U.S. Credit Card Firms Slow to Upgrade Security
By: Jeff Martin, Claims Journal, June 2016
Visa and MasterCard are using security measures prone to fraud, putting retailers and customers at risk of thieves, The Home Depot Inc. says in a new federal lawsuit.
It’s the latest giant retailer to raise the security concerns, with a lawsuit filed this week in U.S. District Court in Atlanta. Last month, Arkansas-based Wal-Mart Stores Inc. sued Visa Inc. over similar issues.
Atlanta-based Home Depot says new payment cards with so-called “chip” technology, rolled out in the U.S. in recent years, remain less secure than cards used in Europe and elsewhere in the world.
Even with chips, U.S. cards still rely on customers’ hand-written signatures for verification, rather than more secure Personal Identification Numbers, or PINs, Home Depot maintains.
A Mastercard spokesman said the chips boost security.
“Regardless of how the cardholder’s identity is confirmed, the chip makes data much more secure, rendering it almost useless to create fraudulent cards or transactions,” MasterCard spokesman Seth Eisen said in a statement Wednesday.
MasterCard received the court filing Tuesday and is still reviewing it, Eisen said.
“We are aware of the complaint and will respond in due course,” a Visa spokeswoman said in a statement Wednesday.
A central issue in Home Depot’s lawsuit: Its accusation that Visa and MasterCard are conspiring to prevent adoption of more secure technology in order to maintain market dominance and profits.
“For years, Visa and MasterCard have been more concerned with protecting their own inflated profits and their dominant market positions than with the security of payment cards used by American consumers and the health of the United States economy,” Home Depot states in its 138-page lawsuit.
About 80 nations use cards with chips, and most of them – including England, France and Australia – also require a PIN, Home Depot said.
“Such cards offer an extra layer of security beyond the chip itself, by requiring the user to enter a four-digit PIN, thereby ensuring that the individual using the card is the card’s owner,” Home Depot states in its lawsuit. “Signatures can be copied or forged, and cashiers are not handwriting experts trained to identify forged signatures.”
As a result, U.S. consumers and merchants such as Home Depot pay fraud-related costs that are “unrivaled in the rest of the industrial world.”
A chip in combination with a PIN is a form of “two-factor authentication,” said Craig Piercy, director of the online master of internet technology program at the University of Georgia’s Terry College of Business.
“It basically means that you have something with you – usually a physical thing – and something that you know. Both together are required to authenticate a user.”
If a card is stolen, even one with a microchip, a thief could still use it by inserting it into the card reader, then scribbling the name on the card on a receipt or pad near a cash register
But if the thief doesn’t know the PIN, the card would be rejected.
“Neither one protects against all types of fraud, but in terms of protecting against lost or stolen cards, chip and PIN is more secure,” Piercy said.
Home Depot was targeted in a wave of data heists that began with Target’s pre-Christmas 2013 attack. But Home Depot’s 2014 data breach at stores in the U.S. and Canada affected 56 million debit and credit cards, far more than the attack on Target customers. Hackers also stole 53 million email addresses from Home Depot customers.
In the world of retailing, the size of the theft at Home Depot trails only that of TJX Companies’ heist of 90 million records disclosed in 2007.
Home Depot pushed hard to activate chip-enabled checkout terminals at all of its stores after the 2014 attack.
Even with chip technology, the lack of PIN requirements in the U.S. could lead to rising fraud in the future, as more transactions shift to online payments where no physical card is presented, Home Depot said its lawsuit.
Last month, Wal-Mart said in a lawsuit that Visa won’t allow it to let customers verify chip-enabled debit card transactions with PINs rather than the less-secure signature method.
“PIN is the only truly secure form of cardholder verification in the marketplace today, and it offers superior security to our customers,” a Wal-Mart spokesman told The Associated Press after its lawsuit was filed last month in the New York State Supreme Court.
(Associated Press writer Anne D’Innocenzio in New York contributed to this report.)
Categories
- Benefits Resources
- Bonding
- BOP
- Business Insurance
- Commercial Auto
- Commercial Property
- Company News
- Construction
- Crime Insurance
- Cyber Insurance
- Directors & Officers
- Employee Benefits
- Employment Practice Liability Insurance
- Entertainment
- General Liability
- Health Insurance
- Healthcare
- Healthcare Reform
- Homeowners Insurance
- Hospitality
- Manufacturing
- Medical Malpractice
- Mining & Energy
- Nightclubs
- Personal Auto
- Personal Insurance
- Professional
- Restaurants
- Retail & Wholesale
- Risk Management Resources
- Safety Topics
- SBA Bonds
- Security
- Seminars
- Technology
- Tourism
- Transportation
- Uncategorized
- Workers Compensation
Archives
- May 2021
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- November 2018
- September 2018
- August 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- February 2013
- November 2011
- October 2011
- September 2011
- July 2011
- June 2011
- March 2011
- November 2010
- October 2010
- September 2010
- April 2010
- February 2010
- November 2009
- October 2009
- November 2008
- August 2008