Once More into the Data Breach
If you’re sickened by the holiday season data breach that took place at Target, take heart, there really is something you can do about it or more precisely there’s something your credit card issuers can do. First, some fun facts courtesy of the New York Times.
- The United States accounts for more than 47 percent of global credit card fraud, while generating only 24 percent of card spending, according to the Nilson Report, a card industry newsletter.
- More than 80 countries around the world use smart-chip technology, but less than 1 percent of credit cards in the United States have the technology.
What’s sickening about this situation is that smart-chip technology, i.e. chips on your credit cards rather than the mag stripes we know, is old technology. Chips aren’t as old as the mag stripes, which were invented in the mini-computer era; they only go back about a decade. Europe began embedding chips back in 2002. I guess we’re still waiting to see if it works.
Smart chips offer one of my favorite technology stories and make me seem smart, this one goes back to the Enigma Device of World War Two. Enigma, you might recall was a pre-computer that encrypted messages one letter at a time so that each letter had a slightly different solution which made the code virtually unbreakable, except that the Allies eventually did find ways to break it. One of the ways was to capture German U-Boats, which relied on the codes to collaborate with their home port and other U-Boats to sink Allied shipping. Do not underestimate the difficulty of capturing a submarine from a hostile crew in the open ocean.
But enough of that. The chips enable each credit card transaction to be scrambled with a unique code. The code might be breakable but by the time the bad guys can break it, the whole system is using another cipher so the code breaking effort is moot.
It’s one thing to have a healthy skepticism about new technologies but quite another to ignore something that works at a time when a solution is needed. No company such as Target should be expected to carry the whole load for something like this and blaming Target for the mishap might make us all feel good but it misses the point. Electronic commerce in North America needs a system that’s equal to the challenges of modern thieves but what we have is a solution comprised of thousands of Balkanized efforts to physically protect data.
Think of the irony in this. We have a government agency, the NSA, slurping up all of our communications data perfectly and private enterprise can’t manage to protect itself from thieves. And all of this is happening with the backdrop of political wing nuts claiming the government can’t do anything right. Ha!
(Cross-posted @ Beagle Research, LLC)