SMBs Prep for EMV Shift: How Ready is Your Business?

Harlem-based coffee shop The Chipped Cup is on-board with moving to chip-and-pin technology.

Continue Reading Below

“It’s time for the United States to catch up. Especially so, seeing as there's no other country where credit card use is as prevalent as ours,” The Chipped Cup Co-Founder Andrew Ding told “[And] as it's ubiquitous in many other countries in the world … I think it's only a good thing.”

But, it seems The Chipped Cup may be the exception, not the rule.

Of the dozen-plus small-to-medium-sized businesses (SMBs) from across the country called, only two confirmed they were on their way to making the switch, and only one, The Chipped Cup, agreed to speak on the record. Of the 23 million small businesses in the U.S., which account for 54% of all U.S. sales according to the U.S. Small Business Administration, a majority don’t think they’ll be ready to transition to EMV by the October 2015 goal.

In fact, 69% of SMBs doubt their ability to upgrade payment terminals for EMV-compliance by the fall, according to a survey conducted by Software Advice, a software reviews site. Daniel Humphries, an IT security researcher for Software Advice, isn’t exactly surprised by the survey’s findings and says the transition to EMV technology in the U.S. “won’t be a smooth one.”

However, Humphries says there’s still “plenty of time” for SMBS to prepare for the chip-and-pin transition. The changeover period, he adds, “even represents a golden opportunity for merchants to make their businesses more secure from fraud … and take matters into their own hands.”

When it Comes to EMV, U.S. is the Odd Man Out

EMV, which is a joint-effort between Europay, Visa (NYSE:V) and MasterCard (NYSE:MC), released a blueprint calling for the U.S. to move to chip technology back in January 2012. According to MasterCard Senior Vice President Carolyn Balfany, the October 2015 date reflects a liability shift, not a hard deadline. She says banks and merchants can individually asses their own fraud risks and migrate to the technology “when it makes sense for them.”

Put simply, with this liability shift, starting in October 2015, the party (so, the issuer (bank) or merchant), who has the less secure payment system will be held responsible for fraud. Traditionally, the issuer has been held accountable for unauthorized transactions. Beginning this fall, if fraud occurs when a magnetic stripe card (the type of credit card primarily used in the U.S.) is used in a chip-enabled payment terminal, the bank (issuer) is still responsible. However, if fraud occurs when a chip-card is used in a magnetic stripe terminal, the responsibility now falls on the merchant. (Consumers are never held responsible for fraud under these stipulations.)

The goal is to better protect U.S. consumers and merchants by moving away from magnetic stripe credit and debit cards to chip cards, which have embedded computer chips that create unique codes for every transaction and, according to experts, are nearly impossible to copy. Balfany cites a recent Nilson Report that finds the U.S. is the only country where counterfeit card fraud is consistently growing.

“We now account for 47% of the world’s counterfeit fraud. It cost our card-issuing banks $3.4 billion and merchants another $1.9 billion in 2012,” she says. “The October 2015 liability shift was created to reflect the need to adopt the great levels of security offered by chip cards.”

Presently, chip-card technology has been adopted in Europe, Australia and Canada.

The Transition Obstacle Course

First, there’s the issue of the liability shift. For merchants, this adds a new financial and legal burden. Add to the extra burden the fact that a good amount of SMBs aren’t even aware of the need to make the switch -- the Software Advice survey found that 26% of respondents didn’t know what the difference between a magnetic stripe and EMV terminal was. Even for The Chipped Cup, it was news that the liability shift meant merchants would be accountable for fraud.

Next, there’s the debate between what kind of chip cards the U.S. should adopt: Chip-and-pin (shoppers complete sales by entering a pin) or chip-and-signature (customers complete transactions by signing their names). MasterCard’s Balfany says chip-and-pin is “widely recognized as providing higher levels of security, as it protects against counterfeit as well as lost and stolen card fraud.”

The Chipped Cup is also for pin-authorization. “There is no doubt that this will result in a dramatic fall in credit card fraud for physical retailers, and I can't see a reason for keeping signature other than being accustomed to it,” Ding said.

Merrill Halpern, assistant vice president of card services at United Nations Federal Credit Union (UNFCU), argues going with signature over pin short-changes customers on data protection.

“There is  a lot of work involved in implementing [EMV], and [some banks have] decided to go with a simpler more expedient roll-out,” and are still meeting the minimum requirements of the card association while avoiding the time and overhead costs of issuing pins, Halpern said. He describes the decision to go with signatures as a quick fix, that in the long run only acts as a Band-Aid to the issue. Long Island City, NY-based UNFCU was an early adopter of EMV and one of the only credit card companies that issues chip cards.

And what about card-not-present scenarios, and also, e-wallets?

NCR Small Business, a point-of-sale (POS) technology provider, recently released an infographic featuring a statistic from Forrester that points to a swell in mobile payment use in the U.S., with mobile transactions on track to reach $142 billion by 2019 -- up from $50 billion in 2014.

The Chipped Cup runs entirely on Square, and Ding says they are happy to accept alternative mobile payments as it is well-suited for their quick-paced business.

NCR Small Business expanded its payment options under its cloud-based point-of-sale system called NCR Silver in January, which will have a chip-and-pin-capablity ahead of October. Reggie Kimble, director of development for NCR Small Business, says the launch of NCR Silver, and rise in alternative payment methods like Apple Pay and LevelUp, coincides with a rise in demand for smarter and safer ways to shop from consumers.

The PIN system, however, does not provide added protection for online (card-not-present) sales.

MasterCard dismisses the excuse that small businesses haven’t been informed, saying the information is out there, it has been for more than a year and is readily available on the MasterCard site as well as on those of industry organizations like the Smart Card Alliance and the National Retail Federation.

Belfany says MasterCard’s hope is once all parties -- issuers, merchants and consumers -- adopt the new method, “they will begin to see the benefits of a safer, more convenient shopping experience.”

But Kimble says it is more complicated, as SMBs “just want to run their businesses, and now they’re being introduced to a new technology hurdle … they have a lot of questions.”