Now is the time for better payment security

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://fedscoop.com/now-is-the-time-for-better-payment-security

With nearly a dozen cyber and data security bills currently on the table
between the House and the Senate, Congress has clearly established data
breach prevention as a priority, particularly as it relates to protecting
consumers and their financial well-being.

Over the past several years, however, we've seen holes develop in our
financial security systems that need immediate attention from our leaders.
Countless data breaches and cyber hacks have revealed the flaws in our
payment tools that continue to threaten the financial stability of
consumers.

And with so many of the country's leaders in positions of power to improve
financial policies and practices, consumers wonder why conversations in
Washington, D.C., don't also factor in the lackluster efforts of banks and
credit card companies to issue more secure payment tools to consumers. Now
more than ever, legislators must exert pressure on agencies like the
Federal Reserve and the financial industry itself to improve our payment
security systems.

The Obama administration and other policymakers on Capitol Hill continue
newfound efforts to improve our credit and debit card security. Most
notably, President Barack Obama issued an executive order last fall calling
for all federally issued payment cards to be equipped with chip-and-PIN
technology, a secure system used throughout the world. In the U.S., we
currently use magnetic strips – which house our financial information
similar to the way the film from a VHS tape houses the video – and sign for
purchases.

Realizing that the magnetic strips are easily copied, the financial sector
is finally trying to catch up with the rest of the globe, instituting
chip-equipped cards. The replacement effort still includes easily forgeable
signatures, though, providing little to no protection of our financial data
once in the hands of cyber thieves.

"This is all so unnecessary," CBS News reports. "In Europe and most of the
rest of the world, the easily compromised magnetic-strip cards we use here
in the states are history. Instead, they use ... chip-and-PIN technology,
which has dramatically reduced fraud rates." It is also a greater
protection for American businesses, which absorb less of a burden and risk
when customers use a PIN.

Should a thief attempt to steal or counterfeit a chip-and-PIN card and
proceed to use it for an in-store purchase, it would be useless without
knowledge of the PIN. Despite empirical evidence to back up the success of
the two-prong technology, business leaders on Wall Street resigned to
inadequate efforts in updating our payment tools.

Democratic Sen. Mark Warner of Virginia has agreed more financial security
is needed for consumers and scrutinized the chip-and-signature trend in a
letter to federal banking regulators earlier this year. Warner expressed
his frustration with chip and signature, questioning the path of the
financial institutions when "better anti-fraud technology and
authentication measures exists and indeed are prevalent in other
countries." But he shouldn't go at it alone.

Lawmakers from the House and Senate have introduced at least a half-dozen
cybersecurity bills since March. But it remains to be seen if any of these
bills incorporate improved payment security and the implementation of
chip-and-PIN technology.

As congressional leaders continue to champion legislation that protects
consumers, they must ensure that Americans are safeguarded against scams
threatening their financial well-being.

Now is the time for more of our policymakers to join the effort to equip
Americans with greater protections at the cash register. Consumers deserve
the highest threshold of protection for a more secure payment tool, and
they rely largely on the government to provide that assurance. Given the
increased momentum on Capitol Hill to protect consumers from financial
harm, an opportunity exists for the country's leaders to help provide those
protections by championing chip and PIN.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!