Most retailers will never recover the expenses involved in transitioning to the EMV chip card. The estimated cost of $35 billion creates an unrealistic burden on retailers and confusion for customers, according to a new study by a prominent research firm.
"The single biggest problem with the EMV mandate is that it is focused on trying to solve last century's problem and completely ignores the reality that retailers are facing today," said Greg Buzek, president of IHL Group, in a statement. "Twelve years ago when EMV was introduced into Europe, it made tremendous sense. Today, it stands in the way of real data security by stealing critical budget away from focusing on the risks that retailers face from online hackers."
The average return on investment for the EMV implementation at a specialty store with $1 billion in revenue is negative 77 percent over three years, IHL said. The $35 billion number is based on estimates by the National Retail Federation, the National Association of Convenience Stores and other industry groups.
Unless merchants are among those at high risk of fraudulent card transactions—including electronics, fuel, mass merchants or those that sell gift cards for such retailers—the threat of fraudulent cards at the point-of-sale is extremely small compared to the other loss prevention and data security issues retailers face today. Additionally, the fraud will simply move online over time, as seen during EMV implementations in Europe and Canada.
Retailers' primary concern is the risk of a customer data breach, but this is almost entirely mitigated by end-to-end encryption and tokenization of the transactions. In other words, if the card data is never on the retailer's network in way that is usable to hackers, it cannot be exploited. These other technologies enable retailers to lock the doors to the entire house while EMV merely locks the front door and leaves the others open, the report said.
"Retailers who simply focus on EMV at checkout without focusing on end-to-end encryption and tokenization in all of their sales channels are actually opening up a significant security hole," Buzek said. "Those retailers who do not put in extra security measures for online and mobile transactions for the holidays will find that their store fraud will simply move online—where EMV provides no protection—and they will still have hackers going after their data."
The IHL study, titled "EMV: Retail's $35B 'Money Pit,'" found that the Payment Card Industry process current eats up as much as 55 percent of retailers' total data security budget. But until 75 percent of any given retailer's card transactions are EMV compliant, the EMV costs are additive to what retailers are already paying for PCI compliance. Retailers have to do both, IHL reported.
In addition, EMV transactions will take 5 to 8 seconds longer. It takes 1.3 seconds longer for card processing (according to POS vendors) and 4 to 6.5 seconds for customers to retrieve their cards, put them away and complete the transaction process.
Because of the slower transactions and customers' unfamiliarity with the process, retailers will need more labor in stores. Shoppers may also leave their card in the transaction device because EMV requires cards to stay inserted during the entire transaction, like older types of automated teller machines. With the EMV chip cards being implemented during the holiday shopping season, customers can expect longer lines as cashiers and other shoppers struggle with the new process.
-See this IHL press release
Widespread EMV chip card adoption won't happen until 2020: Forrester
Card issuers making rapid progress on EMV deployment
The importance of pushing back the EMV fraud liability shift deadline
55% of retailers not prepared for EMV migration
Banks worried that retailers won't be ready for EMV