We all have them now in our wallets, sitting on our desks, laying around at home. The plastic card with sixteen numbers on them tied directly to your bank accounts and financial stability. They are in the process of eliminating physical currency, the need to visit a bank to withdraw what you spend, you can swipe the card and make a transaction in seconds. This is the problem. It’s far too easy and the card and the payment process needs an overhaul.
The United States finally rolled out the ‘new’ chip and pin cards, but they have been used all over the world for the last ten years already, and still our transaction process is just as insecure and open to fraud as ever. The reason is all comes down to verification of the card. Merchants want to make a sale, the consequences of a fraudulent transaction is put in the hands of the insurance and banks to deal with. The blame and accountability are so far shifted away from the merchant there is no incentive to increase scrutiny on a buyer’s method of digital payment.
Changing it will never happen over night and unfortunately will never happen, at least not in a broad sweep. The industry is too set, consumers can barely handle using credit cards and trying to get them to change would be an education nightmare and retailers would never invest in new technology under the current systems. This is why wireless payments like Apple Pay aren’t taking off, you need the retailers to get on board otherwise the technology is useless.
Recently there was a textbook example on how ridiculous the credit card systems are setup today. A musical artist called DJ Kahled learned a hard lesson on credit card security. DJ Kahled owns the coveted American Express Black card. This credit card is for the 1%, just to get an invite you need to spend and pay off upwards of $350,000 on your account. Beyond the first class perks you get this card has no limit. Most celebrities have these cards, including DJ Kahled. You would think that this card would be treated as gold with protections and additional verifications in place to protect unlimited money. Apparently not.
DJ Kahled made a mistake, inadvertently or deliberately to brag, but he exposed the flaw in the system with a seemingly harmless SnapChat pic –
On Wednesday (13Jan16), Khaled flashed his American Express black card in a post, and eagle-eyed followers took down the numbers and began to make purchases.
According to reports, he lost around $80,000..
A picture of the front of the card is all it took for his account to be used fraudulently. No checks, no verification, nothing else needed to conduct a transaction. You wonder why there is so much efforts into getting hands on credit card information? The answer is that the transaction process is so simple to use, too simple. Even with the highest rated American Express Black card all you need is the number.
The insurance industry that covers the retailers and credit card companies are supporting this insecurity. Billions written off annually from fraudulent charges, paid for from the billions of profits they are making from the transactions. Who suffers? The individuals, their credit scores, their identities, their financial futures. This is a problem that the industry does not want to fix. If they did want to fix it Chip and Pin credit cards would have been rolled out ten years ago when the technology became available. Increasing the difficulty of an individual using a card, tightening online requirements, shifting the accountability down to those taking the cards. Put them on the hook for loose security procedures and things will change after the store has to cover identity protection, merchandise loss without paybacks and getting sued directly without insurance company coverage.
Credit cards need to be protected as closely as your social security card. Those raised numbers on your card and your name is all a thief needs. There’s a 3 digit ‘security’ code on the back but since that is static, meaning it never changes, the more you use your card the less secure that ‘security code’ is as every merchant collects it. It makes no sense, but it is what it is.
Protect your cards like gold, all it takes is a picture at the right angle to get yourself in trouble.
End of line.
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.