Wall Street Journal: New Credit Card Standards Will Make Hacking Harder
The Wall Street Journal | December 23, 2013
By Ben DiPietro
Good news for credit card users who had their data stolen in the Target Corp. breach, or who are worried about losing their data the next time they swipe their card to pay for a purchase: New standards taking effect the next two years will make it harder for cybercriminals to steal your information. The bad news? It’s still going to be two years before all those tougher standards are implemented.
The Payment Card Industry Data Security Standard 3.0 takes effect Jan. 1, but merchants and others who process credit card and debit card payments will have until the end of 2014 to raise their level of compliance from the PCI Standard 2.0 rules now in effect. The new rules will require greater oversight of all payment systems vulnerable to an attack–and not just those most likely to be hit–and more checks to make sure malware, bots or other means of attack have not breached the security protocols in place, said Rush Taggart, chief security officer at payments technology firm CardConnect. Also, by October 2015 credit card issuers are supposed to switch from the magnetic stripes on the back of cards that hold customer data—the hackers who stole the information from Target reportedly took the data from such stripes—with chip-and-pin technology that will store the data on embedded chips and also allow for a unique customer pin code for each transaction, making it harder for criminals to steal information, he said. Such cards are already widely used in other countries.
“What ultimately is the answer for merchants is to minimize or eliminate the problem of PCI compliance. The tokenization of cardholder data goes a long way to doing that, and using compliance service providers will be a major aspect of it going out from 2014 into 2015. Aggressively migrating to chip-and-pin and a point-to-point encryption-compliant solution is the only way out for merchants,” said Mr. Taggart. All the changes will significantly bring down the risks for merchants and card processors, he said, but until then, the threat of significant breaches will remain for about the next two years.
Click here to read this article on The Wall Street Journal.
This article appeared in The Morning Risk Report, which can be subscribed to here.