Millions of people have been affected by the massive data breach that occurred at Target and other merchants. And if future security breaches are not prevented, the problem will get worse.
The primary reason for the security breach lies in the credit card technology used in this country. The U.S. is far behind the rest of the world in this regard, employing 20th century technology against 21st century hackers.
Credit and debit cards rely on easy-to-copy magnetic strips on the back of each card. The strip contains the cardholder’s name, account number, card expiration date, and a code. When a card is swiped at a store, communication begins between the financial institutions of the cardholder and the store.
During this brief interval, as information flows through a communications network, an opportunity exists for hackers to capture it. Stolen data can be turned into phony cards and sold to others.
Within recent years, people in countries outside the United States carry cards that have their personal information in an embedded microchip rather than a magnetic strip. The chip-based technology is called Europay – Mastercard and Visa (EMV).
With EMV, the type of security breach that recently occurred in this nation is virtually impossible. The chips are hard to clone, reducing the likelihood of fraud. And hacking into this type of system and creating a counterfeit card using similar technology is too complicated.
American card companies have been slow to adopt EMV technology. Estimates are that only 10 to 15 million cards – less than 1 percent of the total in circulation –have this type of technology.
The primary reason for the lack of EMV cards is cost. Credit card companies, financial institutions, and merchants are reluctant to spend the funds necessary to convert to the chip system. About 1.5 billion cards are being used by Americans.
According to industry sources, card companies plan to replace the magnetic strips with digital chips by October 2015. Once this occurs, they plan to change the rules regarding liability for fraudulent purchases caused by security breaches. The entity in the payment system – credit card company, bank, merchant — deemed to have the weakest security will be liable.
It would seem to be advantageous to adopt the chip technology as soon as possible.
Curtis, Ph.D., is a former superintendent of Alabama banks and Troy University business school dean. He is retired from the board of directors of First United Security Bank. Email him at wccurtis39@gmail.com.
