The NRF fights against requirements for small businesses to install equipment to accept chip embedded cards.
The National Retail Federation told Congress that, without a PIN, new chip-and-signature credit cards do not offer greater security against data breaches, and that small businesses should not be required to install the equipment to accept them. More effective technology is on the horizon, and the installation of this technology is an unnecessary expense.
“The new EMV equipment does not stop breaches,” NRF senior vice president for government relations, David French, said. “Indeed, in many cases it provides no significant benefits either to the business or to the business’ regular customers. It is merely an additional expense small businesses are being told to bear.”
If small businesses are pushed to adopt Europay MasterCard Visa (EMV) technology, alternatives such as near-field communication contactless payment, mobile wallets and other smartphone-based technology “may effectively be locked out of the market,” French said.
“These are important considerations that businesses of all sizes must carefully ponder,” French said. “It would be inappropriate to prejudge their decision-making and stampede businesses into the adoption of solutions less protective for businesses and consumers than what has existed throughout the industrialized world for more than a generation.”
Cards currently being issued by U.S. banks feature a computer microchip that will eventually replace cards’ easily copied magnetic stripe to store data. But French said the cards also need a secure personal identification number, or PIN, which would eventually replace easily forged signatures, as is done in all other countries that use EMV cards. While the chips make the cards more difficult to counterfeit, they do nothing to protect lost or stolen cards, while a PIN alone could prevent both types of fraud, he said.
While the new cards make it somewhat more difficult for criminals to use stolen card numbers, they do not actually prevent numbers from being stolen in the first place, and stolen numbers can still be used for online and other types of fraud.
French’s comments came in a statement submitted to the House Small Business Committee, which is holding a hearing today on what chip-based cards will mean for small businesses. Today’s hearing is scheduled to feature witnesses from the card industry, but another session with small businesses and retailers is expected to be held later this month. The hearing follows last week’s deadline for merchants to install chip-card readers or face increased fraud liability if a chip card is used in a non-chip reader.
French said credit and debit card fees are the second-largest expense for many small businesses after labor, and that the card industry imposes “a multitude of complex rules on small businesses.” Chip-card readers and installation can vary from “a few hundred dollars to thousands of dollars” per terminal, he said, with an industry average of $2,000.