Judge Allows Small Businesses To Sue Credit Card Giants For Forcing Them To Adopt Chip Readers

An anonymous reader quotes a report from Computerworld: A federal judge has ruled it is plausible that four national credit-card companies improperly conspired "in lockstep" to set a deadline of Oct. 1, 2015 for requiring retailers to upgrade their technology to accept embedded chip cards for credit and debit card purchases. In an order issued Friday (Case number C 16-01150 WHA), U.S. District Court Judge William Alsup agreed with two small Florida businesses -- B and R Supermarket and Grove Liquors -- which brought the lawsuit in March. Alsup's ruling also allows the antitrust case against Visa, Mastercard, American Express and Discover Financial Services to move forward in federal court for the Northern District of California. The two retailers are seeking to create a class-action case involving millions of small retailers who have been required under the Oct. 1, 2015 deadline to assume liability for fraudulent card charges if they haven't upgraded to the more-secure chip card technology instead of magnetic-stripe cards. The retailers believe there was industry conspiracy over creation of the deadline that violates fair trade practices. In the same ruling, the judge allowed two other retailers -- Los Angeles-based gourmet food chain Monsieur Marcel and New York-based grocery story chain Fine Fare -- to intervene in the case. Lawyers for the retailers have said a class-action lawsuit could include 8 million U.S. small businesses. They would seek repayment of the cost of upgrading to chip card readers and related software, estimated at $6 billion. However, the National Retail Federation has recently estimated the total cost of the conversion in the U.S. at up to $35 billion.

Re:Down the rabbit hole

[EvilSS]

Just upgrade your damn terminal already.

Many of them did. The problem is that the new terminals then need to be certified by each card company before they can be turned on, for each business (not just a hardware certification for the mfg, each deployment requires certification). The card companies have been dragging their feet getting them certified, particularly for small to mid sized businesses. However they did not extend the deadline for those companies that installed the terminals but can't yet use them. So these businesses did what they were supposed to do but they are in a bind now with liability shifted to them but they are unable to even accept chip cards because they can't get the big 4 to certify their installations.

This happened to my local grocery chain. They have the new readers, had them well before the deadline, but they can't use them, even now almost a year after the deadline passed, because they are still in the queue for certification.

Re:Down the rabbit hole

[taustin]

It isn't being forced on them. They have the alternative of not accepting CC transactions, which is something many businesses do.

They also have the choice continuing to use the old equipment, but they then accept responsibility for fraudulent transactions that could have been prevented by using chip cards. Hell, as far as I know, they still have the option of imprinting paper slips and depositing them at the bank like checks, but the costs all end up on the merchant, as they should.

At some point we need to have progress, and magstripes need to die. Many technical standards have deadlines where old features stop being supported.

Mag stripes will be around for at least a decade, and probably two or three. But they'll be slowly phased out over the next few years for most people most of the time.

The merchants have had plenty of time to upgrade,

Sort of, but not really. Unless you're Walmart or Home Depot, you don't write your own processing software, you rely on your point of sale vendor, and very few point of sale vendors were ready by October of last year. Many small businesses simply did not have the option to start doing EMV by the deadline.

and plenty of warning that the end was coming. Most merchants support the change, since it is the merchants that pay the biggest price for fraud. That is why the plaintiffs are having problems organizing a class action. It is only a few whiners that are complaining.

Liability issues aside, any merchant complaining about EMV (with point of point encryption) is an idiot. EMV isn't about protecting consumers from fraud against their card (hence the chip & signature instead of chip & PIN), it's about protecting banks and merchant services from idiotic merchants who can't keep their network secure. Implement EMV with P2P encryption, and the merchant never sees the card in at all, and if someone breaks into their network, there's nothing to steal. Makes PCI compliance easier, and pretty much eliminates the chance of the merchant having to pay six figures to investigate a breach.