Though they could be financially liable in the event of a data breach, many big retailers with large Connecticut presences have yet to convert the debit and credit card readers at their registers, according to a new survey by CardHub.
The consumer financial website, which offers credit card products, released the survey nearly six months past an Oct. 1, 2015, deadline imposed by major credit card processors Visa and Mastercard.
Of 55 chains surveyed by CardHub, only 16, or 29 percent, reported being 100 percent compliant with the EMV adoption rule. They included WalMart, Target, The Home Depot, Walgreens, CVS Caremark, Best Buy, Macy’s and others.
Those who didn’t respond or refused to verify information, according to CardHub, included Stop & Shop parent Ahold, T.J. Maxx parent TJX, Taco Bell, Subway, 7-Eleven, Aldi, Starbucks, McDonald’s, Wendy’s, Burger King and others.
Visa and Mastercard have sought to spur bank and retailer adoption of so-called “chip-and-pin” or “EMV” cards and card readers by shifting liability in the event of a hack that leads to theft.
Prior to October 2015, banks and financial institutions who issue cards were typically on the hook for reimbursing customers whose cards had been hacked.
But the “liability shift” as of Oct. 1 means that reimbursement duties fall on whichever entity that hasn’t upgraded its technology — the retailer or the financial institution.
There is no federal law spurring the shift, and retailers this month filed an antitrust lawsuit in federal court in California, alleging that payment processors conspired to shift liability for fraudulent payments to retailers.
