News Feature | December 23, 2014

Survey Shows Lack Of SMB Preparedness For EMV Credit Card Transition

Christine Kern

By Christine Kern, contributing writer

Survey Shows Lack Of SMB Preparedness For EMV Credit Card Transition

In a survey by IT security research company Software Advice results show that most SMBs are not prepared for the transition to EMV chip cards in October 2015.

Among the Software Advice study’s findings, 26 percent of SMBs surveyed don’t know what an EMV terminal is. And over two-thirds of SMBs doubt their ability to upgrade payment terminals before the October 2015 deadline.

Although EMV payment technology has been the standard in Europe, Canada, and many other regions for several years, the United States has been slow to adopt the technology. The U.S. is currently the last major industrialized nation using magnetic stripe technology — technology that is easy to copy, leading to 50 percent of global fraud, even though Americans only hold 25 percent of the world’s cards, according to Software Advice.

But in October 2015, liability for fraud will shift from card issuers to merchants, unless they upgrade to EMV payment terminals. Earlier this year, President Obama signed an executive order to accelerate this transition for government organizations, implementing EMV security measures to safeguard consumer transaction data.

The study found that migration to chip cards seems to be in the early stages, with as much as 82 percent of consumers with no EMV cards. And even if customers have an EMV card, the survey found that only 11 percent of SMBs are prepared to meet the EMV deadline and have the appropriate payment technology in place for customer use by October 2015.

But beyond the realities of preparedness lies the question of need. The survey also found that nearly one-third of SMBs don’t even believe that EMV terminals are necessary, which suggests one of two things to researchers: first, that SMBs are confused about the liability issues; or two, that SMBs are assuming that their business are unlikely targets of fraud and therefore see the upgrades as an unjustified business expense.

Expense is certainly a key concern for SMBs. According to Simon Gamble, president of network management company Mako Networks North America, “More than 50 percent of merchants in the U.S. have what’s called ‘integrated POS,’ which means that the payment entry devices, [in this case] the EMV device, is generally plugged into a computer that’s managing the stock control and all that.”

In this scenario, upgrading to EMV can be “ridiculously expensive” because merchants “have to replace not just their PIN pads, but their whole point-of-sale system,” he adds.

Ultimately, the study concludes, “this could represent a golden opportunity for merchants to seize the moment and make their businesses more secure from fraud. EMV terminals are currently available to purchase, and when this technology is combined with protection techniques stipulated by PCI — such as network segmentation, rigorously enforced password policies and other tools such as encryption — they can make a business much more secure.”