Without certification, chip card readers cannot be turned on, which means that those retailers would incur fraud liability, Duncan said.
The backlog in certifications runs into months, possibly six months or more, according to Avivah Litan, a Gartner analyst, who attended a conference Monday where IT managers for the food service industry were expressing concerns about the delays.
EMVCo is an alliance of MasterCard, Visa and Europay, the originators of chip cards that have been widely deployed around the world. Visa and MasterCard could not be reached for comment at deadline.
The NRF has posted its concerns about the chip card transition on its website, including in an article called "Worth the Expense?"
In recent months, credit card officials have defended the use of the chip and signature approach on the grounds that it is designed to protect primarily against counterfeit fraud, where a hacker breaks into a merchant’s payment system and steals card data which is used to create fraudulent cards.
The use of a PIN, card officials have said, would only address fraud when a person loses or has a card stolen, which is not a large category of fraud in the U.S. Retailers would not be liable for that kind of fraud after Oct. 1. Today, only half of U.S. stores accept PINs, even with debit cards. Banks and credit card officials decided they didn’t want to force those stores to require PINs for credit cards and also force the stores to assume liabilty for lost or stolen cards.
Sign up for Computerworld eNewsletters.