A recent Gallup poll found that Americans worry most about hacking and cybersecurity than any other crime. Perhaps this is not surprising given the rash of high-profile data breaches, coupled with the fact that hacks have affected one out of four American consumers.
With Black Friday and Cyber Monday looming, now is a good time for consumers to understand key reasons why their financial security is at risk. Although awareness about what they as individuals can do to protect their payment card and financial data has risen significantly, many times, as with the high-profile security breach at Target last year, data thieves are able to exploit weaknesses in the antiquated security features in payment networks and the cards themselves.
The best solution would be for banks to take reasonable action toward use of chip and PIN equipped cards, before consumer demands push policymakers toward regulatory solutions that are likely to be more heavy-handed.
These security challenges are especially salient in underserved communities, where theft and security breaches can have an especially damaging effect on family budgets. Much is at stake in the big picture as well: for example, a recent report found that Hispanics, who make up nearly a fifth of the U.S. population, account for more than $1 trillion in spending power annually.
The U.S. as a whole maintains an aging cyber infrastructure and a high volume of credit card ownership. According to an April 2014 Gallup Survey, Americans own 2.6 credit cards on average. When consumers use these cards, they do so within a woefully outdated structure established in 1970.
Large American banks and credit card networks – some of which received massive, government-funded bailouts – continue to use magnetic stripe credit cards that the rest of the world has deserted. “Since it's one of the last markets in the world where thieves can operate against the easy-to-outsmart magnetic stripe technology,” reads a January 2014 CNBC report,” there's no reason [data breaches will subside] if [new technology] isn't adopted more quickly.”
This leaves many American consumers at risk. Unfortunately, banks have been resisting a transition to computer chip and PIN (Personal Identification Number) technology in use throughout the world. The result for now is grossly inadequate protection of consumers’ personal and financial data.
Rather than adapt to growing demands for safer measures, banks continue to disregard worldwide trends showing that chip and PIN technology is the clearest way to protect consumers. European nations have already transitioned to chip-equipped cards to combat fraud, while emerging-market nations leapfrogged over the use of outdated magnetic strip cards.
In the U.K., breach-induced losses fell from $356.5 million to $160.5 million in 2008 following chip and PIN implementation. Our Canadian neighbors (who use the modern technology) were largely spared from the financial losses that occurred from recent breaches.
Clearly, chip and PIN technology provides an added layer of security for card users that protect against hackers. Unlike current stripe cards and even chip-enabled cards that require a signature, chip and PIN cards cannot be cloned. This results in a strong frontline defense against cyber criminals who peddle stolen information, helping minimize financial fraud.
Yet here we stand as the last developed nation to adopt common sense chip and PIN technology.
There has been some progress, however. President Obama recently announced the “BuySecure” initiative, which requires federal agencies to upgrade all federal credit cards from magnetic stripes to chip and PIN technology. Although it only protects government credit cards issued to federal employees, it is a good first step, especially for the American taxpayer who ultimately is stuck with the bill.
Some banks are promising to distribute chip technology and increase identity theft monitoring and protection. But in reality, there will only be a slight improvement in security because the banks insist on issuing chip-equipped cards with the same old flawed magnetic stripes. Consumers will still have to sign after a purchase instead of entering a PIN number, which is vastly more secure.
For card-issuing banks and credit card companies, relying on magnetic stripe cards is less about security and more about making money through the fees they charge retailers to process transactions. It is also cheaper for the banks to maintain the existing infrastructure that supports magnetic stripe cards rather than investing in chip and PIN cards, even though consumers are exposed to more risk.
As leaders in Washington continue to contemplate cybersecurity law and related issues, now is the time to ensure commerce security for all Americans. If the government can do it, so too should the much more nimble, accountable and reliable private sector. The best solution would be for banks to take reasonable action toward use of chip and PIN equipped cards, before consumer demands push policymakers toward regulatory solutions that are likely to be more heavy-handed.