As the fallout continues from the massive data breach affecting millions of Target customers nationwide, consumer advocates and cybersecurity experts point out that the Black Friday incident is only part of a larger problem: outdated card security features that make US-issued credit cards especially attractive to hackers around the world.
Details about Target’s data theft incident are still forthcoming, and no suspects have been identified. But what is known is that credit card information from about 40 million users was stolen from the massive retailer’s databases on Black Friday,
that high volume shopping day that kicks off the holiday season. The theft apparently occurred at point of sale terminals where credit cards are swiped, and the unencrypted data was hijacked en route to Target’s databases.
As banks and other card issuers scramble to protect the accounts of customers involved in the incident, consumer advocates and watchdogs from the Consumer Financial Protection Bureau and other agencies say that the Target incident points up the fact that no one’s debit and credit cards are really safe – and that the US is increasingly becoming the target of data thieves worldwide.
The reason? Most cards issued in the US that carry any information come with a magnetic strip that, when swiped, transfers the data to another entity such as a retailer during a sale. The strips are used for other information transfer purposes too; they’re on drivers’ licenses, membership cards and store discount cards, and a variety of specialized identification cards as well.
But that magnetic strip makes it easy to capture data from unencrypted readers. And once captured, that information can be used to hijack accounts, generate fake credit and identification cards, and steal users’ identities completely.
That’s less likely in other countries, say digital security experts. That’s because cards generated many areas of the world store data on embedded microchips rather than the cheaper magnetic strips. That creates a “smart card” that offers levels of encryption not possible with magnetic strip cards – and that means greater protection against data theft at point of transaction terminals.
Although there are some exceptions, the massive US credit and debit card industry doesn’t generally employ this kind of technology. Card issuers claim it’s more costly and requires a revamping of card readers to accommodate the change in card structure. Advocates of embedded chips point to the massive expenditures involved in dealing with the aftermath of thefts such as Target’s – but those costs are largely borne by consumers themselves.
Magnetic strips probably won’t be going anywhere soon. For American cardholders, that means extra vigilance and a proactive stance about keeping accounts protected – all a part of staying educated and in control of investments and financial affairs, as Jason Hartman recommends. (Top image:Flickr/TheConsumerist)
The American Monetary Association is the source for financial and monetary policy news you can use. Read more from our archives: