Citibank this week announced that it was replacing the debit cards of customers whose accounts were compromised in the great Target Christmas hack. The names, addresses, telephone numbers and email addresses of more than 100 million Target customers got hacked but Citi delayed replacing them because it didn’t want to unnecessarily disrupt Christmas shopping.
But replacing these cards with the same magnetic stripe technology is like replacing a padlock that’s securing a lockbox with another padlock after someone just used a bolt cutter on it. Look at it another way: the credit card industry is still on dial-up while the thieves are using high-speed broadband. It’s a losing battle and one the reasons why the U.S. retail industry is going to remain a target until it catches up with the rest of the world.
For years, consumers in Europe and many other countries have used a technology called EMV (for Europay, MasterCard and Visa), created in the mid-1990s that makes it possible for retailers to confirm payments locally instead of placing a call to your bank. That’s possible because of a chip on the card that requires you to tap in a PIN code at the point of purchase. Simple. Safe. Secure. Instead, we’re stuck with magnetic stripes from the 8-track cassette era, which are vulnerable to hacking. With most of the planet using higher tech, hackers naturally focus on the least secure market. (Citi did not respond to request for comment.)
Chip and PIN is making its way into the U.S. slowly; you can get chip and PIN credit cards, which are better to use if you travel overseas. Meanwhile the credit card companies, banks and retailers have been bickering for years over adopting the technology and about who’s going to pay for the infrastructure needed to install it.
Some companies have gone so far as to say that consumers will resist the new cards, since they’re used to signing for their purchases. That’s baloney. Given the choice of making their account information vulnerable or tapping in a PIN code at the point of purchase, people will quickly adapt the chip and PIN cards, just as they did ATM cards. Until then, hackers will make the U.S. the global center of credit and debit card fraud.