Much has been written regarding the Target system data breach compromising approximately 40 million cards. This is not the first major breach we have read about and won’t be the last. It seems as though they are becoming more frequent and bigger—at least from my perspective—and the situation is getting worse.
Yes, the consumer’s trust has been shaken and some have taken legal action against Target to try to recover funds lost and to hold Target accountable. The theme: If you want my business and my trust then you need to do a better job taking care of the financial information I entrust you with! I expect to see more of this type of activity in the future.
The financial industry has also been adversely impacted in regard to this event. First comes the calls, then the refunds, then it is the fees financial institutions pay their processors to try and get to the bottom of all of these fraud calls. Then comes the inevitable, the reissuing of cards. The rough estimate, 40 million cards times $10 each. Yup, no less than $400,000,000 minimum to re-issue the compromised cards. Did I neglect to tell you that there is a MO-HUN-DUS amount of money made in the card fraud card replacement business?
Who pays for this? At first blush it is the financial institution, not the processor and not the merchant or retailer that has been compromised. Over time, we all pay, some just pay sooner!
The point to be made is that we as an industry need to get serious about debit and credit card security. Another fraud wave is building in North America and it has to do with the mag-stripe on the back of the plastic cards we use and the lack of encryption versus the EMV initiative which is often referred to the Chip + Pin security feature being implemented throughout Europe, Canada and Mexico.
We found out through the Target compromise that card data stored at retail merchants is not encrypted, with exception of pin data.
As mentioned in an earlier blog on EMV technology and encryption, by 12-31-15 mag-stripe debit card transactions will no longer be accepted at point of sale (POS) terminals in Canada.
The United States will be the only country in North America where the cards will continue to have unencrypted data encoded on the mag-stripe and you can be assured that our card fraud is on the increase in a big way. Every financial institution should require more of their processors and of MasterCard, Visa, American Express and Discover when it comes to security, security devices and systems.
There are bigger targets out there than Target! Let’s hope your institution is not one of them.