Protecting Against Online Hacks through Chip-and-PIN Technology

Data breaches are far too commonplace for consumers these days. The hack on the U.S. Office of Personnel Management resulted in thieves acquiring the sensitive personal information of thousands of federal employees. And in recent headlines, the attack on Ashley Madison exposed the personal information and indiscretions of thousands of its users. These massive data breaches and others like it demonstrate that data thieves are well and alive. Now more than ever, securing sensitive personal and financial information is a pressing concern for consumers, and more measures are needed to prevent and minimize the fallout from “information terrorism.” Absent a comprehensive cybersecurity framework, policymakers and business leaders should focus on improving payment security systems that would prevent theft and fraud, even when breaches occur.

Consumers are quickly becoming desensitized to data breaches as more than 30 million reported incidents of unauthorized transactions happen annually. Over the last year, the nation’s retailers and financial firms have worked hard to modernize their systems. Congress has also considered cybersecurity legislation, but those efforts have since stalled. As a result, American consumers will remain vulnerable to more cyberattacks, identity theft, and subsequent financial losses.

It’s true that implementing theft-proof payment systems will take time. But there are tools available that would make a difference. For instance, our nation’s archaic credit card technology relies on decades-old magnetic stripes and an easily forged signature as a secondary form of identity verification. To improve security, credit card companies are deploying new microchip-enabled cards that encrypt data at point-of-sale terminals during transactions. Unfortunately, these cards still rely on a signature as a secondary form of verification. We know that signatures can be forged or ignored at the point-of-sale that decreases the overall security of the microchip-enabled credit card process.

A more sophisticated technology is the use of Chip-and-PIN cards that provide two unique elements of security. First, the microchip encodes each transaction at the point-of-sale terminal so that the consumer’s information cannot be duplicated. Second, the consumer must verify his or her identity by entering a PIN number. The transaction is authorized after both of these conditions are met, making it much more difficult for a criminal to commit fraud with stolen data. Most Americans already complete these steps when withdrawing money from an ATM or making a debit card payment. This system is familiar and effective.

Chip-and-PIN technology has long been the standard for transactions in Europe, Australia, South America, and parts of Asia and Africa. There has been a sharp decline in counterfeit and fraudulent transactions in all of these places. This two-pronged protection offered by Chip-and-PIN cards has reduced in-store fraud in Canada by 50 percent and by 70 percent in the United Kingdom.

Here in the U.S., consumers should have the same choice and the same protection. While the financial community argues that consumers do not want to remember a credit card PIN number, we have already seen that consumers choose PIN-based debit card payments over using a traditional credit card almost two to one.

Like many Americans, I had my personal information stolen online and I’m still dealing with the costly consequences. Consumers should be on the winning side of the battle waged against our personal information, identity and assets. Chip-and-PIN technology would allow us to rest better at night, knowing that there is an effective deterrent in place that keeps criminals from defrauding honest Americans. Now, we need the credit card issuers to hear these concerns and adopt Chip-and- PIN technology because it is in the public’s interest, and it’s the right thing to do.

Nicol Turner-Lee, Ph.D., is the Vice President and Chief Research and Policy Officer for Multicultural Media, Telecom and Internet Council. 

Morning Consult