Weak US card security made Target a juicy target
Source: AP-Excite
By JONATHAN FAHEY
NEW YORK (AP) - The U.S. is the juiciest target for hackers hunting credit card information. And experts say incidents like the recent data theft at Target's stores will get worse before they get better.
That's in part because U.S. credit and debit cards rely on an easy-to-copy magnetic strip on the back of the card, which stores account information using the same technology as cassette tapes.
"We are using 20th century cards against 21st century hackers," says Mallory Duncan, general counsel at the National Retail Federation. "The thieves have moved on but the cards have not."
In most countries outside the U.S., people carry cards that use digital chips to hold account information. The chip generates a unique code every time it's used. That makes the cards more difficult for criminals to replicate. So difficult that they generally don't bother.
FULL story at link.
Read more: http://apnews.excite.com/article/20131222/DAARKH4O2.html
In this Jan. 18, 2008 file photo, a customer signs his credit card receipt at a Target store in Tallahassee, Fla. The U.S. is the juiciest target for hackers hunting credit card information. And experts say incidents like the recent data theft at Target's stores will get worse before they get better. That's in part because U.S. credit and debit cards rely on an easy-to-copy magnetic strip on the back of the card, which stores account information using the same technology as cassette tapes. The breach that exposed the credit card and debit card information of as many as 40 million Target customers who swiped their cards between Nov. 27 and Dec. 15 is still under investigation. (AP Photo/Phil Coale, File)
orpupilofnature57
(15,472 posts)instead of Real criminals .
marmar
(77,084 posts)SoapBox
(18,791 posts)Hell , the crooks don't even need you to swipe the card, when you have a chip that is barking out your information...they just walk by you.
drm604
(16,230 posts)and when they are used, it's a different code every time, like a car's key fob. So even if someone could capture the code, it could be used once, at most.
Major Nikon
(36,827 posts)When I was in Europe the last time I noticed the locals were all entering their pin each time they used their card.
drm604
(16,230 posts)So even if you capture the pin and the code, it won't accept that code a second time.
Major Nikon
(36,827 posts)I just know that the cards my European friends used were different and more secure.
drm604
(16,230 posts)This is a subject that I know something about. If the European chip system works the way I think it does then it's inherently much more secure.
iandhr
(6,852 posts)silverweb
(16,402 posts)[font color="navy" face="Verdana"]And we're behind the technological 8-ball again because ... ???
I'm guessing it's because chips in cards cost $0.001 cent more apiece than the magnetic strips and, you know... profits trump customer security.
Codeine
(25,586 posts)An enormous infrastructure was built up around the older card technology here, while slower adoption by Europe meant that more modern equipment was the norm there. That's what I've read about the disparity, anyway.
silverweb
(16,402 posts)[font color="navy" face="Verdana"]And it still comes down to profits because it would cost money to change the technological infrastructure.
On edit: I'm thinking about canceling all debit/credit cards except one, and letting involved institutions know that I'll reinstate only after they upgrade to the more secure chip technology the rest of the 21st Century world is using. It'll be slightly inconvenient, but I'll manage.
aggiesal
(8,920 posts)that banks don`t want to swap out the millions of ATM machines
to handle the newer technology.
The store vendors would have to swap out their card machines and
upgrade their systems to handle the new technology.
So I agree with your premise that profits trump security evertytime.
PatrynXX
(5,668 posts)Trickle down doesn't work. the focus is making the owners rich. everyone under them blah
Sherman A1
(38,958 posts)"Most Wounds Are Self-Inflicted".
Nothing like that "penny-wise, pound-foolish" approach to doing business.
RC
(25,592 posts)Nobody want to spend part of their profits to fix the system, when that cuts into executive's bonuses and stock options.
More reason to get the corporations back under control.
DallasNE
(7,403 posts)With a slight correction. They should say "card processors" because banks may process less than half of these transactions. First Data is by far the largest processor (are they still called that?). Because a different set of data would be transmitted there would be substantial reprogramming and new processing errors would happen following roll-out -- the old systems are old, stable, almost error free and profitable because of that.
The comment about the merchant being the weak link is my experience. Once, back in the days of imprint transactions I had a $600 charge for sports equipment. Apparently a local merchant had someone go through their waste paper and found the carbon paper from a transaction. The fraud transaction didn't even have the correct first name and was even a call in order for delivery. It should have smelled like fraud. Another time I had 2 charges from California show up. I only did business with one merchant in California and had faxed my card information to them for recurring billing. When I called them up they played dumb suggesting that no it could not be them. When I asked them about who all had access to the fax machine they finally confessed that the fax machine was next to the office copier and that they had recently fired an employee because another customer had also reported a card issue. I had a 3rd breach but don't recall that we ever got to the bottom of it. In all cases the charges were cancelled. But over a 35 year period that is not bad.
go west young man
(4,856 posts)implementing the new technology for the rest to follow suit. Once everybody started using that secure card it becomes a race for the rest of these mainstream lazy greedy ass banks to move their asses.
DallasNE
(7,403 posts)And would be more complex by far than when Visa and MasterCard expanded the cardholder number from 13 to 16 positions (when they were running out of numbers). There are also Amex, Discoverer, private gift cards and other cards.
Obviously, merchants would need to be able to process both kinds of cards for a period of a few years. Now they could transmit a single file to the card processor as long as they passed a code in their header record to indicate which type of detail transaction follows. Programs would then need code to process both ways. Often subroutines are developed meaning the program would look at code in the header to see whether to call the old subroutine or call a newly written subroutine for the new transaction type. Reports, screens, etc. would also need to be modified to print the appropriate set of data.
As you can see, the current configuration does not lend itself to a single bank (issuer) going first and force the others to follow. The bottleneck is the merchant base, not the bank/processor (issuer or acquirer).
Question, what do visitors currently do when they come to this country and only have cards with chips and what do American's do when they go overseas with swipe cards? The cards are international so I might be behind the times on current capabilities. This alone should force the issue.
Sen. Walter Sobchak
(8,692 posts)The real pain was when some EU issuers did away with raised numbers.
GodlessBiker
(6,314 posts)Sen. Walter Sobchak
(8,692 posts)Retailers just aren't willing to make the investment when the liability for card swiped transactions isn't theirs and for card issuers the total losses from fraud just aren't that great and their internal loss-prevention systems are pretty effective.
All the impetus is on card-less transactions.