As the October deadline approaches for the EMV chip card transition, just 10 percent of American consumers have received the cards and only a small minority are using the cards they have.
Of the one in 10 Americans who have received the new chip cards, 35 percent reported using the cards as intended in the card readers designed to accept them, according to an Associated Press-GfK poll. The survey included 1,004 people and was conducted by GfK Public Affairs.
The poll also found that 30 percent were unsure how to use the new cards that require a different procedure at the point-of-sale; 46 percent said they didn't know why the EMV cards were being introduced; and 22 percent doubted that the changeover would improve payment security.
In October, the liability for credit card fraud will shift from the card issuers to either the retailer victimized by the fraud, or the financial institution, depending upon which one is least prepared for the EMV transition.
Numerous studies have shown that a large percentage of U.S. retailers won't be ready for the October deadline. The numbers differ, but the trend is clear. For example, Randstad Technologies said 58 percent won't be ready; Lightspeed POS reported 56 percent won't be ready; ACI Worldwide said 55 percent; and Javelin Strategy & Research predicted 75 percent. A Wells Fargo/Gallup Small Business Index survey found that only 32 percent of small-business owners were even aware of the EMV transition.
Many banks also won't be fully prepared for the deadline, citing the expense of the transition and the lack of readiness on the part of their merchant customers. But at least one card network, Visa, has said it has no intention of extending the deadline although retailer groups like the National Retail Federation and the Food Marketing Institute have asked for more time.
Some EMV experts were caught off guard by the AP-GfK news. "It's surprising to me that only one in 10 Americans have adopted EMV cards, and of those who have, very few are actually using them or know how to," Andrew Avanessian, VP at security firm Avecto, told FierceRetailIT. "It's hard to make sense of why the transition has been so slow, when you look at how the vast majority of Western Europe uses the same credit card companies as the United States does and has had EMV systems up and running for 10 years already."
It's a "chicken-and-egg" situation, he said. "Few retailers have the EMV equipment in place, so no one is challenging the consumers to shift. If a consumer has forgotten his or her EMV PIN number, or doesn't have one, it's really no problem—they can continue to use their signature-based cards." On the other hand, retailers aren't introducing the equipment because the credit card companies haven't been quick to issue the cards.
"I would like to see card manufacturers accelerate the issuing of these chip cards to build momentum behind the retailers equipment, and consequently, enforce the usage of the cards by consumers," Avanessian said.
When EMV was introduced in Europe, all of the literature and end-user communications came to individuals directly from their banking providers, he said. "We should see the same process take hold in the United States."
Throughout all of this, it's important to bear in mind that EMV is only a part of the wider security issue. "It's paving over the cracks rather than getting to the fundamental vulnerabilities," Avanessian said.
"EMV is effective in stopping credit card information from being used once its stolen, but it won't stop criminals from actually getting into systems and harvesting other information about them, like personal names and addresses, buying trends, email addresses and store account logins. All of this information can then be used to conduct malicious phishing campaigns online."
The attacks on Target and Home Depot could have been prevented by more sophisticated and in-depth security technologies that already existed at the time, he said.
"EMV is critical when it comes to counterfeiting, but it should not be perceived as a panacea that will resolve fraud once and for all."
55% of retailers not prepared for EMV migration
EMV update: 75% of retailers to miss October deadline
Data breaches worry retailers, but only 44% will be ready for EMV
66% of IT execs say chip-and-signature provides insufficient security
Card issuers making rapid progress on EMV deployment