Target Data Breach Reveals Deep Flaws in U.S. System

The United States trails far behind other countries in the use of smart credit cards.

December 27, 2013

LOS ANGELES – The recent data breach at Target stores underscores the vulnerabilities of the current U.S. credit card system, the Los Angeles Times reports.

Over the last decade, most countries have adopted smart cards, which are credit cards that carry information embedded on a microchip, rather than the U.S. preferred magnetic strip. The former offers encryption that “has made the kind of brazen data thefts suffered by Target almost impossible to pull off in most other countries,” the Times wrote.

As a result of its less secure credit card technology, the U.S. has become a target of hackers seeking to steal credit card information.

"The U.S. is one of the last markets to convert from the magnetic stripe," said Randy Vanderhoof, director of the EMV Migration Forum. "There's fewer places in the world where that stolen data could be used. So the U.S. becomes more of a high-value target.”

Roughly 80 countries use smart credit cards today, which allow for greater encryption and security. Only about 1% of U.S. credit cards contain such technology.

"The U.S. is slowly issuing these cards to users," said Joram Borenstein, vice president of Nice Actimize, which helps companies analyze their security systems. "It's harder to commit fraud against these cards. You have to steal the chip information, and that's a lot more difficult."

The U.S. is slowly moving toward smart credit card technology, with major card issuers laying out a timeline for upgrading their card technology, many with an October 2015 deadline. 

"The road map and larger migration has provided issuers and merchants with the flexibility to manage their business and technology decisions," said Jim Issokson, a MasterCard spokesperson. "The decision on if, how and when EMV will be implemented has been and will continue to be made independently by each issuer and merchant.”

Paige Anderson, NACS director of government relations, commented to NACS Daily:

“Consumers must have trust in their payment system to not have their personal information stolen. Clearly, that trust has been broken with the latest data breach incident. These data thefts, such as what happened with Target, could be reduced with an encrypted PIN authentication — technology that has existed for decades — on all card transactions. Tragically, powerful special interests have stopped efforts to use this technology. As payment technology evolves from the current magnetic strip on credit cards to EMV chips, and eventually to a mobile wallet, a strong uniform authentication process will be necessary to protect consumers and their personal information.”

For more on smart cards and EMV technology, see "A Chip on Their Shoulder" in the September 2012 issue of NACS Magazine.

Advertisement
Advertisement
Advertisement