As the Europay, MasterCard and Visa (EMV) implementation deadline draws near, how many U.S. merchants understand they will be held accountable for cardholder data breach losses if they are not EMV compliant? Thus far, merchant reactions to news of this liability shift have been mixed, but recent studies have captured a few key themes.
Findings suggest most large retailers are now or soon will be prepared to accept EMV chip cards. However, the majority of small to midsize businesses (SMBs) have said they do not expect to be EMV compliant by the deadline, and many are stating they weren't even aware the deadline or associated liabilities existed.
According to the most recent Wells Fargo/Gallup Small Business Index study conducted in July 2015, 49 percent of small-business owners who accept card payments at the POS reported they were aware of the Oct. 1 liability shift. Likewise, a July survey conducted by the business referral site Manta Media Inc., canvassed over 1,700 small-business owners. Fewer than 9 percent of the respondents indicated they'd adopted EMV-enabled POS systems; another 28 percent said they weren't aware how the deadline would affect them.
Studies conducted inside the industry reaped less sobering results, but the data still points to an EMV information gap for SMBs. In its latest Small Business Index, ShopKeep reported 62 percent of its clients said they'd be prepared to accept EMV chip cards by the deadline; the rest cited a lack of education and awareness for their unpreparedness. And Cayan LLC surveyed 344 small business owners and managers in June and found 37 percent of respondents were not accepting EMV cards, nor did they plan to do so by October or in the future.
According to data from the LexisNexis True Cost of Fraud 2014 Study, the average U.S. merchant endured 155 fraudulent transactions in 2014, a statistic that has steadily increased since 2011. LexisNexis also found merchants sustained 61 percent more fraudulent transaction attempts in 2014 than in 2013. In addition, The Nilson Report predicts fraudulent credit card losses will top $10 billion in 2015 for the third year in a row.
Cayan's survey results also indicated 60 percent of the respondents would have difficulty bouncing back from a fraudulent charge they had to cover out of pocket. "When we talk to small businesses about the risk of card fraud after Oct. 1, they aren't highly motivated to upgrade," said Henry Helgeson, Chief Executive Officer and co-founder of Cayan. "However, when we start associating a dollar amount to the risk – even $100 lost to covering fraud – they are much more interested in becoming EMV-ready. The survey results reinforce our observation: small businesses cannot afford to be on the wrong side of the liability shift."
Data from an American Express Co. survey of 500 small-business owners in October 2014 supports the idea that SMB owners are concerned about risk and fraud prevention. Sixty-seven percent of merchants surveyed indicated payment card fraud protection was very important to their businesses, and 52 percent thought their businesses were more at risk for payment card fraud than larger businesses would be. When asked why, close to half of the same business owners indicated inadequate access to experts, lack of resources for fraud prevention and the prohibitive cost of upgrading POS systems were barriers to achieving an adequate level of protection.
So, what will motivate the SMB merchant to take EMV compliance more seriously as the clock keeps ticking away? Outside of free and reduced-price equipment, Cayan's survey results revealed a few clues. Sixty-three percent of the participants said incidence of fraud requiring an out-of-pocket reimbursement would convince them to upgrade. Additionally, 57 percent indicated they would upgrade if customers complained about a lack of EMV acceptance. Alternatively, only 16 percent of respondents said news of fraud would be enough to nudge them into making an upgrade.
These factors suggest our industry needs to find more effective ways of educating SMBs to help them grasp the everyday fraud risks they already face and how an EMV upgrade will help. This entails offering them a justifiable value proposition that will likely save them from paying the piper later.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.Prev Next