News Feature | June 3, 2015

IHL: Your Merchant IT Clients Will Never Recoup Price Of "EMV Tax"

Christine Kern

By Christine Kern, contributing writer

EMV ROI

The shift of liability for fraudulent payment card transactions scheduled for October 1, 2015, means that if retailers are not compliant with EMV by that date, then they will be liable for those transactions, instead of the issuing bank. New research from IHL Group has found, however, that most retailers will never recoup the expenses related to EMV. IHL added up the cost of compliance as well as the additional time transactions will take and additional labor costs, and concludes the average ROI for EMV for a $1 billion specialty store is -77 percent.  

As Greg Buzek, president of IHL Group, a Franklin, Tennessee-based retail market research firm, asserted in the study’s press release, “The single biggest problem with the EMV mandate is that it is focused on trying to solve last century’s problem and completely ignores the reality that retailers are facing today.”

“12 years ago when EMV was introduced into Europe it made tremendous sense. Today, it stands in the way of real data security by stealing critical budget away from focusing on the risks that retailers face from online hackers.”

The research reveals that the risk of fraudulent cards at the point of transaction is actually relatively small, unless the merchant is in electronics, fuel, mass merchants or companies that sell gift cards for these retailers, when compared to the other loss prevention and data security issues that retailers face. It also points out that, over time, fraud simply moves online, as has been demonstrated with EMV implementations in Europe and Canada.

According to IHL, “The risk of breach of customer data, the retailer’s real concern, is almost entirely mitigated via end-to-end encryption and tokenization of the transactions.  Basically, if the card data is never on the retailer's network in any usable manner to hackers, it cannot be exploited.” Retailers who only focus on EMV are actually creating a gap in security. Buzek states, “Those retailers who do not put in extra security measures for online and mobile transactions for the holidays will find that their store fraud will simply move online (where EMV provides no protection), and they will still have hackers going after their data.”

As the EMV transition looms, various stakeholders in the industry have been creating resources to help solutions providers sort through issues and educate themselves. As Business Solutions Magazine reported, for example, the Retail Solutions Providers Association (RSPA), created “EMV Central,” a resource page on the RSPA website designed to support the association’s EMV education and awareness campaign. The resource page includes several files for download, including “EMV at a Glance,” and “EMV General Overview,” and “EMV FAQs for Developers.”