Several years ago, VISA announced a “liability shift” wherein merchants would be directly liable for credit card fraud on magstripe card transactions. The deadline for this came and went in October, 2015, and many merchants still didn’t have chip reader terminals. But to be fair to retailers, most of the credit/debit cards in my wallet are magstripe only, so it’s not ONLY retailers who are dragging their feet.
My employment and consulting background over the past dozen years revealed plainly to me that retail organizations want to have as little to do with security as possible. Many, in fact, even resist being compliant with required standards like PCI DSS. For any of you who are unfamiliar with security and compliance, in our industry, it is well understood that compliance does not equal security – not even close to it.
I saw an article today, which says it all. A key statement read, “There is a report that over the holidays several retailers disabled the EMV (Chip and Pin) functionality of their card readers. The reason for this? They did not want to deal with the extra time it takes for a transaction. With a standard card swipe (mag-swipe) you are ready to put in your pin and pay in about three seconds. With EMV this is extended to roughly 10 seconds.” Based on my personal and professional experience with several retail organizations, I am not surprised by this. Most retailers just don’t want to have to do security at all. You, shoppers, are the ones who pay the price for it.