Most people’s first introduction to, and perhaps only interaction with, EMV payment technology has come at the mailbox, not the checkout counter, arriving in the form of an unexpected replacement credit card with a curious, shiny computer chip embedded within it. You see, financial institutions have been fairly responsive to the October 1, 2015 deadline set by Visa and MasterCard for the transition away from magnetic-stripe card security – the backbone of U.S. domestic payment processing since the ‘70s.
The retailer response, however, has been shockingly muted by comparison, which is problematic considering merchants that do not implement EMV-compliant payment terminals are now liable for fraudulent purchases made in their stores. And the roughly $8 billion in fraudulent card purchases made in the U.S. each year certainly represents a mountain of risk for resistant retailers.
In order to better understand the scope of this problem as it exists six months after the transition deadline’s passing and determine whether EMV non-compliance is even on the consumer radar, WalletHub conducted a nationally representative survey of 55 major retailers and 1,000 individuals. Please find the results below.
Main Findings
Are Stores EMV-Compliant?… ~42% of retailers have not updated the terminals in any of their stores.
Breached, But Behind… ~43% of retailers that have experienced data breaches in the past 5 years have not updated their point of sale terminals.
Do You Even Care?… ~56% of people don’t care if a retailer’s payment terminal is chip-enabled.
Who Got The Chips?… ~41% of people say they don’t have (or don’t know if they have) a smart-chip credit card.
Better Fraud Protection… ~62% of people don’t understand the difference between major card security standards.
Debit Or Credit Security?… ~41% of people falsely believe debit cards protect them from fraud better than credit cards.
Checking Credit Reports… Nearly half (~44%) of the people who check their credit recently understand that chip cards offer better security than magnetic-stripe cards, compared to just one quarter of those who did not check it in the past year.
Detailed Findings
Retailers
| Retailer | 2015 Upgrade Status | % of Stores EMV-Compliant in March 2016 | Revised Upgrade Plan | Data Breach in Past 5 Years? |
|---|---|---|---|---|
| WalMart | 100% upgrade in Nov. 2014 | 100% | N/A | No |
| Kroger | Systems to be compatible with EMV by deadline | 93% | Not provided | No |
| Costco | 100% upgrade | 13% | Not provided | Yes |
| Target | Chip card readers were installed in September 2014 | 100% | N/A | Yes |
| The Home Depot | 100% upgrade | 100% | N/A | Yes |
| Walgreens | All stores accept chip-and-pin cards | 100% | N/A | No |
| CVS Caremark | 100% upgrade | 100% | N/A | Yes |
| Lowe's | Upgraded terminals by deadline | 93%* | Not provided | No |
| Safeway | Not provided | 17% | Not provided | No |
| McDonald's | Customers can use the Softcard App (based on the global EMV standard) | 13% | Not provided | No |
| Best Buy | Not provided | 100% | N/A | No |
| Publix | In process of updating its terminals | 0% | Not provided | No |
| Macy's | 100% upgrade | 100% | N/A | No |
| Kmart | Systems compatible with EMV | 0% | June, 2016 | Yes |
| Ahold USA / Royal Ahold | Not provided | 0% | Not provided | No |
| Rite Aid | EMV‐ready equipment for domestic and international transaction processing | 100% | N/A | No |
| TJX | Not provided | 0% | Not provided | No |
| H-E-B | 100% upgrade by June | 100% | N/A | No |
| Albertsons | Not provided | 0% | Not provided | Yes |
| Kohl's | Not provided | 100% | N/A | No |
| Food Lion | 100% upgrade | 0% | May, 2016 | No |
| Taco Bell | Launched a mobile ordering and payment app | 20% | Not provided | No |
| Pizza Hut | Not provided | 0% | Not provided | No |
| Dollar General | Not provided | 100% | N/A | No |
| Meijer | Not provided | 0% | Not provided | No |
| True Value | Not provided | 33% | Not provided | No |
| Wakefern / Shoprite | Not provided | 0% | Not provided | No |
| BJ's Wholesale Club | 100% upgrade | 0% | Not provided | No |
| Gap | Not provided | 100% | N/A | No |
| Subway | Adopted Softcard App (which uses the EMV global standard) | 40% | Not provided | No |
| Whole Foods Market | Not provided | 0% | Not provided | No |
| Nordstrom | 100% upgrade | 100% | N/A | No |
| J.C. Penney | Not provided | 0% | Not provided | No |
| 7-Eleven | Not provided | 0% | Not provided | No |
| Bed Bath & Beyond | Not provided | 0% | June, 2016 | No |
| SUPERVALU | 100% upgrade | 15% | Not provided | Yes |
| Aldi | Not provided | 0% | Not provided | No |
| Ace Hardware | Not provided | 0% | Not provided | No |
| Family Dollar Stores | Not provided | 0% | June, 2016 | No |
| Ross Stores | Not provided | 20% | Not provided | No |
| Starbucks | Not provided | 7% | Not provided | No |
| Victoria's Secret | Not provided | 7% | Not provided | No |
| Bath & Body Works | Not provided | 7% | Not provided | No |
| Bi-Lo | 100% upgrade | 0% | Not provided | No |
| Wendy's | Not provided | 0% | Not provided | Investigating potential incident |
| Menards | 100% upgrade | 100% | N/A | No |
| Staples | Not provided | 0% | Not provided | Yes |
| Army Air Force Exchange | 100% upgrade | 7% | April, 2016 | No |
| Burger King | Not provided | 0% | Not provided | No |
| Trader Joe's | Not provided | 100% | N/A | No |
| BeBe | Not provided | 0% | Not provided | Yes |
| Neiman Marcus | Not provided | 0% | July, 2016 | Yes |
| Michael's | Not provided | 100% | N/A | Yes |
| Dairy Queen | Not provided | 80% | Not provided | Yes |
| Jimmy John’s | Not provided | 47% | Not provided | Yes |
- Only 60% of the retailers that said they would complete equipment upgrades by the Oct. 1 deadline have finished updating all of their terminals.
Consumers
Our consumer survey included more questions, the results are listed below:
- Roughly 40% of people say they never complete purchases by inserting their card into a chip-enabled payment terminal.
- ~40% of people have received a chip card in the past six months.
Methodology
In conducting this report, WalletHub surveyed a representative sample of the general consumer population as well as a diverse selection of retailers about chip-based cards and EMV security.
To gauge the sentiment of the general population, we conducted a nationally representative online survey of 1,000 individuals between February 26 and February 27, 2016 on SurveyMonkey’s online platform. After all responses were collected, we normalized the data by age, gender and income so the panel would reflect U.S. demographics for income-earning adults. Survey results have a 3.2% margin of error.
For the retailer component, we chose to include 50 large chains as well as 5 smaller merchants, each of which has experienced a data breach in the past. We first called 15 stores from each retailer between February 16 and March 9 and asked about their chip card acceptance capabilities. In selecting the stores, we chose the three largest metropolitan areas in each region: West (Los Angeles, Phoenix, Seattle); Midwest (Chicago, Detroit, Minneapolis); Northeast (New York, Philadelphia, Boston); Southwest (Dallas, Las Vegas, Albuquerque); Southeast (Washington, DC, Miami, Atlanta) and contacted one store within 20 miles of each metro area. If no stores were located in a given metro area, the next largest was chosen.
We then attempted to confirm the information we collected with each retailer. All responses were subsequently incorporated into our findings. For retailers that chose not to respond to our requests, we used the data initially collected.
List of retailers that refused to collaborate or did not respond to multiple attempts to verify information: Costco, McDonald's, Ahold USA / Royal Ahold, TJX, Kohl's, Taco Bell, Pizza Hut, Meijer, Wakefern / Shoprite, Subway, J.C. Penney, 7-Eleven, Aldi, Ace Hardware, Ross Stores, Starbucks, Bath & Body Works, Bi-Lo, Wendy's, Menards, Staples, Burger King, Trader Joe's, BeBe, Jimmy John’s and Victoria's Secret.
