When Sen. Patrick Leahy (D- VT) gavels the Senate Judiciary Committee to order on Tuesday, four witnesses will sit before the esteemed Senators to ostensibly discuss “Preventing Data Breaches and Combating Cybercrime.” Among them will be the Senior Vice President and Chief Information Officer of the recently-hacked Neiman Marcus and the Executive Vice President and Chief Financial Officer of the recently-hacked Target, called to answer for the untenably risky position in which both companies left tens of millions of Americans during and after the holiday season.
Though both companies and their customers were endangered by the data stolen in those breaches because of the outdated, sixties-era technology that underpins our electronic payment system, the purveyors of that technology – the credit card companies and the issuing banks – won’t be answering any hard questions alongside Target and Neiman Marcus. Consumers should be asking why.
After all, it’s not like the technology to significantly reduce credit card fraud doesn’t exist: it’s known in the industry as “chip-and-pin” (in reference to the chips embedded in the cards and the three digit numbers, not signatures, required to use them) or smartcards, and they’ve been used all over the world for more than a decade. Since it was introduced in the UK in 2004, credit card fraud fell 67 percent, while Canadians saw a 75 percent reduction in fraud since introducing the technology nationwide in 2009. Meanwhile, the U.S. has become the “world capital of credit card fraud,” with losses in the billions and rising.
So why is one of the most technologically sophisticated countries in the world relying on 1960s magnetic stripe technology to combat 2014 computer-assisted crimes? Money – just not the money consumers are losing in these credit card fraud cases.
Instead, the money in question is what retailers, credit card issuers and credit card companies will have to pay out in order to enable the adoption of this new technology. The point-of-sale machines that were vulnerable to attack in the case of Target all have to be replaced to accept “smart cards” to the tune of several billion dollars. Credit card issuers have to replace cheap magnetic stripe cards with more expensive chip-enabled smart cards, to the tune of several billion more. And, in the mean time, the cost of fraud perpetrated by criminals is parceled out among issuers, retailers and credit card companies (depending on the fraud) – and the inconvenience and stress is borne almost solely by consumers.
Credit card companies have one card left to deal in this high-stakes game: everyone who uses their system has to play by their rules, and their rules are about to include chip-and-pin cards. So unless retailers like Neiman Marcus and Target install machines that accept chip-and-pin by 2015, they’ll become solely responsible for the fraud committed in their stores. The issuers have no such deadlines, though some are issuing smartcards at individual consumers’ request – which means unless you call and ask for it, they aren’t immediately going to mail you a new, much more secure credit card, and most people don’t even know to ask.
The fact of the matter is that this industry infighting has been allowed to continue for years even as more and more Americans are seeing fraudulent charges on their bills and in their bank accounts, because there’s been no sunlight on the actions of the industry. All these discussions, negotiations and drama have played out far away from television cameras, microphones and prying questions from our elected representatives.
Any discussion of why we’re so vulnerable to credit card fraud, like that perpetrated in the wake of the data breaches at Target and Neiman Marcus, begins and ends with an understanding that the credit card companies and banks on whom we rely to conduct safe transactions are making us all vulnerable to billions in fraud by holding onto antiquated systems to beef up their own bottom lines. So while some Target customers might well feel better seeing one of their executives squirm in the bright lights of the Senate, there will be too many credit card executives sitting safely at their desks far away from the cameras.
Next time, we need to shine a light on them as well, and ask some tough questions about why it is we’re all still waiting on them to spend so much on fraud that it’s finally worth the money to pay to protect us.