The White House appears to be sick of it, too.
On October 17, President Obama issued an Executive Order designed to combat this menace. The problem has gotten so in the recent years that neither the financial industry nor law enforcement can turn the blind eye anymore.
Data breach here, data breach there. Dairy Queen and Neiman Markus, Target and Office Depot, JP Morgan and venerable Goodwill–all of them have at one point or another, fallen victim to data theft.
Doesn’t it feel like we are under siege? As if every crook from all over the world has moved here to the Good Ol’ USA to ply their trade?
Well, if it feels like it, that’s because they have. Our land of the brave, but tremendously vulnerable magnetic stripe credit cards has proved to be an irresistible lure for credit card fraudsters frustrated by increasing difficulties in working their in Europe and the rest of the world, too.
To be exact, they don’t have to move anywhere. The words “data breach” sound almost like -hand combat, but it is anything but. Thieves can target any entity in the world from anywhere in the world, and when they do need to get down and dirty and personal, it’s not that difficult to find willing and able partners.
Or it’s just one easy flight to the US. And not only easy, but often on a fraudulent ticket, since what self-respecting crook would pay for goods and services with their hard-earned cash? And yes, I do realize the irony as I and my fellow hobbyists rarely pay cash for air-travel, too, LOL.
Anyway, it seems the new EMV chip-and-pin cards are the answer to our prayers. And it seems that everyone is on board with it finally, but…
There is only one problem. EMV cards can’t prevent computer database breaches (but keep reading and you’ll see why it’s still going to make things better), or internet and phone fraudulent transactions called CNP (Card Not Present), according to Javelin Strategy and Research:
type that is not covered from an EMV security standpoint is card-not-present (CNP) transactions. Statistics from the U.K. other EMV-enabled countries prove that fraudsters go the route of least resistance – that being CNP Internet transactions and mail or telephone orders.
EMV cards work so well because the chip (that square metallic thingy you can see your credit card) does not hold any permanent information. The magnetic stripe, on the other hand, contains all the data that the criminal needs to cash your plastic.
Copying that magnetic stripe is so astonishingly easy that anyone can do that. When people think about credit card fraudsters they usually picture sophisticated computer geniuses who spend 24 hours a day writing malicious codes. Nothing can be further from the truth. Nowadays, all it takes is ordering a credit card scanner off the internet or buying (quite cheaply) a piece of phishing software, and voila! They’re in business.
This is why the chip is so good. Unlike magnetic stripes, copying the chip data is pointless, as you can’t replicate that code at another merchant. The transaction code it generates, changes every time you make a purchase.
Many US credit cards have a chip, nowadays, but their modus operandi is chip-and-signature. The experience of European countries and Canada has proved, however, that, according to Javelin Strategy and Research, “signature was not an effective cardholder verification method”. Think about it. If a thief has stolen your physical card, they can still sign away and complete the purchase.
What reduced credit card frauds in Europe in Canada by 75% was the combination of chip and PIN!
And this is what the White House wants everyone to be doing. Apparently, the President cannot make the credit card industry to adapt the new standards (although that’s exactly what happened in a few European countries where the banking industry was not too cooperating), but he can and has sent a clear signal by giving the new marching orders to his own government.
Part 1 directs the Treasury to “secure government payments” by employing “enhanced security features, including chip-and-PIN technology”.
Payment processing terminals are to be installed by January 1, 2015, at which time “the Department of the Treasury shall develop a plan for agencies to install enabling software that supports enhanced security features”.
January 1 is less than two months away. A cynic in me has to say “good luck”, but we’ll see. If I was a betting man, however, I would bet this deadline will be extended, and perhaps more than once.
Part 2 will improve “identity theft remediation” and mandates to “reduce the burden on consumers who have been victims of identity theft, including by substantially reducing the amount of time necessary for a consumer to typical incidents”.
I love this part. A lot! As of right now, the victims of identity theft are often left to their own devices. I will never forget how a cop once suggested I should change my Social Security number after I though I might’ve become a victim of identity theft. Social Security Number??? I never asked him if he was insane, but only because I had been taught to be careful around armed people.
Part 3 mandates “securing federal transactions online” and it gives 90 days to several government organizations to come up with a plan.
Well, that is, of course, totally unrealistic, but it’s a step in the right direction, at least.
Part 4 describes “general provisions”. !
Again, the full text is here.
So why new EMV cards are going to reduce data breaches?
Because while this technology does nothing to combat the breaches themselves, it makes it much harder to use the stolen data. Stealing credit card information at the POS (that stands for Point of Sale and not for what thought) won’t do a thief any good, as the chip contains only the code that was used during the last transaction.
Does it mean that credit card frauds are the thing of ?
Of course, not! Remember that in Europe and Canada, credit card fraud was considerably reduced but not eliminated. Which means that bright criminal minds must be working on the solution feverishly, as we speak. However, criminals are always about low-hanging fruit, so when you are taking easy money out of the equation, the odds become a little more favorable to the good guys.
What do you think? Yes, no, or maybe?
Want to know more about free travel hacks? Sign up my newsletter (top left). I send them sparingly, and only when I really have something to say. In addition, there are things in my newsletters, sometimes, that I do not discuss in my blog.
Secret FB Group: Reminder
Those of you guys, who want to join my secret FB group, please don’t forget that you need two things. First to friend me on FB, and second to send me an email. It’s not enough to do one or another. I have other people who friend me on FB, who have nothing to do with the hobby.