Apparently, they're not losing sleep, either. A majority said they have little concern for the risk associated with missing the liability-shift deadline; 58% said they think it will have limited or no impact on their bottom lines.

"Given that the liability shift is only a few months away and it's unlikely to be delayed, it's surprising that so many organizations are either waiting until the last minute to act or are willing to incur the associated risks from missing the deadline," the study said. "For those organizations that still think they can make the October deadline, the longer they wait, the more they are going to nd that deployment expertise and the new card readers will be in short supply. Additionally, those willing to incur the risks should be aware that thieves will be looking for the weakest link — and if they turn out to be that link, the price for ignoring the deadline could be steep."

The EMV shift could be especially grim for small businesses.

On Thursday, Wells Fargo/Gallup released a survey of 600 owners; it found that 68% haven't even heard of the liability shift. Only 29% said they planned to upgrade their card-processing systems to EMV before October.

A higher proportion — 37% — either don't know if they'll ever upgrade or have already decided they're not doing it, the study said.

Of those refusing to upgrade, about half said it's because they don't want to pay for an EMV terminal, 41% said they're not concerned about the liability shift and 36% said they think the liability shift is unfair, according to the study.

Hardly anybody has an EMV card at this point anyway, according to another poll released Thursday. That one, conducted by Associated Press-GfK, surveyed more than 1,000 adults and found that only 13% have even received a chip-enabled card. Of those, only 35% have actually used them in EMV terminals — likely because they can't find any.

None of that may matter in the long run, however, because few IT managers believe the EMV cards many issuers are mailing out provide decent security in the first place, according to Randstad. In that survey, a full 66% of IT decision-makers, including C-suite executives, said requiring a signature instead of a PIN to complete transactions doesn't offer sufficient security.

For many, the question may boil down to whether fraud losses outweigh card income.

"Issuing banks are, by and large, opting for chip and signature, and one of their stated reasons is that requiring consumers to remember a PIN might make them less likely to use their card or to complete a transaction if they forget their PIN. Retailers, on the other hand, appear to realize that chip and signature is not much of an advance over the current mag stripe and that requiring a PIN is the key to a more secure transaction," the study warned.