- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
Macworld - Target; Nieman-Marcus; Michaels. Lately, it seems that a week doesn't go by without some major retailer being forced to inform customers that their payment systems have been compromised, potentially affecting millions of cardholders and their finances. Of course, that's on top of the myriad scams that happen every day on a smaller scale and end up costing both consumers and businesses billions of dollars every year.
As plastic has increasingly replaced cash over the years, the financial industry has worked hard to tighten its grip over payment networks in an effort to curtail fraud--obviously, with mixed results. But that's due largely to the fact that the weakest links in the long chain of providers that make charging your credit card possible are outside of the industry's control. In the end, the best solution to this problem may already reside in your pocket: Your phone could be the key to a truly secure way to spend your money.
Would you like my wallet?
Despite the fact that it often gets a bad rap, the amount of technology that surrounds the plastic we carry in our wallet is something to behold. You could be ordering a latte in Shanghai and, with little more than a phone call, the coffee shop would be able to contact your American bank in real time to find out if your credit card is legit and if you have enough credit to cover your purchase.
+ ALSO ON NETWORK WORLD The worst data breaches of 2013 +
Still, unlike cash, card transactions are inherently insecure: Handing over your Visa to store clerks is essentially equivalent to giving them your wallet, trusting that they will only take the money you owe them and return it to you. Of course, most merchants are honest, but the fact that every bit of information needed to take your money is encoded in the magnetic track of your cards means that all it takes is a small, hard-to-detect change to the hardware they use--either at the point of sale or in transit from the manufacturer--to turn them into hapless enablers of fraud on behalf of unscrupulous criminals.
Card networks have tried to combat this problem by implementing increasingly sophisticated solutions. For example, Visa, MasterCard, and their brethren have put numerous regulations (part of their PCI initiative) into place aimed at making retailers handle their customer data in a more secure manner, and even introduced chip-and-PIN technology (called EMV in the industry), which essentially places a tiny computer right on each card; its job is to mediate each transaction interactively, thus providing merchants with only the information they need to charge you once.
Fish and chips (and PINs)
Still, PCI and EMV have many practical limitations that often defeat their very sophistication. For one thing, they depend on retailer compliance and specialized hardware that is expensive to acquire and deploy; while widely used in Europe and Canada, for example, chip-and-PIN isn't due to be broadly rolled out in the U.S. until 2015 at the earliest. Even then, the infrastructure change will be at a significant cost to merchants, who are unlikely to welcome the investment in the current economic climate. And, until chips become mandatory everywhere, cards will continue to support old magnetic-track technology, which still leaves customers and merchants open to massive fraud.
Originally published on www.macworld.com. Click here to read the original story.