You will be redirected back to your article in seconds
Skip to main content

Forrester: Chip-and-PIN Adoption Could Be Delayed to 2020

Following high-profile data breaches at Home Depot and Target, American consumers breathed a collective sigh of relief when payment card issuers began rolling out chip-enabled credit and debit cards, moving away from the magnetic swipe system that’s been an easy target for data thieves.

In a bid to incentivize retailers to upgrade their readers to versions that accept new encrypted chip-and-PIN or chip-and-signature cards, Visa and MasterCard declared that by October, the liability for fraudulent transactions will shift to whichever party has the lesser technology. Despite the looming deadline, a Forrester Research report published Monday said widespread integration of the new EMV technology—named for Europay, MasterCard and Visa—by U.S. retailers could take until 2020.

According to the report, many small merchants are dragging their heels due to ROI uncertainty on something that could cost the industry around $30 billion to adopt. In addition, Forrester said chip technology doesn’t address “fundamental security and fraud issues.”

Andy Polk, vice president of the Footwear Distributers and Retailers of American (FDRA), agreed with Forrester’s forecast.

“We have thousands of small business owners across the country who have been struggling due to the stagnate economy, and many of them do not have the funds right now to upgrade their payment systems,” Polk said, adding that the rise of mobile and contactless payments among consumers is likely contributing to the slow uptake of EMV, too. “Some retailers wonder why they should adopt chip-and-PIN technology now when over the next few years Apple Pay and other forms of mobile phone payments could catch on, requiring them to put even more money into new systems.”

Polk pointed out that EMV is just one point of defense and that all retailers, from big-box stores to mom-and-pops, should instead focus on investing in “advanced kill chain technology platforms” that allow for targeted threat protection by assuming the adversary is going to get in.

“That would actually do more to protect their data and their customers’ data,” Polk said. “If you can maintain a strong kill chain, then chip-and-PIN is less of a vital need and is just one part of the overall security plan.”

He added, “Consumers don’t care what payment system they use as long as they believe whoever they purchase from has strong internal security systems to protect their data. As long as this remains the norm, companies are going to keep looking less at how they accept payments and more at how they protect the data once they have it in their system.”