Why is credit card data so easy to steal?
Because the technology designed to keep consumers’ confidential information secure was developed at the same time the Beatles arrived in America, says Matthew Shay, CEO of the National Retail Federation.
“We’re using essentially an 8-track tape from the 1960s,” Shay said in an interview on CNBC in January.
He’s referring to the magnetic strip on the majority of the 1.2 billion credit and debit cards in this country. The United States is the only major market that still uses that technology. Most regions have retired the magnetic strip in favor of more secure cards that have embedded computer chips and require PIN numbers.
Because this “chip-and-PIN” technology has become the norm in places like Europe, credit card transactions in the United States are the low-hanging fruit and more vulnerable to hackers. Since 2004, bank card fraud rates have increase 70 percent in this country, according to a 2013 report by Accenture.
“It’s time to move to a computerized magnetic chip embedded in cards and PIN readers, something that at least is in the 21st century,” Shay said.
The series of high-profile data breaches in the past year – including Target, which exposed 40 million credit cards to fraud, Neiman Marcus and now Home Depot – have increased the sense of urgency among consumers, retailers, banks and credit card companies to switch to the more secure chip-and-PIN technology.
“I think before Target there was some resistance in the retail industry (to invest in making the switch), and there may be some still, but with every passing data breach they have, they see there’s more and more at stake,” said Yellow Light Breen, executive vice president at Bangor Savings Bank, Maine’s largest locally owned bank. “The numbers are enormous.”
Bangor Savings Bank, which has roughly 100,000 debit cards in circulation, hasn’t seen any fraudulent activity as a result of the Home Depot breach, Breen said. However, the bank is in the process of reissuing more than 1,000 cards because of another probable, yet unannounced, security breach the bank’s fraud-detection system has identified at another national retailer.
“Clearly debit and credit card fraud is a massive challenge,” Breen said. “It seems to be just a fact of life. … By and large these are extremely sophisticated international criminal rings using really sophisticated methods to hack into the payment processing or software systems of large retailers.”
In March, Visa’s president, Ryan McInerney, said that the recent high-profile breaches had “served as a catalyst for much-needed collaboration between the retail and financial services industry on the issue of payment security.”
Credit card companies like Visa, MasterCard, American Express and Discover are pushing retailers to invest in new point-of-sale systems that will be able to accept chip-and-PIN cards by October 2015. In an effort to force adoption, the companies have announced that a “liability shift” will take place on that date, meaning that merchants unable to accept chip-and-PIN credit cards will be liable for any losses due to fraud. In the past, it’s usually the card-issuing bank that has eaten most of the fraud-related losses.
Bangor Savings Bank is working with its financial partners to issue debit cards with the chip-and-PIN technology, and will be able to meet the October 2015 deadline, Breen said.
Send questions/comments to the editors.
Comments are no longer available on this story