Security Is A Moving Target

February 13, 2014 at 9:53 am Leave a comment

At the end of WW1 the French built the impenetrable Maginot Line, a series of defenses perfect for the trench warfare that dominated the war. Unfortunately for the French and everyone else, it wasn’t all that useful against tanks and mobile armies, so by the time WWII started the French might as well have been taking a knife to a gun fight.

There was a lot of talk in Congress last week about chip based credit card technology and whether the merchants should be forced to adopt this EMV technology. I’m all for it: even if the technology is twenty years old, it’s still better than continuing to rely on magnetic strip technology developed in the 1960’s.

Proponents of the technology point out that Point of Sale fraud dropped dramatically in Britain when it was adopted.
But yesterday, a corporation owned by the nation’s largest banks reminded us that chip based technology is no panacea. The problem, as explained in this Tech World article, is that “[w]hile EMV is great for securing card transactions at point-of-sale terminals, it is less useful for online payments and other card-not-present transactions. That is one of the major reasons why payment card fraud has migrated from point-of-sale systems to online channels in Europe and other places that have already adopted EMV.” Case in point: on-line break-ins spiked in the U.K.

To fill the gap the Clearing House Payment Company, which is owned by 22 large banks, is advocating for the increased use of token technology, which means that instead of using the same number when making online payments credit card information would be translated into unique computer generated sequences. (I know, I just made the IT people cringe, but you get the idea).
The problem with policies mandating the adoption of specific technology-like EMV- or codifying specific security standards – like the privately developed PCI standards – is that they would most likely be outdated within days of any Congressional mandates. Let’s face it, the hackers know a heck of a lot more about technology, and move a heck of a lot faster than Congress ever will. There is no Silver Bullet that is going to magically make hacking go away.

All this underscores why merchants have to have some skin in the game. If there was a legal obligation for merchants to have reasonably prudent secure data protections and procedures, then the merchants would have an incentive to make the necessary data protection investments and to upgrade these protections as technology changes. Just as banks and credit unions have been sued by account holders claiming that outdated security protocols opened the vault for electronic crooks, merchants would have to be able to defend their protections before a jury of their peers.

Remember, about a decade ago Target took a pass on adopting EMV technology for all its stores because the projected price tag of about $40 million was too high. That’s pretty much the same amount the data theft of their stores over the holiday season cost credit unions.

Entry filed under: Advocacy, General. Tags: , , .

Yellen Takes The Helm Of The Good Ship Lollipop Marijuana Limited

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed

Authored By:

Henry Meier, Esq., General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 483 other followers