55% of retailers not prepared for EMV migration

With just nine months until the deadline, more than half of all retailers are still not prepared for EMV migration, according to a new survey by ACI Worldwide.

ACI polled attendees at NRF's Big Show earlier this month and discovered that roughly one-quarter are not ready for chip-and-PIN technology, despite the October deadline.

Of the retailers surveyed, 14 percent still have work to do, 19 percent are not prepared and 22 percent are still evaluating their options, for a total of 55 percent that may miss the deadline.

More than half (59 percent) of respondents said that the past year's data breaches have impacted investments in payment security initiatives. Thirty-nine percent have already increased investments in payment security initiatives while 20 percent indicated they plan to increase such investments over the next 12-24 months.

Despite retailers' intent to increase investments in payment security, the survey found a notable lack of urgency regarding the migration to EMV and meeting the October deadline. Those not ready will become liable for credit-card fraud at their locations.

Just 12 percent of retailers responding to the survey are already compliant, while 19 percent are confident they will meet the October deadline.

"Many retailing customers with which we speak to are taking steps to address the EMV requirements, but like any major undertaking, are trying to manage this along with other payment security, IT and technology initiatives," said Lynn Holland, VP, ACI Worldwide.

Retailers are struggling to juggle investment priorities. Beyond payments security, respondents anticipate the top three biggest investments will be in omnichannel sales/seamless customer experience (37 percent), mobile payments acceptance technology (20 percent) and online/eCommerce initiatives (20 percent).
It is perhaps good timing that the PCI Security Standards Council (PCI SSC) issued a statement urging merchants, banks and technology vendors to make payment security a top priority in 2015, and declaring Jan. 28  Data Privacy Day, an international awareness effort focused on respecting privacy, safeguarding data and enabling trust.

"The Council is pleased to champion this international awareness initiative, which is an excellent example of the kind of public-private collaboration that will help us drive improved understanding and education around data protection globally," said PCI SSC General Manager Stephen Orfei. "Building a culture of security vigilance is critical to safeguarding sensitive data against evolving cyber threats."

For more:
-See this PCI SSC information page
-See these ACI Worldwide survey results

Related stories:
Retail security issues move from CIO to the C-suite
Walmart banks on mobile payments, chip-and-PIN
Sam's Club first to launch chip-and-PIN card
Target accelerating $100 million chip and PIN adoption, finds just 25 registers at fault in breach
EMV migration won't save retail