The credit card industry has asked stores to comply with EMV which stands for Europay, MasterCard and Visa by October 2015. But major retailers arent waiting for the deadline to upgrade their checkout hardware to be able to read computer chips in cards.
The incentive to upgrade is high. After the deadline, MasterCard, Visa, Discover and American Express have said they are shifting liability for fraudulent charges onto retailers and banks if they havent complied.
Wal-Mart spokesman Randy Hargrove said the companys checkout terminals are already capable of accepting EMV cards.
Smaller retailers GNC and Jones of New York just ordered EMV-capable payment systems from VeriFone, which also works with Kroger.
Kroger spokesman Keith Dailey said the company has been building toward chip and PIN technology for the past two years.
All new PIN pads at Kroger, the largest traditional supermarket chain in the U.S., can read EMV cards.
Thats not to say that this conversion can be accomplished with a simple flip of the switch, Dailey said. The entire payment processing infrastructure, which includes banks, credit card issuers and payment processors in addition to retailers, has to change.
Hackers and thieves also know that deadlines are looming and are taking the timetable seriously. Last year, Troy Leach, chief information officer for PCI Security Standards Council, a credit card industry compliance group, warned that as the window of opportunity closes for hackers in the U.S., the frequency of attacks would accelerate.
Credit card fraud cost retailers, banks and credit card companies more than $11 billion in 2012, according to the National Retail Federation.
The recent high-profile breaches of credit cards used at Target, Neiman Marcus and possibly Michaels Stores focuses the blame on retailers. Some experts say thats not totally warranted.
Retailers arent payment processors; banks are, Gartner analyst Avivah Litan said. I always thought it was a little unfair to expect retailers to protect against attacks. Its beyond their mandate.
Retail companies have spent billions on systems and should try to keep them reasonably secure, she said. But even expert firms that claim to keep criminals away cant do it. How are retailers supposed to do it?
Once retailers have the checkout hardware installed by the October 2015 deadline, it may take two to three more years to get all the smart cards into the hands of U.S. consumers, Litan said.