Table of Contents
NEW YORK — With theft of shoppers’ payment-card data by cybercriminals becoming an almost weekly occurrence, retail heavyweights such as Target Corp. and Home Depot Inc. are pushing to make the more secure "chip and PIN" technology as ubiquitous in the United States as it is in other parts of the world.
With theft of shoppers’ payment-card data by cybercriminals becoming an almost weekly occurrence, retail heavyweights such as Target Corp. and Home Depot Inc. are pushing to make the more secure "chip and PIN" technology as ubiquitous in the United States as it is in other parts of the world.
All retailers are being urged by credit card companies to meet an October 2015 deadline to update point-of-sale equipment at their stores to accommodate the new cards.
Both Target and Home Depot, whose networks were compromised in two of the biggest retail data breaches to date, say they expect to have chip and PIN systems in their stores by year’s end.
The new chip cards are more secure than most of the roughly three-quarters of a billion credit cards Americans now carry around in their wallets. That’s because they store credit and debit information on a computer chip embedded in the card instead of the magnetic strip traditionally swiped at checkout. The chip technology is known as EMV, representing the major payment-card companies — Europay, MasterCard and Visa — working jointly to ensure the security and global interoperability of chip-based payment cards.
Chip cards will make cybertheft more difficult, not stop it, security experts say. But the chip can make stolen card numbers useless to hackers, who no longer would be able to create new plastic cards from stolen identities.
The push for more secure transactions comes as more than 100 million Americans have had their credit and debit card information compromised over the past year, and millions more have been victimized by credit card fraud and identity crimes.
The Obama administration has joined the push to protect Americans from identity theft and fraud. President Obama last month signed an executive order to strengthen security on federally issued credit cards and government payment systems.
"You should be able to buy the things that you need without risking your identity, your credit score or your savings," Obama says.
The executive order requires government agencies and offices to upgrade the technologies they use to protect consumer data. Obama also is calling on Congress to pass legislation that would replace existing data security laws with "one clear national standard that brings certainty to businesses and keeps consumers safe."
The National Retail Federation (NRF) praised the president for signing the order.
"From insisting on PIN and chip cards to facilitating greater information sharing among retailers and other sectors, we are committed to finding the right answers with the latest technologies to stop these cyberthieves," says Matthew Shay, NRF’s president and chief executive officer.
A survey released in September and sponsored by credit information company Experian’s data breach resolution group finds that 43% of companies have experienced a data breach in the past year, up 10% from the previous year. It also finds that the size of the breaches is increasing.
Despite the rise in breaches, 27% of companies do not have a data breach response plan or team in place, though that’s down from 39% in the previous year’s survey. Just 30% of executives surveyed for the report say their companies would be effective or very effective in responding to a data breach.
Experian’s Michael Bruemmer notes that while cybercrooks typically get the blame, up to 80% of breaches are caused by employee errors, such as losing a company laptop or failing to work on a secure network.
