Why U.S. Credit Cards Are So Easy to Hack: We're Using 1970s Technology
NEW YORK (MainStreet) The hacking of 40 million Target customer credit and debit cards once again reveals the shocking reality of just how vulnerable the American payment processing system is. Part of the reason? We're still using 1970s era credit card technology.
Consumer Reports says the U.S. is one of the few remaining nations -- along with some non-industrialized countries in Africa -- using outdated mag strip technology. That means your valuable personal data is being held unencrypted -- on that ubiquitous magnetic strip on the back of the credit or debit card. Skimming the data from your card is just that much easier.
Overseas consumers are using what are called Europay MasterCard Visa (EMV) "smart cards." These credit and debit cards contain an embedded computer chip with encrypted data, and multiple layers of security are built in. They work. Just in the first year after the EMV cards were introduced in France back in 1992, losses due to fraud dropped 50% and counterfeiting of credit cards dropped by 78%.
Why isn't this technology employed by U.S. credit card issuers? It appears the losses incurred for fraud aren't quite high enough yet to justify a universal system conversion. Maybe the Target breach will solve that problem.
However, because of the massive nature of the Target hack, it is unlikely to be due to skimming. That would likely require placing devices on registers in nearly 1,800 stores across the nation, perhaps totaling as many as 50,000 skimmers.
Instead, tech-savvy observers believe the hack was more likely perpetrated by compromising back-end application servers that actually process the credit card transactions. In that case, it is quite likely that no amount of user-based credit card security could have prevented it.
Regardless, the Secret Service says skimming has become the single biggest threat to the U.S. credit card industry. And more than 70% of credit card skimming is reported to take place in restaurants, according to Transunion, the credit reporting agency.
So once you finish shopping at Target, you may be at risk for another identity hack once you grab a bite to eat.
--Written by Hal M. Bundrick for MainStreet