Old “Big Box Stores” Lobbying Against Effective Credit Card Security
If you’ve ever had a credit card number stolen, you know what a serious pain it can be. Losing a card to fraud can be the simple annoyance of your card being cancelled by the watchful credit card issuing company and having to wait for a new card to a full out identity theft which can cost thousands.
How are cyber thieves stealing the card numbers? The main way for thieves to get your information comes from beaching the older large department stores’, or “Big Box Stores,” often-antiquated technology. A customer’s single biggest vulnerability for identity theft and credit card fraud is using your card at major retail stores that have repeatedly been breached by hackers.
These stores use outdated kiosk computers to process sales. These retailers have allowed clever thieves to install viruses that silently relay customers’ credit card info back to them. This is how Target negligently lost 70 million card numbers, it’s how Home Depot allowed 56 million credit card numbers to be stolen, it’s how Michaels’ stores – well, the list goes on.
The Identity Theft Resource Center, a non-profit organization that monitors identity theft and assists victims, says one solution to this type of breach would be for the individual stores to upgrade their systems to protect the consumers. Seems logical. However, that is costly, very costly for the big box store. Another solution might be to rely on friends in government to run cover for you.
Rather than fix the systems causing the breaches the big box stores have decided instead to rely on slick lobbying campaigns and well-compensated political allies to confuse the issue. Specifically, the retailers have been clamoring for banks and credit card companies to issue cards with four-digit PINs. There is plenty of great new technology the banks and card companies can employ, but PIN’s aren’t it.
PINs are annoying to consumers who often have several cards each with a different PIN to remember. From a security perspective, PIN’s are relatively worthless. A four-digit numerical password is inherently insecure because there are only 10,000 unique combinations. A computer can generate all of them in under one millisecond, making “brute force” attacks completely painless for any mildly sophisticated criminal.
PIN use is more common in Europe. European law enforcement officials have observed thieves quickly and easily adapting to PIN’s, sometimes by waiting to view someone key in their PIN before stealing their card. Its obvious PIN’s are not the answer and are headed to the scrapheap of history, to be replaced by more sophisticated technology like encryption and tokenization.
So why is the honorable Senator Dick Durbin (D-IL) hammering the FBI about the use of PIN’s in America? Could it be because the big box retailers are one of his largest donors? Say it isn’t so! Would a sitting Senator confuse an issue only to help his big box donors at the expense of his constituents? You decide.
Retailers realize that PINs are essentially useless, but they are a useful cudgel if you are looking for ways to slow the demand for upgrading their outdated technology.
Durbin complained in a letter this week to the FBI. He’s upset that they hadn’t included language about PINs in the final version of their consumer bulletin that states even the newest types of credit cards can still be vulnerable to fraud. The bulletin “raises significant questions about…whether the FBI is taking appropriate steps to warn against and deter payment card fraud involving lost or stolen cards,” Durbin wrote.
It’s the Chicago-way. For the second-ranking Democrat in the Senate, Durbin sure is shameless about plugging for the big box stores, which have consistently poured hundreds of thousands of dollars into his campaign coffers, according to data from the Center for Responsive Politics.
At least Durbin is consistent. A few years ago Durbin fought for his Big Box Buds in a major dust-up over credit card interchange fees. Durbin led the charge to put price controls in place on how much Visa, MasterCard and other companies could charge stores to process their payments. The government-set prices were supposed to help consumers, but that turned out not to be the case, as studies since then have showed the big box stores just took home the extra profit and laughed their way to the bank. Another win for cronyism. The public hardly noticed how Durbin protected his big box interests in a fight between two behemoths of industry and lobby.
This time, however, it’s the consumer Durbin is really going to hurt with his loyalty to his big box bedfellows. PIN’s are a useless smoke screen. The solution lies in the big box stores upgrading their systems and superior technology being employed at the point of sale. Alarming consumers with warnings about a discredited security technique when your own stores (and Durbin’s own donors) are the ones practically giving their customers’ credit card numbers to fraudsters is shameful, but that’s never stopped politicians like Durbin before.
Aren’t Democrats supposed to fight against big business and defend the little guy? Isn’t Durbin a defender of the single mom trying to make ends meet shopping at a big box store for the cheaper prices? Maybe not. Sorry lady, with defenders like Durbin, you might not want to use your one and only credit card at a big box store.