I quote from the Boston Globe:
"In one of the first interviews by a top TJX executive following a record security breach, vice chairman Donald G. Campbell told the Globe that the US payment system should follow countries in Europe and Asia that have rolled out credit and debit cards embedded
with computer chips. If the cards were in use worldwide, he said, the technology would have ruined a scheme in which thieves stole as many as 100 million account numbers from TJX since 2005, by making the numbers harder to reuse."
"Such an upgrade would likely cost billions to introduce in the United States, industry specialists estimate, including around $2 for each new credit card and up to $500 for each of merchants' 12 million card readers. TJX alone could spend as much as $20
million, Campbell estimated."
Yes, it could have prevented the TJX breach and many others. And yes, it is expensive. Needlessly expensive.
There are two main causes for the EMV technology as currently deployed being needlessly expensive: The capability of off-line operations, and the indiscriminate use of PINs.
Off-line operations are no longer common nor needed, what with cheap and universal communications, by means of Internet, GSM, wireless etc.
Using PINs for low value transactions is a waste of time and money. There is no need to use PINs or less than 100 dollars. Actually, using PINs for low value transactions has negative implications for security.
If we implement EMV but without these features, on-line only cards and card readers without PIN capability for low value transactions, the cost of the cards and of the readers will fall dramatically without adversely affecting security.