We Need Safer Credit Cards

Card issuers have failed to use existing technology to thwart theft.

April 22, 2015

WASHINGTON – With multiple data security hearings taking place on Capitol Hill over the past few weeks, culminating in this week’s designation as “Cyber Week” and the impending introduction of Congress’ much-awaited cybersecurity legislation, data security is clearly a top priority issue for policymakers – and for good reason.

While the legislation in question is likely to address a broad range of high-profile threats, it may not fix one of the biggest problems with personal security today, writes Bret Swanson in The Washington Times this week: “Payment card hacks, while less sensational, are relatively well understood and could be mostly (and quickly) solved with a simple technological tweak.”

The writer refers, of course, to “America’s use of the 1960s plastic-and-ink technology” compared with the great portion of the world that has long-since moved to the more advanced, yet simple, “chip and PIN” approach.

Swanson cites a study of attacks on information networks and major theft of information assets in 2013, in which a group of 50 global firms and public entities observed 63,437 security incidents and 1,367 confirmed data breaches. The report’s conclusion: 2013 was “a year of transition from geopolitical attacks to large-scale attacks on payment card systems.”

To put it in context: Once the United Kingdom adopted chip-and-PIN technology, credit card fraud plunged by 75%. While most debit cards today have the PIN, few of them have the chip, although that number is continuing to grow as card issuers and retailers prepare for October’s EMV deadline. Far fewer U.S. credit cards have PINs.

“The solution is obvious,” writes Swanson, who goes on to lament the lack of collaboration between credit card companies and retailers, pointing out that U.S. credit card networks have balked at the necessary retailer upgrades for chip and PIN, while failing to deploy chip-and-PIN cards. “In an economy increasingly built on digital information, this is unacceptable,” Swanson writes.

Advertisement
Advertisement
Advertisement