Sen. Richard Durbin (D-IL), who was wrong about price controls on interchange fees on credit and debit card transactions fives years ago, now sides with the big box stores in pushing for ineffective “chip and pin” protections on credit and debit cards. Durbin is hardly an expert on these issues, but he surely is bought and paid for by retailers. While it’s claimed the lack of these features makes us vulnerable to fraud, the single biggest vulnerability is for identity theft and credit card fraud in your name: it’s using your card at major retail store that have repeatedly been breached by hackers. Contrary to what credit card security expert Durbin claims, more than chip and pin is needed to ensure security of our credit and debit cards.
Using outdated kiosk computers to process sales, retailers have allowed clever thieves to install viruses that silently relay customers’ credit card info back to them. This is how Target negligently let thieves pilfer 70 million card numbers, it’s how Home Depot allowed 56 million credit card numbers to be stolen, it’s how Michaels’ stores – well, the list goes on. But that’s how it happened. Chip and pin features offer absolutely zero protections against such threats.
Facing these disasters, big box stores might work to increase the security on their own systems, that, according to the Identity Theft Resource Center, a non-profit organization that monitors identity theft and assists victims, are the number one cause of data breaches.
Alas, the stores’ have decided to instead to rely on slick lobbying campaigns and well-compensated political allies, such as Sen. Durbin, to confuse the issue. Specifically, the retailers have been clamoring for banks and credit card companies to issue cards with four-digit PINs.
PINs are annoying to consumers and, from a security perspective, relatively worthless. A four-digit numerical password is inherently insecure because there are only 10,000 unique combinations. A computer can generate all of them in under one millisecond, making “brute force” attacks completely painless for any mildly sophisticated criminal.
Law enforcement officials in Europe, where credit card PIN use is more prevalent, have observed thieves adapting, often by waiting to view someone key in their PIN before stealing their card.
While remembering a number of PINs is easy for a computer, this can be a challenge for the average person, who has four or more different credit and debit cards in their wallet. Security experts, for this reason, expect the use of PINs to be soon phased out in favor of more sophisticated security measures like encryption and tokenization.
But rather than updating the security of their computer systems, retailers find PINs to be a useful distraction to discussion of the real causes of credit card fraud. The big box stores most loyal Senator, and noted computer security expert, Dick Durbin jumped in on the issue this week by sending a letter to the FBI. He complained that the FBI’s consumer bulletin didn’t included language on PINs even though the newest types of credit cards can still be vulnerable to fraud.
For the second-ranking Democrat in the Senate, Durbin sure is shameless about plugging for the big box stores, which have consistently poured hundreds of thousands of dollars into his campaign coffers, according to data from the Center for Responsive Politics. Some would say it’s the Chicago way.
You may remember a major lobbying dust-up over credit card “interchange fees” about five years ago. Then, Durbin led the charge to put price controls in place on how much Visa, Mastercard and other companies could charge stores to process their payments. While the government-set prices were supposed to benefit consumers, case studies have shown the major retailers pocketed the money rather than passing on the savings to consumers.
It’s one thing to nakedly fight for your own bottom line in a clear business-on-business K Street war, but it’s quite another issue to alarm consumers with warnings about a discredited security technique when your own stores (and Durbin’s own donors) are the ones practically giving their customers’ credit card numbers to fraudsters.
Shameful, Sen. Durbin. With friends like this senator, consumers don’t need enemies.