Photo (cc) by Philip Taylor PT
Many of us wiped our brows with relief when we realized we weren’t among the approximately 40 million American consumers whose credit and debit card data was recently compromised in a Target data breach.
But U.S.credit cards rely on antiquated technology that makes future occurrences a near certainty, NPR says.
That’s because the technology we use to swipe for our purchases — magnetic stripes on the backs of cards — isn’t hard for a skilled fraudster to hack.
It’s totally unprotected and it’s static, so it’s the same data that’s read every single time. It’s just about the worst security that you can put into a payment system, says Avivah Litan, a security analyst for Gartner, a firm retailers hire to assess their cybersecurity gaps.
Many question why U.S. card companies still use outdated technology and haven’t switched to the more secure chip and PIN system that’s common in the rest of the world. For one reason, upgrading would cost a lot.
But at least one security expert, Ross Anderson, a 30-year veteran of payment technology and a professor of security engineering at the University of Cambridge, says that is the wrong question to ask, reports NPR. Anderson said, “Simply blocking off one of the avenues of attacks by fraudsters isn’t enough to make fraud vanish.” They’re going to find some other way to game the system.
And, he notes, U.S. consumers do have great protection: If a fraudulent charge is made, the consumer is technically on the hook for no more than $50, although in practice it’s actually zero.
Still, these recent data breaches at Target and Neiman Marcus and other unidentified stores should make us more alert to the possibilities of fraud and identity theft.
Reuters reports that it obtained a confidential, three-page report by the FBI to retailers that details “the risks posed by ‘memory-parsing’ malware that infects point-of-sale (POS) systems, which include cash registers and credit-card swiping machines found in store checkout aisles.” The FBI report says:
We believe POS malware crime will continue to grow over the near term, despite law enforcement and security firms’ actions to mitigate it. The accessibility of the malware on underground forums, the affordability of the software and the huge potential profits to be made from retail POS systems in the United States make this type of financially motivated cyber crime attractive to a wide range of actors.
So have fun shopping, but consider paying cash.