For being one of the top economies in the world, the US banking system is still well behind much of the world when it comes to fraud protection and banking. This is because we still continue to use the magnetic stripe as the standard for all our banking cards, be it a debit or credit card. The result is a huge headache both for consumers and banks yet we continue to cling to our outdated system rather than just upgrading to one of several different methods. With the recent security hacks at Target, Neiman Marcus and possibly other retailers late last year, this may be finally changing but it should be definite and not just something that we are going to look into.
The Insecurity Of Magnetic Cards
With the current US banking cards, all account information is contained on that small magnetic stripe on the back of the card. The biggest problem with this is the ease with which that information can be read off by a device called a skimmer and then transferred to a new blank card. As electronics get smaller and smaller, the criminals are able to develop skimmers that can easily be placed into any store terminal to capture that information yet not be noticed by the consumer. Gas station pumps with the payment station are the most common targets with third party ATM’s being the next most common.
Debit cards offer a bit more security because there is a PIN number that also is needed to verify the transaction. The problem is that in addition to scanners, small digital video cameras are being linked to the skimmers that record the keypad allowing the thieves to capture the PIN in addition to the card number. Consumers have much less security when it comes to fraud with debit cards as that money is removed immediately from their accounts.
The Smart Card
Smart cards have existed since the late 80’s and are the dominate form of banking card in the world now. They look essentially like a traditional credit card but with a small computer chip embedded in them and a set of contacts so the card card interface with a reader. The reason these cards are more secure is that the data on the computer chip is encrypted. In essence, the data simply cannot be read off the chip and then cloned onto a blank card similar to a magnetic stripe banking card.
To add an extra layer of security on top of this, many institutions have implemented what is called a system. In essence, the data on the chip is still encrypted, but in order to use it, the owner of the card must supply a PIN that then unlocks the card for use. It is similar to having a PIN with a debit card except that PIN unlocks the encrypted chip. With the cards more difficult to clone and the PIN, this creates a much greater level of security.
NFC Payment via Smart Phone
You have probably seen some of them swipe and go type payment systems at some retailers in the US. These are little sticks or cards that can be placed near a reader to enable payment authorization at that retailer. This is used by a number of grocery store chains and gas stations in the US. This is a form of RFID system that uses close proximity to transfer account data. They offer a bit more security than a typical card because they can only be used at specific locations. The security is still limited as it is possible to use a reader to clone that RFID signal and the fobs can still be stolen and used unless a secondary PIN is setup with that system.
or NFC is a new wireless system that is starting to make its way into consumer smartphones. This allows the smartphone to be used with NFC readers for wireless payments systems in lieu of traditional credit cards. Both with certain phones.
So how is this secure? First, the smartphone device would not actually store the banking information on the phone. Instead, it acts as a link to a remote system that has the data. Some form of security would then exist that requires the user to unlock that data so it can be transferred to the merchant. If fingerprint readers such as that on the iPhone 5S get more widespread, that may also provide an additional layer of security. This protects both the bank and the user in the event that the phone is lost or stolen. This deal is still in the early stages with the two companies expected to announce more later in the year.
Why It Will Take Time To Get Secure Banking Cards
The big reason that the US hasn’t adopted smart cards or other payment systems is the cost of deploying it across the entire country. For the system to truly work, the banks and retailers must all adopt a new system. This means that banks have to create and issue the cards and the retailers must get compatible terminals for their customers to use. This is a huge expense that the banks and retailers don’t want to have to spend. Even if the US were to adopt a new system, it would likely take years to fully implement.
The thing is that the cost of fraud has gotten extremely large in the past few years. European countries saw the amount of loss from fraud cut in half or more after moving to more secure smart card systems such as chip and PIN. Banks and retailers must look at those potential savings as an incentive to switch in the US. If we don’t, the level of fraud is just going to keep increasing and those costs are eventually going to result in higher costs for everyone.