Keep up with the news by installing RT’s extension for . Never miss a story with this clean and simple app that delivers the latest headlines to you.

 

​Magnetic swipe: Obsolete credit card tech makes US prime Target for fraudsters

Published time: December 22, 2013 21:57
AFP Photo/Anne-Christine Poujoulat

AFP Photo/Anne-Christine Poujoulat

The attack on millions of customers’ credit cards at retailer Target has exposed the outdated security tools used in banking. And while the US is scheduled to switch to more modern card protection in 2015, not all parties are interested in modernization.

“We are using 20th century cards against 21st century hackers. The thieves have moved on but the cards have not,” Mallory Duncan, general counsel at the National Retail Federation told AP.

Target has refused to specify the means by which fraudsters managed to steal the data of up to 40 million customers between November 27 and December 15. But almost all experts, citing industry sources and existing fraud cases, say most likely the data was siphoned with special devices attached to payment terminals, which scanned the magnetic strips on the back of the card.

This type of hacking would not have been possible had Target used Chip and PIN cards, officially known as EMV, which encrypt the data, making it much harder to intercept at the point of use. In contrast the technology on magnetic stripes is similar to that of cassette tapes, which became obsolete more than a decade ago; they can also be easily reproduced.

More than 90 percent of all cards in the EU and four out of five in Canada use EMV. In total there are 1.6 billion of them around the world. Contrastingly, about 1 percent of US cards have the technology, and even those are not secure, as only one in ten American payment terminals can actually process information from the chip.

“The US is one of the last markets to convert from the magnetic stripe. There are fewer places in the world where that stolen data could be used. So the US becomes more of a high-value target,” Randy Vanderhoof, director of the EMV Migration Forum told UPI.

Major credit card issuers have told the US to fall in line with the rest of the world by October 2015. From that date onwards, whoever is responsible for the weakest link in the security chain will be left to foot the bill for a fraudulent transaction, which should theoretically incentivize banks and retailers to provide better security measures.

Only it isn’t that simple.

US banks have calculated that the amount they lose from fraud – on average – is smaller than paying for a rollout of brand new terminals and cards across the country. They also enjoy better fees for processing the cumbersome and ineffectual signature verifications than they would if the system was converted to PIN as elsewhere.

“Compared to the tens of millions of transactions that are taking place every day, even the fraud that they have to pay for is small compared to the profit they are making from using less secure cards,” said Duncan.

Meanwhile retailers do not want to foot the bill either, and have engaged in legal battles with banks, which are only likely to intensify as the new data networks need to be created.

In the rest of the world the changeover was either mandated by the government, or brand new payment systems were put in where cards had not been used before at all, as in developing markets.

Experts estimate that by the October 2015 only 60 percent of cards will be compliant with new technology requirements.

In the meantime, it is likely the customers will have to pay for the increased susceptibility to fraud – in the form of higher banking charges needed to cover the theft. Though the situation simply can’t carry on as now, particularly as US citizens are now often struggling to have their old-fashioned credit cards accepted in parts of the world.

“Part of the cost in the system is for fraud protection. It costs money, and someone's going to pay for it eventually,” Jason Oxman, chief executive of the Electronic Transactions Association, told AP.

Comments (14)

 

Ephraiyim ben Yisrael 26.12.2013 22:04

LisaAgnes 23.12.2013 00:48

In addition to making a buck for the hackers, it would also serve a political purpose and harness the large corps in favor of not knowingly weakening encryption software. I wonder if this was anonymous?

  

Lisa-You obviously are unaware of how anon has normally worked. They DO NOT mess with average people. They mess with corporations. This does not have the markings of anon. These are thieves who are stealing for no purpose other than to make money.
Anon. makes political points. They do not steal for profit.



 

nicktrcat . 23.12.2013 18:47

"We have this new secure payment method for you, just stand there while we insert this painless microchip into you"........... ....

Use cash, it doesn't have eyes... ;-)

 

Pat Richards 23.12.2013 09:47

[quote name='sangye thubten' time='23.12.2013 05:05']“Part of the cost in the system is for fraud protection. It costs money, and someone's going to pay for it eventually,” Jason Oxman, chief executive of the Electronic Transactions Association, told AP.<BR nodeIndex="1&qu ot;><BR nodeIndex="2&qu ot;>Why not remove the whole system of "money" and you eliminate the whole problem permanently? I am sure there are many who are smart enough to explain how we can operate without "money".[/ quote]

No money no power. No power no influence of westerners over other nations. The purpose of money is to be in control of the world.

View all comments (14)
Add comment

Authorization required for adding comments

Register or

Name

Password

Show password

Register

or Register

Request a new password

Send

or Register

To complete a registration check
your Email:

OK

or Register

A password has been sent to your email address

Edit profile

X

Name

New password

Retype new password

Current password

Save

Cancel

Follow us