In addition to extending the deadline, the credit card brands also worked with the industry to reduce the total number of required certifications from 3,000 to around 300.
"Visa and MasterCard have acted responsibly with this move, based on the quagmire of complexity in the retail fuel market," said Allen Friedman, vice president of payment solutions at Neuilly-sur-Seine, France-based Ingenico, the world's largest maker of card-payment terminals.
He recommended that convenience stores and gas stations that have begun planning their EMV implementation should continue their efforts, and those haven't started yet should do so as soon as possible.
"While bumpy, the transition to EMV generally makes card payments more secure," said Ben Woolsey, president and general manager at Austin-based CreditCardForum. "It makes it more difficult for thieves to use hacked transaction data -- due to how the EMV chip scrambles data -- makes traditional card-skimmers useless -- because they can’t read chips -- and makes it more difficult to create usable counterfeit cards."
Postponing the conversion is a setback for security, said Chris Pinion, manager of fraud solutions at Alpharetta, GA-based LexisNexis Risk Solutions, who said that he was disappointed -- but not surprised -- by the news of the delay.
"Conversion to EMV also frequently includes other security enhancements, including encryption and tokenization, which will also be delayed," he said. "From a fraud perspective, pumps will remain a leading source of fraud and a location of choice for card testing."
The delay is nearly as long as the original timeline, he added. "Which is concerning. From a security perspective, mag-stripes will continue to be a weak link, and the delay will allow hackers continued access to unsecured data."
Since gas station fuel pumps are publicly accessible, they are particularly vulnerable to credit card skimming devices, said Jerry Irvine, CIO at Chicago-based Prescient Solutions.
This gives thieves an opportunity to collect credit cards numbers that they can use elsewhere.
"The industry may want to consider additional fines and penalties for those organizations failing to transition to the EMV technology," he said. "Until this occurs the public will continue to be at risk."
Sign up for Computerworld eNewsletters.