The British have it. The Canadians have it. Even the Chinese have the technology that could have thwarted the recent epic security breach that allowed criminals to steal credit card data from 40 million Target customers.
Smartcard technology - cards embedded with chips authenticated with PIN numbers at the point of sale – are widespread in the rest of the world but not in the United States. So far American merchants have resisted switching to chip & pin technology from the vulnerable and decades-old magnetic stripe technology.
European countries pushed for the technology in the early 2000s but experts say there has been a decided lack of will from both government and merchants here.
“The roll out has been very slow in North America particularly in the United States largely because it’s a big expense to buy a new machine,” said Chester Wisniewski, senior security advisor with the digital security firm Sophos.
“There’s been a lot of resistance to replacing tens of millions of these credit card machines that are so ubiquitous in our lives.”
Changing over to chip and pin cards would cost about $200 per terminal for each checkout lane, according to the Lowcards.com, a consumer resource website.
Why are they more secure? With chip and pin technology a little cryptographic chip is embedded on the surface of your credit card. Instead of getting the 16-digit number on the front of your card and the expiration date, all the store gets is a cryptographic transaction I.D. number that’s sent off to the bank to authorize the transaction.
“If a criminal intercepts the (point of sale) data, like they did at Target, all they get is the transaction data not the actual credit card number and can’t be used for fraud,” Wisniewski said.
In recent reports, the Target has confirmed that thieves stole the data by installing malware on the point-of-sale readers in check-out lanes. Subsequent reports from Reuters suggest that thieves used memory-scraping software to capture data from magnetic strip cards immediately after they were swiped then parsed the data from memory to leave no trace of the incident.
Since the breach, clones of credit and debit cards from Target customers have been flooding the underground black markets with thieves selling collections of one million cards for between $20 to $100 million, according to KrebsOnSecurity, the security news website that broke the story of the Target breach on December 18.
With this very visible rise in large-scale fraud at Target and Nordstrom experts are saying that the time may finally be ripe for change.
“These types of incidences are starting to turn the tide and big merchants like target and WalMart mostly have bought these new terminals that will read these chips,” Wisniewski said.
The credit card industry lead by Mastercard and Visa have been pushing for change in the U.S. for several years.
Mastercard even issued a roadmap to merchants on how to begin the switch in 2012.
Many of the large banks and credit card companies have set 2015 as the deadline for the changeover.
In October 2015 a “liability shift” which will begin for Mastercard, then in 2016 for Visa. Instead of the bank being liable for a fraudulent purchase, credit card issuers will shift the liability onto the merchant s that haven’t switched over to card and pin technology.
How this will affect consumers still remains to be seen. Consumer advocates worry that card companies could reduce consumer protections, arguing that customers must have authorized purchases made with a secret PIN number.
Enjoy this article? Receive e-mail alerts when my new articles come out. Just click on the "Subscribe" button above.
I'm also the National Lifestyle Examiner and Cultural Trends Examiner. Check out my latest articles at: