One of the largest challenges facing the credit card industry today is the proliferation of technology and the ubiquitous nature of the credit and debit card. The nature of the technology used yields significant effects around the associated data security and the ability to protect the consumer’s data from fraudulent activity. The industry has created a standard known as the Payment Card Industry (PCI) compliance standard which mandates that any merchant who accepts credit cards must meet a minimum standard of compliance or face fines. Visa, MasterCard and American Express all have published their individual specifications. The PCI program is an overall reaction to the theft and hacking of credit card data. A recent example of hacking is found in the theft of 4.2 million credit and debit card numbers from Hannaford’s of Maine. As can be seen in the article from the Lincoln County News on Hannaford the trust is eroded for the customer in the credit card company as well as in the organization who had their data compromised. Hannaford also has a statement that clearly identifies its compliance to the PCI standards.
A new piece of technology that is being introduced by many of the credit and debit card companies is the built in RFID (Radio Frequency Identification) tag. This technology allows the user to be in proximity of a scanner and eliminates the need to ‘swipe’ the card and sign on a receipt or pin pad. MasterCard has some fairly common commercials on the use of this type of technology which they call “Paypass”. This technology is being hacked fairly easily with the purchase of a credit card RFID reader on EBay for $8.00 and then using a simple terminal program to begin reading credit card information without actually viewing the card. This NY Times article shows how easy it is to read credit card data by being in proximity of the card and the Engadget / BoingBoing article shows how a hacker has done this and suggests stainless steel wallets for everyone.
Consumers value the convenience offered by vendors who accept credit and debit cards and they are here to stay. The technology and data security issues will have to be addressed and the credit card issuing companies are taking steps to ensure the protection of consumer. RFID is fraught with privacy challenges that are only just beginning to surface. More marketing attention should be placed on the PCI and privacy compliance. Unfortunately most companies’ privacy statements are buried at the websites reviewed by this author. Vendors and credit card companies need to take a more proactive stance with consumers before confidence is completely eroded.
-End of Ramble