European technology may offer greater protection from hackers
Cyber-criminals who compromised the credit of up to 40 million Christmas shoppers at Target apparently did so with remarkable ease.
The thieves apparently ran an end-run around intensive security that big retailers like Target apply to databases that store customers' credit card information. Rather than attacking the database, the hackers stole data as cards were being swiped at registers, or points of sale.
Because the data on each card's magnetic strip is permanent, the hackers can manufacture new cards using that information. If there is a saving grace, is that cards' PIN numbers, used to withdraw cash from ATMs, apparently remain secure.
After the massive security breach, several members of Congress called for investigations, at least four state attorneys general launched their own investigations and at least half a dozen consumers initiated lawsuits.
The answer to greater security probably is in the realm of technology rather than litigation or legislation, however.
Several security experts have noted, for example, that the Target breach is just an aspect of the overall problem, which costs American consumers about $12 billion a year.
In Europe, they said, fraud is far less because card technology is different. There, microchips embedded within each European credit card issue a separate code each time the card is swiped, rather than a permanent code that can be replicated by thieves.
The Australia Payments Clearing Association reported that in 2012, the year after it mandated the European technology, credit card fraud fell by 29 percent over the prior year.
U.S. card issuers should adopt a standard that prevents hackers from relying on the permanent "track data" embedded in magnetic strips.