
But according to a bevy of research polls and surveys, most small and midsize business owners are woefully unprepared for the impending EMV deadline.
Short for Europay, MasterCard and Visa, EMV is a secure payment standard that reduces fraud in face-to-face, card-present environments via the use of chip-embedded payment cards.
The chip creates a unique impression for each transaction, so the only data flowing through a merchant's point of sale (POS) terminal is a random numerical sequence. The combined chip and tokenization process makes it almost impossible for hackers to create fraudulent accounts or make counterfeit cards.
The global standard was first developed in 1994 and became widely available in the early 2000s. Today the technology is ubiquitous around the world -- except in the United States, where fraud-prone magnetic stripe cards have managed to maintain a firm grip on the country's payment system.
That is until four years ago when payments giant Visa drew a line in the sand, giving U.S. merchants until October 2015 to upgrade their POS terminals and back-end software to begin accepting chip cards. If they didn't upgrade by the deadline, it would make the merchant -- not the credit card company -- liable for some incidents of fraud.
Today, most big box retailers are already equipped for the change. Overall, approximately 27 percent of American merchants are expected to be EMV-ready by next month, according to a survey by the consulting firm Strawhecker Group. That figure is less than previously expected, and the readiness rate among small merchants is even lower.
For example, the latest Wells Fargo/Gallup Small Business Index found that a dizzying 51 percent of small merchants surveyed reported being unaware of the October 1 liability shift.
Another recent study from Software Advice paints an even more dismal portrait of the EMV landscape among small businesses, suggesting nearly eight in 10 SMB retailers have not yet adopted EMV-ready systems.
"I would have to agree with that figure," said Kathy Lintner, owner of the boutique Cartwheels Paper and Gifts in Louisville, Kentucky.
Lintner's store is located in strip mall occupied primarily by small, locally owned businesses. And out of them all, not a single one is equipped with an EMV-compliant POS system.
"We are installing it this week," Lintner said. "We had an October 1 deadline, so, like many small businesses, we set it aside as it wasn't a do-now requirement."
Lintner has a basic understanding of EMV, which is probably more than many of her small business neighbors. She said her credit card processor, Intuit QuickBooks, sent her a box in the mail about three months ago.
It contained a new EMV-compliant POS reader with instructions on how to install it. That's it. No outreach, no emails, just a package in the mail.
Lintner's experience is a stark contrast from what was initially envisioned by the payments industry.
At the start of this year, organizations such as the EMV Migration Forum began pumping out EMV primers for small businesses and reaching out to the press. The hope was to get the EMV conversation started early, giving merchants ample time to learn about the change and how to prepare for it.
According to Randy Vanderhoof, director of the EMV Migration Forum, there's been a slight lack of urgency among small merchants.
"I think there has been a sense that merchants were just going to ignore this," Vanderhoof said. "They didn't believe it was going to happen, or they just put it out of their mind because they had more important things to worry about."
Vanderhoof agrees small businesses have a need for further education about EMV, especially since the responsibility to upgrade falls mainly on the merchant.
"The US is the largest and most complex payments market in the world, and there is no mandate requiring any of this change for consumers or merchants. So it is expected that it will take some time for everyone to be on board," Vanderhoof said.
The exact cause of the small business holdout is unclear, but most surveys seem to point to a basic apathy among smaller merchants, who consider the EMV migration to be an unnecessary cost burden and a technological headache.
Those assumptions are at least partially accurate, according to Stephanie Ericksen, vice president of Risk Products for Visa.
"The dimensioning of fraud is low in small merchants," Ericksen explained. "We see fraud primarily in electronics and luxury goods retailers -- that's where a criminal would go to find card data they can resell for cash or trade on the black market."
"But small merchants who tend to have repeat customers and small value tickets, they aren't really a target for counterfeit fraud," she added.
Still, Ericksen said, small businesses should also look at the EMV migration as an opportunity to future proof their payments system. Most EMV readers today are also compatible with NFC, meaning they can accept mobile payments from the likes of Apple Pay and Samsung Pay.
But getting the terminal is only one step on the long road toward full EMV adoption in the US. Consumers also will need to be issued a new EMV-ready card, and a recent survey from payment company ACI Worldwide shows six out of 10 US consumers with credit cards do not have the chip card.
Add it all up, and the October 1 deadline is likely to be anticlimactic on all sides.
The real test of EMV adoption won't come for another three to five years, when transaction volume from EMV cards reaches 90 percent. That's the theory, anyway.