I used to scoff at people who told me they were afraid to use their credit cards online. For many years I truly believed that using your credit card online was safer than using it at a restaurant. The first reason is, almost all online payment systems require SSL (read: encrypted) connections when dealing with credit card information. Using SSL all but eliminates the possibility of a hacker capturing your data during a transaction. The second reason I believed online payments were safer than restaurant payments is because, at least back when I worked in the fast food industry, we made three copies of every credit card that was used in our restaurant, and two of the copies stayed there with us. I (or anyone who worked there) could have walked off with a stack of credit card carbon transfers and had fifty cards (or more) a night. The same people who were deathly afraid of using their credit cards for Amazon or eBay payments had no problem with leaving copies of that same card with a bunch of teenagers.
The problem we have learned, at least in the realm of online transactions, is not capturing one transaction at a time. The problem is trusting retailers to handle and store your information safely. As we have discovered in recent years, retailers aren’t particularly good at doing this.
In 2007, hackers were arrested after pilfering more than 45 million credit card numbers from retailer TJ Maxx. A hack of this magnitude did not happen overnight; in fact, the hackers had been playing around in TJ Maxx’s computer systems for almost two years. The hackers first began accessing TJ Maxx’s networks by hacking into unprotected kiosks, and later moved to attacking them wirelessly from the parking lot.
Without getting into a lot of technical details, an awful lot of things went wrong for TJ Maxx during that time. You’ve got weak machines (those kiosk computers) that (a) the public can access and (b) connect to your local network. You’ve got machines that are physically accessible (we’re talking the USB ports) by members of the public. You’ve got wireless access (using WEP) extending to your parking lot. You’ve got no method of detecting these intrusions. And the biggest problem of all, you’ve got 45 million credit card numbers, being transmitted and/or stored in plain text.
In 2007, headlines referred to the TJ Maxx leak as the largest hack ever. Last week’s hack of the PlayStation Network (PSN) was nearly double in size.
Last week, hackers targeted PSN and managed to download at least all the account information from all 77 million users, and (depending on who you ask) probably their credit card information. To give you an idea of how massive this is, there are approximately 77 million people (men, women and children) living in Minnesota, Colorado, Alabama, South Carolina, Louisiana, Kentucky, Oregon, Oklahoma, Puerto Rico, Connecticut, Iowa, Mississippi, Arkansas, Kansas, Utah, Nevada, New Mexica, West Virginia, Nebraska, Idaho, Hawaii, Maine, New Hampshire, Rhode Island, Montana, Delaware, South Dakota, Alaska, North Dakota, Vermont, Wyoming, and Washington D.C. combined.
Professionals are already estimating that the PSN data breach could cost Sony $24 billion dollars to fix, a figure that doesn’t include the loss of future sales (I’ll never buy another Sony console).
77 million credit card numbers stored in one location is a digital Fort Knox, just waiting for someone to penetrate it. Those credit cards can be sold on the black market for millions upon millions of dollars, and the PII (personal identifiable information, like your name and address and birth date) might be worth even more to that to people looking to steal your identity.
It has been proven time and time again that these individual corporations cannot keep hackers out. I propose that the solution is not better security (although that wouldn’t hurt!), but rather, make the credit cards useless. Perhaps this could be done by adding a 7-digit pin to credit cards. A 7-digit pin allows for 10,000,000 possibilities (10^7), and most people can remember 7 digits. Heck, maybe people could even choose seven letters based on the letters on the keypad.
Neither the signature (a complete joke) nor the three character “security code” on the back of your card are valid security measures.
By introducing a password, you could introduce a two-part transaction. Swipe your card at the store, and then enter your password. The retailer keeps the credit card number, while the pin number is sent to your bank, authorizing the charge. When the credit card request hits your bank, it could compare the date/time stamps and, if there is an authorization, allow the charge. No working pin = no charge. Credit cards without the passwords would be worthless. The key to the system would be (a) encrypting the pin traffic (not a big deal), and (b) storing them separately from the credit cards. I’m pretty sure it could be designed in a way that either half of the system would be worthless without the other.
History shows us that even the best network security defenses are vulnerable. History also shows us that retailers rarely have the best network security defenses. Making credit card numbers worthless would stop these types of attacks. If implemented properly, attaching pin passwords to them could help achieve this.
There are actually systems similar to what you are describing in place in most of the rest of the eorld (EMV or “chip and pin”). For various reasons, the US has been very slow in moving away from cleartext numbers on magstripe to somethng more secure.
That has been changing due to new “contactless” technology – the Sony breach may well hasten things