The massive breach of credit and debit card data at Target stores nationwide has a lot of people wondering whether plastic is safe, but future advances will pose a new set of challenges to would-be crooks.
The magnetic strip most credit cards bear utilizes technology that was developed in the 1960s. In the 21st century world of global hackers, that may not be secure enough anymore.
"I do think it's ironic it wasn't from the website, but with the magnetic stripe of the credit card," Mark Lanterman, CEO and chief technical officer of ComputerForensic Services admitted.
According to Lanterman, the hackers who stole data from 40 million card users were highly sophisticated in their approach and may have been members of an international crime syndicate, possibly even a foreign government intelligence service.
One of the biggest questions on consumer's minds is: What happens now? Many are monitoring their statements and canceling cards to stay on the safe side, and Lanterman believes that's a sound strategy since the numbers will likely be sold on the black market and then used to create counterfeit cards.
"They've essentially harvested a crop, and now, they're going to take it to market and sell it," he explained.
Yet, in more than 80 countries, the standard credit card now comes with a smart chip that mathematically encrypts information. That makes it more difficult to steal.
In the U.S., only 1 percent of all credit cards have smart chips, which may explain why American victims account for 47 percent of global credit card fraud but only 24 percent of credit card spending. Even so, Lanterman says the smart chip can't guarantee total security either.
"There are risks associated with those chip cards as well," he said.
Lanterman explained that tech-savvy pick-pockets can use portable scanners to intercept and read smart chip data right out of a back pocket or purse.
Yet, encryption is the wave of the future -- not just for wallets, but also at the register. Nowadays, most point of sale devices are really computers.
Target still won't say exactly how the breach occurred, but it could have been at the point of sale, with a vendor, or the computer networks to the banks and credit card companies. With many companies, that data passes free and clear without encryption and can be picked off at any point in that chain.
"This breach could even be with the processing vendor," Lanterman said. "So, it may not even be Target."
Visa and Mastercard set a deadline of October 2015 for new smart card standards in the U.S., but they also know retailers and customers may be reluctant to use them. To mitigate that, the companies have built in an incentive. If a company still uses magnetic strips, the merchant -- not the credit card company -- will be on the hook for the loss.
WTTG FOX 5 & myfoxdc
Didn't find what you were looking for?