Way back in 2012, MasterCard and Visa agreed that by October 1, 2015, every retailer in the United States would have to have new terminals that would accept chip-and-PIN cards, like those that were found in most of Europe, as well as in Australia, Brazil, and a variety of other countries. Those countries ditched magnetic stripe cards, like the ones the US uses primarily today, more than a decade ago to mitigate credit card fraud.

October 1, 2015 is now upon us, and the changeover to chip cards in the US is patchwork at best. Over the last ten years, comparatively lower levels of credit card fraud in this country dampened any momentum that an upgrade had—if banks weren’t losing money hand over fist, it was easier not to have to reeducate customers on how to use a credit card.

Even on the due date for the upgrade to the so-called EMV standard (named for EuroPay, MasterCard, and Visa, the card networks that developed the standard over a decade ago), that logic remains. It has been estimated that only 40 percent of cardholders in the US have EMV-compliant credit cards.

Similar numbers apply to merchants. The Strawhecker Group, a management consulting company, surveyed large payment-service providers that collectively work with more than a quarter of the merchants in the US. It found in early September that only 27 percent of those merchants had a plan in place to allow them to process EMV-based transactions as of today. A similar survey from Randstad Technologies recently found that 58 percent of merchants are “on their way” to be able to accept EMV-based transactions, but the other 42 percent either had no plans to make the deadline or weren’t even aware that they have to get new terminals to accept new chip cards.

That’s a problem because the way card networks and issuers are enforcing this upgrade is through a nationwide liability shift. According to the terms of the EMV shift, if a merchant isn’t equipped with the latest terminal technology, the merchant is now responsible for any costs associated with card fraud that takes place at their terminals. Usually, making good on card fraud is the purview of the card issuer, so nearly half of US merchants are in for a big surprise if any fraud happens and they’re suddenly left with the bill.

For the consumer, it doesn’t matter too much in the immediate sense if the bank hasn’t issued them a new credit card with a chip on it. If the credit card number is stolen and used for fraud, liability for that fraud will still ideally be taken care of by some party in the card payment ecosystem. Bank didn’t issue you a chip card on time? The bank will (again, ideally) assume liability for fraud. Got a chip card but the retailer you shopped at didn’t have new terminals? The merchant is on the hook.

In some cases, merchants have tried to purchase the right terminals from Point-of-Sale (POS) providers and have been turned down due to the provider’s inability to meet the October 1 deadline for new hardware. Occasionally, those POS providers will offer to cover any liability the merchant incurs until the correct terminals are delivered. For example, Square recently told its customers that if they ordered one of the company's newest EMV-compliant terminals, the company would cover any liability the merchant incurred until the new terminals were delivered. According to Forbes, the POS vendor ShopKeep has offered a similar deal, covering its merchants’ liability until it can push out new terminals.

A time of transition

On top of this, the US credit card industry isn't fully upgrading to the most secure version of EMV. Although new credit cards will have a chip that generates a new code every time the card is used at a terminal, guarding those cards from fraudsters who collect credit card numbers wholesale and reuse them on counterfeit credit cards, card users are also encouraged to set up a PIN and input that number after every transaction.

But issuers like J.P. Morgan Chase and Discover will still allow customers to use a signature to authenticate transactions, and signatures can be forged more easily than PINs. "US bank executives said they are choosing the signature version so customers won’t be burdened at the checkout line to remember a new four-digit code," the Wall Street Journal reported in January. Julie Conroy, research director for retail banking at Aite Group, told CreditCards.com that "It will probably take two to three years to fully convert to chip-and-PIN."



Although it seems laughably stupid to try to protect US credit card users from having to remember four digits (we do it already on debit cards, anyway), big retailers, bankers, POS developers, and everyone in between put lots of effort into making payments as frictionless as possible for shoppers. When you're checking out at the grocery store and you remember you really wanted a drink right as the receipt is being printed, do you reach over and grab the drink out of the mini fridge and ask the cashier to do a second transaction before you head out? Your answer may depend on how quickly you think the process will take.

Chip cards will already add friction to the checkout experience. Instead of swiping as the cashier is ringing your purchase up, you'll have to wait for the cashier, dip your card into the reader, and wait for the card to generate the unique number for the transaction. Although the process is hardly arduous, that extra few seconds customers spend fumbling with the terminal could mean lost sales.

That's why Ars has argued that it's now or never for mobile payment systems like Apple Pay, Android Pay, and Samsung Pay to gain a following. Historically, using your phone to pay at checkout was a novetly at best, but certainly not easier than swiping a magnetic stripe card. But now at new terminals, sending payment information via a Near-Field Communication (NFC) chip could be seen as faster and easier than using a physical card.

That is, as long as the merchant has actually made the transition away from magnetic stripe cards.