[Nursie]

I think here in the UK there was a multi-year phase in. Started with the banks own ATMs, then the machines that smaller businesses loan from banks to take payments, then (when there were enough commercial offerings available) there was a sort of forced date for merchants to make the switch (or take more liability, that was the choice).

I think it took at least 5 years.

So yeah, non-trivial. And if (as it sounds like) the banks in the US have managed to offload most of their fraud problems to everyone else involved in the transaction, then there's probably little incentive.

[eterm]

According to Wikipedia, in the UK it took less than 2 years to go from initial trial in 2003 to liability shift in 2005.

"Chip and PIN was trialled in Northampton, England from May 2003, and as a result was rolled out nationwide in the United Kingdom in 2004 with advertisements in the press and national television touting the "Safety in Numbers" slogan. During the first stages of deployment, if a fraudulent magnetic swipe card transaction was deemed to have occurred, the retailer was refunded by the issuing bank, as was the case prior to the introduction of Chip and PIN. On January 1, 2005, the liability for such transactions was shifted to the retailer;"

Also note this bbc article[1] suggesting a Feb 2006 deadline for not accepting signatures from cards that were chip and pin enabled.

[1] http://news.bbc.co.uk/1/hi/business/4692566.stm

[Nursie]

EMV cards had been distributed to customers since the late 90s.

I would guess the banks had been rolling out EMV capable ATMs well before 2003. Retail level EMV may have taken two years from trial to liability swith. Infrastructure changes would have pre-dated that by years.

I know EMV cards had been distributed to customers since the late 90s because I used to use mine for testing while I developed the software I wrote that ran several of the retailer systems in that Northampton trial :)