Last spring, around this travel-y time of year, we had just gotten back from Europe, and reported from the land of EMV use (that’s where the “E” in those initials comes from!) about how customers were adapting to inserting their cards, and perhaps signing or using PINs more often.
The surprise then was to a larger degree than we’ve observed here, routine purchases — in grocery stores, taverns, etc. — were often done in cash. Card use, at least in some areas, seemed to most prevalent at neighborhood ATMs. (For indeed, there’d be much fewer places for “cash back” than we’re used to here).
Now, one year later, we’re back from an extended jaunt on the East Coast — mostly New York and “Upstate,” as it’s officially called there. We were armed with both “regular “ credit cards, and our newly chipped debit cards.
Since we actually like to follow some of the precepts we talk about in this blog (and since we’re just as alarmed by the constant security breaches as you are!), our goal was to mostly use credit where there was no upgraded POS device, and only use our business debit where the EMV-equipped terminal made it safer.
This worked out… most of the time.
Credit card companies, of course, are no longer liable for fraudulent charges resulting from non-EMV compliant devices — and it was surprising how many merchants we saw in Manhattan were willing to take this risk.
One local grocery story had upgraded, as had, surprisingly, one regional bus company, whose services we used to leave the city and head upstate into verdant the Hudson River Valley for a few days.
Yet most of the merchants we came across, in our admittedly non-scientific sampling, fell into the “42% of retailers (who) have yet to upgrade their terminals,” according to a Huffington Post piece (itself citing Cardhub) on the slow pace of EMV adoption.
Note of course, that the upgraded terminal doesn’t necessarily mean the software has been installed to make the “EMV-ready,” either — meaning there’s still a larger percentage of “non-EMV” retailers
“If a mom and pop shop has perfectly fine payment terminal that is relatively new, they’re not going to purchase a new terminal for $500 – especially when they could get around 7 years of use with their current terminals?,” the article asks, quoting one business consultant. Especially, he continues, “when you are highly unlikely to ever see a counterfeit card?”
However this same consultant goes on to say that the businesses he works with also worry “that their customers will be concerned that they don’t take security seriously if they don’t upgrade to EMV,” a category we definitely fell into! (Though among our traveling companions, we were the only ones even talking about using EMV cards — the hazards, perhaps, of regular “fintech” blogging?)
And the number of chip-ready terminals may not be the biggest issue. NerdWallet goes on to say that “only 20% of credit card terminals in the U.S. had been activated for chip use through April.”
Quoted in the same piece, cyber security expert Brian Krebs suggested that rather than waiting for the ongoing rollout of chip-and-pin or chip-and-signature EMV rollout, “tokens” might be a way “to combat fraud. With tokenization, merchants’ computers don’t store credit card data at all. Instead, they store a placeholder number, or token, that can be used to retrieve data from the issuer… (This) can help merchants avoid storing card data for any length of time and in the process decrease the likelihood that cyber crooks will target them for card data.”
Meanwhile, the article concludes, “consumers are very comfortable transacting with cards,” Conroy says, “and changing consumer behavior is difficult, so cards will be with us for some time to come.”
Keep your customers comfortable, of course, but keep their data as safe as possible. Contact your AVPS rep for any upgrades — whether for EMV readers, upgrading online payment systems, mobile card readers, or more — that you may have been putting off.
And next spring, when we get to leave our bloggers’ garret again for another trip, we’ll report on the state of card security out there in the “real world” of travelers, diners, and customers just like yours.