A place for all things security.

Target Data Breach Costs Banks Big Money: Are more secure credit cards on the way?

Feb 18, 2014 // Andrew Stroup

Target’s recent data breach has left banks seeing red in more ways than one. Banking industry organizations are now estimating that their costs associated with this data theft will exceed a whopping $200 million. As a precautionary measure to prevent fraud, banks are on the hook for replacing nearly 40 million debit and credit cards whose information was compromised in one of the most damaging hacker attacks in recent memory. Perhaps most infuriating for these banks is that Target got away pretty much scott free, only having to cough up two years of credit monitoring for those who want it, and pledging $5 million towards a cybersecurity coalition.

 So were any lessons learned? Hopefully. America has lagged behind pretty much the rest of the world in adopting chip-based credit cards. As a result, hackers hoping to capitalize on this security weakness have increasingly directed their attacks at companies with large amounts of American customers. Credit card companies are now seeking to have America join the 21st century by adopting a pin and chip system for processing payments.

Instead of having a magnetic stripe, credit and debit cards will be embedded with a microchip. At the point of sale the customer will insert their payment card into a machine and enter a PIN. The transaction is then processed like a normal credit card. This technology is more secure for a number of reasons:

  • Because you have to enter a PIN while the card is inserted into a checkout terminal, the cashier will no longer be handling the card
  • It is harder for hackers to duplicate the information contained within the chip, raising their costs to replicate stolen cards
  • Having the card by itself is useless: the hacker needs the PIN to successfully use a stolen card, which can be changed at any moment by the cardholder

According to an informal survey, these chip and pin systems have reduced credit card fraud in France by nearly 80% since they were introduced. Citing these statistics, and odd coalition of banks, retailers, and consumer advocacy groups have been agitating for change. Responding to their calls, or maybe their bottom lines, both Mastercard and Visa have pledged to equip all of their cards with microchips by the end of 2015. While this won’t eliminate credit card fraud, it will make it much more expensive for hackers to use your account information for their benefit, which is half the battle.