Friday, Jul 01, 2016
One of America's Great Newspapers ~ Toledo, Ohio

Technology

U.S. still slow in embracing technology to fight data theft

  • b4cards

    While most countries have started to use embeddable microchips in credit cards during the past decade, the United States continues to use magnetic strips and is more susceptible to data thefts.

    <ASSOCIATED PRESS

  • b4credit-1

    The United States is the juiciest target for hackers hunting credit card information, with the recent data theft at Target’s stores showing those flaws.

    <ASSOCIATED PRESS

b4cards

While most countries have started to use embeddable microchips in credit cards during the past decade, the United States continues to use magnetic strips and is more susceptible to data thefts.

ASSOCIATED PRESS Enlarge

LOS ANGELES — The massive data breach at Target last week has again highlighted how the United States remains a relatively insecure backwater when it comes to credit-card technology.

During the last decade, most countries have moved toward using credit cards that carry information on embeddable microchips rather than magnetic strips. The additional encryption on so-called smart cards has made the kind of brazen data thefts suffered by Target almost impossible to pull off in most other countries.

Because the United States is one of the few places yet to widely deploy such technology, the nation has increasingly become the focus of hackers seeking to steal such information. The stolen data can easily be turned into phony credit cards that are sold on black markets around the world.

“The U.S. is one of the last markets to convert from the magnetic stripe,” said Randy Vanderhoof, director of the EMV Migration Forum. “There’s fewer places in the world where that stolen data could be used. So the U.S. becomes more of a high-value target.”

“EMV” stands for Europay, MasterCard, and Visa, and is the technology standard that involves placing an integrated circuit of some kind into a credit card. Most European and Asian countries began adopting the technology a decade ago, pushed by regulators in those countries.

About 80 countries use smart credit cards, which allow for greater encryption and security. By comparison, only about 1 percent of credit cards issued in the U.S. contain such technology.

Smart cards in most countries are so widely adopted that U.S. travelers are increasingly running into problems using their magnetic stripe cards when they travel abroad. Banks and credit card companies often advise customers to request a smart credit card they can use for foreign travel.

The reason such technology has been embraced is simple: Hacking into a system to collect information on a chip and then creating a counterfeit credit card using similar technology is too complicated. As a result, hackers have increasingly turned to the United States, where the cards are significantly easier to duplicate because information is stored on a common magnetic strip.

“The U.S. is slowly issuing these cards to users,” said Joram Borenstein, vice president of Nice Actimize, which helps companies analyze their security systems. “It’s harder to commit fraud against these cards. You have to steal the chip information, and that’s a lot more difficult.”

The reasons the United States lags so badly in adopting smart cards are complicated, experts said. In part, there hasn’t been the political will to demand that businesses and financial institutions make the change.

Analysts also say the payment processing system in the United States is more complicated, with merchants, credit companies, and banks reluctant to spend the big bucks it would take to convert a system with 1 billion credit cards to EMV from magnetic stripes.

“It’s a function of our system of government and culture,” said Ben Woolsey, director of marketing and consumer research for CreditCards.com, which enables consumers to compare credit card offers. “Moving in that direction is going to be costly for the card industry and retailers.”

In the last couple of years, though, major card issuers have laid out road maps for upgrading the technology, and many have set out to achieve this by October, 2015. At that point, major credit card companies will change their rules about who is liable for fraudulent purchases caused by security breaches.

Click to comment

Quis autem vel eum iure reprehenderit qui in ea voluptate velit esse quam nihil molestiae consequatur, vel illum qui dolorem?

Temporibus autem quibusdam et aut officiis debitis aut rerum necessitatibus saepe eveniet.

Copyright © 2015 Toledo Blade

To Top

Fetching stories…