Research & Advisory

EMVcover

EMV: Retail’s $35 Billion “Money Pit”

$1,995.00$14,500.00

Clear
* For all license choices and descriptions, please see pricing tab below

Product Overview

Date of PublicationMay 28, 2015
FormatElectronic PDF
GeographyNorth America

October 1, 2015 will usher into US Retail the single biggest tax being levied upon it since Y2K.  This is the date of the liability shift due the the EMV Mandate set by the card brands.  On this date liability for fraudulent card card transactions shifts from the bank to the portion of the payment process that is not EMV compliant.

Various estimates quoted by the NRF, NACS and other industry associations estimate the total cost to the industry of over $35b when factoring in the cost of new equipment, new software for POS and payment devices, certification, installation, training, and 1.2 Billion new chip cards in the US.  Yet even this number is small compared to the additional labor costs and customer service disruptions that will occur just before the holidays.

EMV is a technology that is trying to solve a problem of 15 years ago.  And it was 13 years ago when Europe implemented the security measures.  But things have changed since then and EMV is taking massive amounts of budget away from real security for retailers to meet this deadline.

This report looks at the costs for retailers, the costs for vendors per POS application, and the impact on the performance of the front end of retailers along with recommendations for retailers and how vendors can best advise their clients.

There is a small subset of retailers that will benefit from EMV adoption, however, for the vast majority of retailers that are not on the front lines of the card fraud today, this mandate is a huge “money pit” that they will never recover the losses from, making it a giant tax.  In fact, beyond the tax the mandate actually slows retail’s progress towards it’s primary goals of secure, unified commerce that provides a seamless customer experience for their consumers regardless of how they choose to shop.

 

This report reviews the entire card payment process and the mystery around the processing of credit cards and debit cards; “Where there’s mystery there’s margin.”  Further, we review the PCI process and provide insight into the numerous data breaches of the last 2 years.  What caused them?  Why is PCI only done as an event and not a process (hint: overwhelming cost)?

Next we explain what EMV is, why it is different in the US than the rest of the world and why we believe it will be a disaster when rolled out in October for most of retail.

Then we look at the readiness of the different stakeholders in the process and the great disconnect between what people expect the impact on transaction speed is and what the reality is.  (It ain’t pretty).

After this we talk about how EMV is only part of a security solution and really the least important for where retailers want to go and then recommend a better way.

We end with recommendations for retailers, vendors, and consultancies as to how to approach EMV.

Format: SlideDoc - Can be read as document or used as presentation format.

Table of Contents

Summary of Findings

i.. Total Card Revenue vs Fraud

ii. ROI Calculations

1.0 The Payments Process

1.1 Pitfalls to PCI Process
1.2 Frustrations of the Breaches

2.0 EMV is Coming

2.1 Promised Benefits
2.2 EMV in US – Why s it Different?
2.3 Current Retail Readiness
2.4 The Elephant in the Room
2.5 What About the Consumer?

3.0 Vendor Readiness

3.1 Many Vendors Will Not Be Ready
3.2 Vendor Cost for EMV – Someone Has to Pay
3.3 Cost Per Application

4.0 The Great Disconnect

4.1 Transaction Delays for Core Standard POS
4.2 Transaction Delays for Mobile POS

5.0 Why EMV Is Only Part of Solution

5.1 EMV Will Not Stop Security Breaches

6.0 A Much Better Way

6.1 Protecting All Transactions
6.2 Special Considerations for Online Transactions

7.0 What IHL Recommends

List of Figures

Figure 1 – Average 3yr Return for $1B Retailer
Figure 2 – Total Card Transactions/Card Fraud/EMV Cost
Figure 3 – Return on Investment (ROI) Calculations for $1B Specialty Store
Figure 4 -Data Security as Percentage of IT Budget
Figure 5 – % of Data Security Budget Taken Up by PCI
Figure 6 – How Most Critical Vulnerabilities Can Be Mitigated
Figure 7 – Payment Security Readiness by Retailers by Technology
Figure 8 – Current Readiness for EMV of Payment Ecosystem
Figure 9 – When Will Vendors Be Ready for EMV By Application Type
Figure 10 – Vendor Costs Per Application Type for EMV
Figure 11 – Average Cost Per POS Application for EMV Change
Figure 12 – Impact on Transaction Speed for Traditional POS
Figure 13 – Impact on Transaction Speed for Mobile POS Transaction
Figure 14 – Why EMV Only Part of Solution

Download the complete summary outline and Pricing Information

Is EMV “Chip and PIN”?
No, although it is used synonymously with the term EMV much the same way Xerox is used for copying or Coke for soda, EMV as it is being deployed in the US does not include a PIN. Consumers can request a PIN, but the standard deployment is currently planned to be Chip and Signature which will require a signature like cards today.

Why is EMV Different in the US?
That is a great question.  The main answer comes down to that the average US adult has 5-7 different Visa or MasterCards on their name.  The belief from the 1,200 issuers of these cards is that consumers will limit their use to only a few if a PIN is required.

Does this study look at the costs of EMV for retailers?
Yes, not only do we discuss the hard costs, but also the additional soft costs of additional labor due to longer lines and lost cards.

Can I share this study in my company?
Yes, if you purchase the Enterprise License you can share this with your company.

Can I share this study with partners and clients?
Only if you purchase the Distributable License Option.

Can I quote this study in my presentations and press releases? In most cases this is fine for charts and quotes to be used in presentations but we ask that you run it by us first at ihl(at)ihlservices.com. Typically things shared in percentages (ie. this is 20% increase) then that is fine.

Was this a survey or a paper?
A little of both. There are actually 3 different primary research studies combined into the data presented as well as external data.  Two studies surveyed retailers, and one surveyed POS Vendors and their readiness.

Can I get access to the analysts who wrote or partnered in the study?
Yes, one of the core differentiators of IHL Research Studies is that included in part of the price is up to 30 minutes with the analyst to ask follow-up questions or dig further into any assumptions. This does not extend to getting more data, just better insight into how we arrived at the data and came to the conclusions from that data.  Simply contact us at ihl(at)ihlservices.com or +1.615-591-2955

License Options

Single User License – a lower priced license that is designed for use for a single user, not to be shared internal with other users or externally to partner, customers or other parties.

Enterprise License – a license that allows for the research to be accessed and shared internally with anyone else within the organization and wholly owned subsidiaries.

Distributable License – a license that allows for the company purchasing to distribute content to customers and potential customers for lead generation activities and potential institutional investors. This does not extend to sharing with other partners or individual partners. The research must be located with gated access and not posted on open websites.

IHL Group License and Fair Use Agreement

All of IHL Group’s generally available research are electronic licenses and are limited by the license type chosen for purchase.  For Single User Licenses this means that the person buying the research is the only person to use the research.

For Enterprise Licenses, these can be shared freely within the company. We only ask that this information not be shared with partners or others outside the purchasing company without authorization from IHL Group. The license does not extend to joint ventures or other partnerships. If the relationship is not a wholly-owned subsidiary, then both parties would need a license.

Practically, this implies the following:

  1. The purchasing company can use the data and research worldwide internally as long as the international organizations are wholly owned subsidiaries of the purchasing company.
  2. The data or any research cannot be distributed in whole or in part to partners or customers without express written approval from IHL Group.
  3. The purchasing company may quote components of the data (limited use) in presentations to customers such as specific charts. This is limited to percentage components, not individual unit information. Unit data cannot be shared externally without express written approval from IHL Group. All references to the data in presentations should include credit to IHL Group for the data.
  4. The purchasing company can reference qualitative quotes in printed material with written approval from IHL Group.
  5. All requests requiring written approval should be submitted to ihl(at)ihlservices.com and will be reviewed within one business day.

For Distributed Licenses, if applicable, the research can be shared with prospective customers and potential institutional investors.  It cannot be shared with partners or other vendors who should be purchasing their own licenses.

For any questions regarding this policy, please contact us at 1-888-IHL-6777 (North America) +1.615.591.2955 (International) or email us at ihl(at)ihlservices.com.