Can you really trust Sen. Richard Durbin (D-IL) to stand up for consumers and get it right this time? He claimed fives years ago that putting price controls on credit and debit card translations, something demanded by big box retailers, was in our interest and he turned out to be wrong. We as consumers have not seen any benefit from that. Now the senator, who would have us believe he’s an expert on identity theft and credit card fraud, thinks “chip and pin” features on our credit and debit cards will protect us. But these measures won’t protect us from the instances of hackers obtaining our card data from major retailers like what happened in the last few years with Home Depot and Target where millions of customers had their billing information obtained by hackers.
Sen. Durbin has had a cozy relationship with retailers like Wal-Mart and Home Depot. His campaigns have received many donations from these interests, while Durbin has gone to bat for them on key issues, such as the interchange fees on credit and debit cards and now the matter of “chip and pin.” Sen. Durbin is the best member of the nation’s highest legislative body their money could buy.
Durbin and retailers are pushing for chip and pin features as the answer to credit card fraud, but that won’t protect consumers from the major sources of fraud. Outdated kiosk computer system that process sales have allowed clever thieves to install malware viruses that relay customer credit card information to them. This is exactly how 70 million credit card numbers of Target customers, and 56 million credit card numbers of Home Depot customers made their way into the hands of thieves.
According to the Identity Theft Resource Center, these kinds of data breaches are the the number one cause of credit and debit card fraud. After these disasters, the major retailers should be working to increase the security of their own computer systems. But instead, the retailers are relying on slick lobbying campaigns and working with well-compensated politicians, like Sen. Durbin, to confuse the issue. Specifically, the retailers have been clamoring for banks and credit card companies to issue cards with four-digit PINs.
PINs are annoying to consumers and, from a security perspective. Also, they are relatively worthless, as a four-digit numerical password is inherently insecure because there are only 10,000 unique combinations. A computer can generate all of them in under one millisecond, making “brute force” attacks completely painless for any mildly sophisticated criminal.
Indeed, law enforcement officials in Europe, where credit card PIN use is more prevalent, have observed thieves adapting, sometimes by waiting to view someone key in their PIN before stealing their card.
But what’s easy for a computer is sometimes difficult for the average person, who carries four cards in their wallet, to remember. For these reasons, experts consider PINs to be headed shortly to the scrapheap of history, to be replaced by much more sophisticated approaches like encryption and tokenization.
That doesn’t mean that PINs can’t be a useful cudgel for the retailers, who are looking to use the issue as a wedge that prevents them from upgrading their outdated technology faster. Note computer security expert, Sen. Durbin, weighed in on the issue this week by writing a letter to the FBI. Durbin complained the FBI hadn’t included language about PINs in the final version of its consumer bulletin that even the newest types of credit cards are still vulnerable to fraud.
It must be the Chicago way for the Senator from Illinois. He’s the second-ranking Democrat in the Senate. Durbin sure is shameless about plugging for the big box stores, which have consistently poured hundreds of thousands of dollars into his campaign coffers, according to data from the Center for Responsive Politics. Some would say it’s the Chicago way.
You may remember a major lobbying dust-up over credit card “interchange fees” about five years ago. Durbin led the charge to put price controls in place on how much Visa, Mastercard and other companies could charge stores to process their payments. The government-set prices were supposed to help consumers, but that turned out not to be the case, as studies since then have showed the big box stores just took home the extra profit and laughed their way to the bank.
Look, it’s one thing to nakedly fight for your own bottom line in a clear business-on-business K Street war. It’s another to alarm consumers with warnings about a discredited security technique when your own stores (and Durbin’s own donors) are the ones practically giving their customers’ credit card numbers to fraudsters.
Shame on Sen. Durbin. He’s best Senator the big box stores could buy.