U.S. Credit Card Security Outdated
Target has begun 2014 with a very bad hangover. As has been widely reported, as many as 40 million of the large retailer’s customers had financial and personal information stolen during the height of the holiday shopping season. The repercussions for Target have already been severe and seem only to get worse by the day. Besides seeing its all-important holiday shopping traffic decline, several states’ attorneys general are investigating Target and a number of class-action lawsuits have been filed against the company.
A recent story in The Los Angeles Times points out that backward technology long ago abandoned by much of the rest of the world may be more to blame for the data breach than anything Target did or didn’t do. The story by reporter Chris O’Brien says that while it’s still the norm for U.S. credit card holders to have plastic with a magnetic strip that holds their account information, most other countries have opted for so-called smart cards.
These smart cards earn that name, O’Brien writes, because they utilize embedded microchips to hold customer information rather than the magnetic strips that are found on 99 percent of all of the credit cards issued in the US. “The additional encryption on so-called smart cards has made the kind of brazen data thefts suffered by Target almost impossible to pull off in most other countries,” writes O’Brien.
Because around 80 countries have already embraced smart card technology, the more vulnerable U.S. has become the favorite target of identity thieves. Given that smart cards provide such superior security, the question is why the U.S. hasn’t embraced their use. According to O’Brien’s story, there has been no political pressure to force businesses and financial institutions to make the switch. Importantly, an upgrade to smart cards would be expensive.
Nevertheless, it does appear that the U.S. will soon become home to a lot more smart cards. According to O’Brien’s article, many credit card issuers have launched efforts to make the switch by October of 2015. To do that, credit card companies will change the rules about who is responsible whenever there are fraudulent purchases as a result of security breaches. “Under the new rules, the entity in the payment chain – merchant, credit card, banks – deemed to have the weakest security will be liable,” writes O’Brien. “Credit card companies can’t make anyone adopt the technology, but they’re giving them a hard nudge.”