In the wake of major data breaches at Target and other retailers that have put millions of consumers at risk of fraud, people are asking why U.S. banks and credit card companies have been so slow to adopt the more secure chip and PIN technology that is widely used across Europe, Canada and elsewhere.
As Sophos Senior Security Advisor Chester Wisniewski tells Marketplace, the recent data breaches are putting pressure on card issuers and retailers to finally replace magnetic strip cards with more secure payment methods that would prevent fraud.
In an interview earlier this month with Marketplace guest-host Mark Garrison, Chet explained that chip and PIN cards could prevent hackers from stealing card data from retailers, because each transaction at point-of-sale registers uses a unique ID rather than the credit card number.
“Chip and PIN technology is basically a little cryptographic computer chip that’s on the surface of your credit card. So instead of the 16-digit number that’s on the surface of your credit card, all the store gets is a cryptographic transaction ID that’s sent off to the bank to do the transaction,” Chet says. “Which means that if a criminal intercepts it like happened at Target, that number is not the actual credit card number and can’t be used for fraud.”
Although chip and PIN technology has already been in use for years outside of the U.S., Chet says that the cost to retailers of replacing their card-reading equipment has slowed the roll-out of chip and PIN cards under the EMV standard.
“The roll-out’s been very slow in North America, largely because it’s a big expense to buy a new machine, so there’s been a lot of resistance to replacing the tens of millions of credit card machines that are so ubiquitous in our lives,” Chet explains.
According to a report at ZDNet, Visa CEO Charlie Scharf said in an earnings statement that the company is “continuing to move the industry towards the adoption of new safeguards including EMV chips and tokenization.”
Listen to the full interview with Chet in the Marketplace podcast below. And be sure to follow our experts at Naked Security for all the latest updates on this and other breaking security news.