As everyone by now has heard about the Target Credit Card hacking scandal which netted the thieves upwards of 100 Million Credit Card numbers. My friends and I have discussed the broken and outdated American Credit Card System. How can the American Credit Card system be so far behind the rest of the world we always ask? We also know a handful of people each that have had their Credit Card information stolen one way or another.
It is hard to imagine such a data breach the magnitude of Target but I recently read a book about the Credit Card underworld which highlighted all the ways these thieves work the system. The book Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground is actually a very good read and actually reads more like an adventure than an Non-Fiction book. It is scary at the same time at how easy it is to access Credit Card information and systems. The book is a perfect example of one particular crook took it to the next level.
My wife and I were victims of Credit Card fraud only last year when we visited Florida. Somewhere along the way our Credit Card was copied and sold along to thieves in New York. My wife and I returned to the US for Christmas and New Years and I payed very close attention to the Credit Card process for each transaction we made from stores to restaurants. What was shocking to me was the latent lack of consistency across all the different Point of Sale locations. Below is a list of the different credit card processes we encountered:
Scenario 1 - Swipe Card, the cashier prints a receipt, and asks us to sign the receipt
Scenario 2 - Swipe Card, cashier asks for ID, processes the transaction, and either sign on a electronic pad or the receipt
Scenario 3 - Cashier takes card and Swipes it and you sign nothing and just get a receipt
- Give the server your credit card and they then run into the back room for what seems like an eternity before coming back with your card and the completed transaction receipts
- Swipe your credit card and input your zip code (The most secure out of all transactions listed)
How to fix the Broken Credit Card System
- Start incorporating Smart Cards into Credit Cards. Europe has been using Smart Cards for a very long time. Smart Cards added an additional layer to Credit Cards that only open up access to the chip on the card once the pin has been entered. The pin is always separate from the card and can actually be a dynamically generated number as well.
- Require Credit Cards to have pins numbers for each transaction
- Require remote Credit Card processing machines. This would allow you to view your credit card at all times. For example, a restaurant server must bring the device to your table to process your payment.
- Two-Factor authentication - This is where I believe will make the largest impact on Credit Cards. What if every Credit Card transaction sent you a SMS/Text Message/Automated Phone call with the transactions details and a 6 digit code which you must type in the Credit Card terminal to complete the transaction.
Obviously, the list above will not eliminate Credit Card System fraud but it will make it much more difficult to have all the pieces to the puzzle to complete a transactions. In order to complete a transaction with the above mentioned points a Smart Card Credit Card, Pin Number, and a mobile phone linked to this credit card.