The Rippleshot Data Breach Blog

EMV's Affect on Small Businesses Has Capitol Hill's Attention

Written by Kaleigh Simmons | Oct 22, 2015 7:04:35 PM

This month, the House Small Business Committee held two hearings to learn more about the implications of the EMV transition on small businesses, along with the efforts being made to ensure they are in compliance with financial service providers and are in a position to succeed. Witness testimony was heard from a number of parties - from Visa and the NAFCU, to small business owners and the National Retail Federation.

Today’s hearing focused primarily on witness testimony from small businesses and merchant groups, where the most prominent message shared was how “overwhelming and costly” the transition process has been for these parties.

For some, like Keith Lipert of of Keith Lipert Gallery in Washington, D.C., EMV compliant POS terminals are on backorder with their processor. For others, like Art Potash of Potash Markets in Chicago, IL, who has had EMV terminals in their stores since May, the hold-up is on their merchant acquirer to finish the back end software upgrade to complete their transition.

All of the small business owners however, agreed that the implementation has been incredibly expensive, and without any real monetary incentive to comply. Several witnesses cited costs of $1000 per terminal for EMV upgrades.

“Unlike the issuing banks who were enticed to issue chip cards with the promise of seeing their fraud costs reduce, merchants were pushed to do so under the threat of seeing their costs increase,” said Potash. This is particularly difficult for us to accept when we already pay the highest interchange fees in the modern world in the name of fraud costs.”

The small business owners also expressed concern over the delays with the holiday shopping season quickly approaching. It “leaves small retailers to fend for themselves,” said Lipert.

All agreed that the upgrades were necessary in order to ensure customer security, but were frustrated by the decision to go with “chip and choice,” as Potash called it, instead of requiring chip and PIN.

This has been debated to no end, including on this very blog. Merchants are correct in their assertion that the PIN does not protect against stolen cards, and that the liability for fraudulent transactions from stolen cards does sit squarely in their laps. But what’s important to note, is that fraud stemming from stolen cards has steadily decreased, while fraud as a result of counterfeit cards (which chips prevent) has increased over the last several years.

This was addressed directly in the committee’s first hearing, by Stephanie Ericksen, Vice President, Risk Products at Visa.

“Since chip technology makes it essentially impossible to counterfeit cards, which is approximately two-thirds of the fraud that occurs in stores today, merchants will be less attractive targets for criminals,” said Ericksen. “Chip technology is also the basis for future payments innovation because it enables technologies like near field communications (NFC) technology and tokenization. When small business owners upgrade to chip-enabled terminals, they aren’t just investing in payment and data security. They are also positioning themselves to accept the next generation of secure payment technologies, such as mobile and digital payments.”

Jan N. Roche, President/CEO of State Department Federal Credit Union noted that PINs do not make a dent in card-not-present fraud, which currently accounts for 45% of all card fraud in the U.S. and is expected to rise post-EMV. In fact, in the United Kingdom, online fraud raised 79% after their EMV transition.

In response to the hearings, and the focus on PINs, American Bankers Association President and CEO Frank Keating wrote the following in an editorial on The Hill:

“Unfortunately, some retail trade groups have chosen to fixate on mandating PINs, a static technology that only addresses a small and steadily declining share of fraud, rather than addressing what caused the high profile retail data breaches that compromised millions of Americans’ card accounts. These breaches weren’t caused by petty thieves swiping cards out of wallets – they were caused by organized crime rings exploiting gaps in retailers’ systems.”

To learn more about the EMV transition and its expected impact on payment security, check out the Rippleshot Knowledge Center.