Data breaches throughout the U.S., both small and large, are undoubtedly on the rise. With the recent occurrence of the second largest data breach in U.S. history, in which the personal data of Target customers who utilized credit and debit cards, between November 27, 2013 and December 15, 2013, was stolen, many consumers are left wondering if they too are at risk for a similar breach when they use a credit card to make a purchase. In light of the recent class action filed by the potential victims of the breach, expertise provided from security experts, credit card fraud experts, and IT experts are expected to play a large role in both the resolution of this dispute, as well as the assessment and implementation of security measures that may assist in preventing future incidents.
Although the cause of the Target breach is not yet certain, several reasons have been offered by security experts and analysts as possible explanations for this data breach. Some experts believe that the Target breach was the result of an inside job of one of more Target employees. Other security experts and analysts disagree, stating that a breach of the magnitude of Target’s, is far too large to have been perpetrated solely through the actions of Target employees. These experts proffer that the data breach was the result of hacker groups, phishing, organized crime, or industrial espionage by competitors, whether U.S. based or overseas, with some experts further attributing fault to U.S. banks, who have facilitated the ability of perpetrators to access confidential data, through continuing to use magnetic strip credit cards, rather than converting to the microchip and pin format utilized in other countries.
Despite the varying views provided by experts and analysts regarding the Target breach, it appears that most experts do agree on at least one key concept. That is, whatever explanation is ultimately revealed for the breach, eliminating magnetic strip credit cards and converting to microchip and pin format, is an important step in the right direction. However, even though U.S. banks have recognized the reduction in fraud and other security benefits of the new format for years, our nation’s banks have been hesitant to convert to a system that has become universally accepted as the norm in many foreign countries.
In addition to reissuing credit cards, the conversion would also require changing all ATM’s throughout the country to accommodate the new card format. Banks would face a loss in revenue from interchange fees, which are higher with signature-based transactions. Consequently, the reluctance of U.S. banks to effectuate the switch to the microchip and pin cards is largely due to the billions of dollars in conversion costs and issuer revenue loss.
As many experts have pointed out, even when factoring in costs of conversion, as well as annual losses in interchange fees that issuers stand to lose as a result of the conversion, the decision to initiate widespread use of microchip and pin card throughout the U.S., from a business perspective, may perhaps be the most logical and practical approach. Not only can some of the costs be passed on to the consumer, the significant reduction in fraud losses that could potentially be achieved through conversion, would essentially pay for itself within a short time following implementation.
By: Alicia McKnight, J.D.