Will U.S. credit cards finally get cryptographic chip and PIN technology?

credit-card-security

In the wake of major data breaches at Target and other retailers that have put millions of consumers at risk of fraud, people are asking why U.S. banks and credit card companies have been so slow to adopt the more secure chip and PIN technology that is widely used across Europe, Canada and elsewhere.

As Sophos Senior Security Advisor Chester Wisniewski tells Marketplace, the recent data breaches are putting pressure on card issuers and retailers to finally replace magnetic strip cards with more secure payment methods that would prevent fraud.

In an interview earlier this month with Marketplace guest-host Mark Garrison, Chet explained that chip and PIN cards could prevent hackers from stealing card data from retailers, because each transaction at point-of-sale registers uses a unique ID rather than the credit card number.

“Chip and PIN technology is basically a little cryptographic computer chip that’s on the surface of your credit card. So instead of the 16-digit number that’s on the surface of your credit card, all the store gets is a cryptographic transaction ID that’s sent off to the bank to do the transaction,” Chet says. “Which means that if a criminal intercepts it like happened at Target, that number is not the actual credit card number and can’t be used for fraud.”

Although chip and PIN technology has already been in use for years outside of the U.S., Chet says that the cost to retailers of replacing their card-reading equipment has slowed the roll-out of chip and PIN cards under the EMV standard.

“The roll-out’s been very slow in North America, largely because it’s a big expense to buy a new machine, so there’s been a lot of resistance to replacing the tens of millions of credit card machines that are so ubiquitous in our lives,” Chet explains.

According to a report at ZDNet, Visa CEO Charlie Scharf said in an earnings statement that the company is “continuing to move the industry towards the adoption of new safeguards including EMV chips and tokenization.”

Listen to the full interview with Chet in the Marketplace podcast below. And be sure to follow our experts at Naked Security for all the latest updates on this and other breaking security news.

4 thoughts on “Will U.S. credit cards finally get cryptographic chip and PIN technology?

  1. Pingback: Credit card data for sale in cybercrime market shows Sally Beauty was breached | Sophos Blog

  2. Pingback: What we learned from the Target data breach about PoS security (Presentation) | Sophos Blog

  3. Pingback: Sophos at BSides Austin: Credit card security and PCI DSS compliance, post-Target | Sophos Blog

  4. Pingback: Sophos news in review: Partner conferences kick off, Target CEO resigns, and is antivirus ‘dead’? | Sophos Blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s