‘Tis the season… for credit card breaches? It certainly seems that way. In the past year alone Kmart, Sears, Home Depot, Target, and Neiman Marcus, along with a slew of other retailers have all experienced breaches that have exposed the personal data contained on consumers’ credit cards and debit cards, according to the Fiscal Times.
Perhaps even more disturbing is the fact that, according to experts, data breaches actually happen all the time. In fact, only a third of all credit card breaches are ever made public.
Credit card breaches, along with flat-lining wages, may spell a less-than-jolly holiday season for some retailers. A recent survey, released Monday by Credit Cards.com, has found that, as a result of the past year’s data breaches, consumers are more and more fearful of swiping their cards, particularly at retailers who have suffered the hacks before. “[Forty-five] percent of respondents with credit or debit cards said they would definitely or probably avoid one of their regular stores over the holidays if that retailer had experienced a data breach,” noted the site.
The study found that the survey’s highest-earning respondents were least likely to be concerned about future data breaches. David Just, a professor of applied economics management at Cornell University, says this is likely because “wealthier consumers feel like they have some protections in place — possibly a service that is supposed to protect them.” He adds that, “with the less wealthy, this wounds deeply.”
Consumers’ vehement response to the data breaches is understandable. Alexandra Goodell, a shopper in Midtown Manhattan, told NPR that she finds the data breaches extremely frustrating. “It’s upsetting; it gets me angry,” she said. “I work really hard and I don’t want to go out of my way to cancel my card and nail down what happened.”
For some consumers, last year’s spat of data breaches mean they’ll pay for more of their holiday purchases in cash; 48% of consumers surveyed said that the security breaches mean they are more likely to pay in cash.
Paying in cash isn’t always a great idea, especially if you have a lot of shopping to get done. Carrying around a wad of cash increases the chances that you’ll be mugged, not to mention the possibility that you simply misplace or lose the money. If you’re going to use cash, it’s usually better to divide the money into smaller increments, and only take as much as you think you’re going to use on a given shopping trip.
Experts add that in general avoiding stores affected by data breaches is a bad move; stores that have experienced data breaches, The Fiscal Times notes, are more likely to have ramped up their security and protections, whereas stores that have never been hit are, if anything, more likely to be caught unaware.
Experts say that paying with a credit card is often the best way to deal with data breaches because, unlike debit cards, they don’t take money directly from your bank account. Yet many consumers, particularly younger shoppers, are increasingly avoiding credit cards. The Washington Post notes that some younger consumers are even “shunning credit cards completely in order to minimize their chances of piling on more debt.”
But many consumers are smartening up. According to the CreditCards.com survey, “one in eight consumers said they are more likely to shop with credit cards this holiday season in the wake of recent data breaches.”
All this speculation regarding the increasing frequency of data breaches and credit card security may have some readers wondering: What’s wrong with the current system that allows this to keep on happening? As it turns out, the answer is a fairly simple one. The system is out-dated…and by that we mean, nearly half a century out-dated.
Experts say the United States still uses a system which relies on antiquated magnetic strips. “What we need to do in the U.S. is replace the architecture that has been deployed over the course of the last 40 years,” says Jason Oxman, CEO of the Electronic Transaction Association, who spoke with NPR. “That’s how long mag stripe cards have been on the market.”
So what’s the hold up? Why is the U.S. so far behind when it comes to credit card technology?
Oxman says it’s partially because of the nation’s early adoption of the Internet; the mag stripe, he says, worked just fine until the rise of the personal computer, when it became incredibly easy to counterfeit credit cards. In response, most retailers started using an online system to verify credit card authenticity. But not all countries were able to do the same; the U.S. just happened to have a strong telecom network at the time, so online verification was the logical next step.
In most other parts of the world, retailers switched to what are commonly known as chip cards or smart cards, an offline alternative for verifying authenticity. Oxman says the U.S. never needed to use chip cards before because “our online system of authorization has been a replacement for that offline chip.”
But all that is about to change, NPR says; data breaches have gotten bad enough that around this time next year it’s likely that neither your debit or credit cards will have a magnetic stripe, instead, chip cards are likely to become standard.
Mallory Duncan, president of the National Retail Federation, who also spoke with NPR, warns that even with a switch to chip cards, fraud is still likely to occur, and retailers are hoping to move towards a tokenization system, a system already used by ApplePay, which debuted Tuesday.
Currently, more than 220,000 stores accept wireless payments from ApplePay, and the app is available to anyone with an iPhone. The system is safer than the mag stripe and the chip card because it neither shares nor stores your credit card information. Ever. Instead, when you load a card number into ApplePay, it’s assigned a random 16-digit token, which is then stored on a secure chip within the phone, and which can only be unlocked with a fingerprint scan.
Retailers think that ApplePay, and other systems like it, might be the next step in keeping customers’ transactions secure and preventing fraud. But tokenization isn’t yet available for credit cards, and, given it’s taken us this long to say goodbye to the mag stripe, it might not be available for a good long time. The issue? Tokenization of credit cards would require a massive system upgrade, both for retailers and for banks; until then, ApplePay, and its competitors, could very well be your new best friend.
Want more great content like this? Sign up here to receive the best of Cheat Sheet delivered daily. No spam; just tailored content straight to your inbox.