Enterprise Applications - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Enterprise Applications


The Retail Credit Card Addiction



 By: Evan Schuman
2007-10-08
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Enterprise Applications story.


  Table of Contents:
  1. The Retail Credit Card Addiction
  2. ' The Retail Credit Card '

Rate This Article:
Poor Best
The Retail Credit Card Addiction
( Page 1 of 2 )

Opinion: A proposal to allow merchants to not have to save credit card numbers is bringing to light how those numbers are being used beyond just charging products.

Major retailers, just like any large business, do not like being told by partners what they can and cant do. But when the credit cards told merchants that they must retain credit card information to deal with returns and chargebacks, they balked, but then agreed.

Like any good business, they tried taking an unpleasant requirement and turning it into a business advantage. Consider suppliers being forced to use RFID (radio-frequency identification) who then use it to better track their own product movement or e-tailers who reluctantly comply with accessibility rules and then discover that it costs them less in programming and development and their pages load faster.

Retailers started using the credit card numbers to identify purchases with specific consumers, given that they had to store them anyway. It turned out to be a convenient link into CRM (customer relationship management) systems, especially for customers who werent using the traditional retailer-issued loyalty card.

On the e-commerce front, some (relatively few, but some) online merchants were using the mandatory credit card retention to allow customers to make purchases more quickly.

This has been going on for quite a few years. A relatively logical proposal floated by a major industry group is now threatening to rock the credit card boat, potentially exposing just how much retailers are now addicted to plastic numbers.

Last week, the National Retail Federation formally launched its campaign to get credit card companies to permit retailers to not store credit card numbers.

The move was masterminded by the NRFs CIO, Dave Hogan, who has floated this idea to the industry for months. (I remember him eloquently and passionately making his case for changing how credit cards are dealt with about two months ago, as I listened to him on a cell phone at a Toyota dealership, thinking this was one of the more surrealistic things to listen to while getting a car door rehinged.)

Resource Library:

Hogans idea, in its simplest form, is that retailers should stop being required to save credit card information. If the credit card firms want it saved, they are quite free to save it themselves. After all, Hogan argued, "it makes more sense for credit card companies to protect their data from thieves by keeping it in a relatively few secure locations than to expect millions of merchants scattered across the nation to lock up their data for them."

Indeed, it does make sense. But Hogans idea, while alluring and almost seductive (in an ultrageek-like data protection way), has several logistical roadblocks.

For example, at best, the Hogan proposal could sharply minimize how long the sensitive credit card data is in the retailers system, but its not likely to eliminate it. For magstripe cards (contactless is a different situation), the numbers are going to be seen by the store employee (who is always the biggest security weakpoint) and will then be almost certainly entered into the retailers system, en route to a processor for approval.

Even if the number is dumped the instant the verification number comes back, its still there long enough to be sniffed or captured by a Trojan Horse. Indeed, thats one of the things that TJX said happened to them.

A contactless card could bypass the cashier, which helps a little. But to bypass the retailers network entirely would require either a third-party service or to have the processors or the card companies install their own devices at the point of sale.

Thats clearly a dramatic—and incredibly expensive—move by quite a few players in the payment space. Less dramatic approaches would be upgrading security to protect that small window of vulnerability or to all but eliminate them.

Page 2: The Retail Credit Card Addiction





  Reader Comments: The Retail Credit Card Addiction
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Enterprise Applications Articles          >>> More By Evan Schuman
 


x}ks㶲qU'HQO[#Mɶ<4LvT I)rkG2gxjlFwh4y$3G3L{BcnQ9ЧGoMz$vv޼yh#(3`o92rdPt[dq3ʲf g3nM[7 XuEijR>h+www;6;2StgFovT( pdi vd5M-0^w: Ouq gr,ȯɷD*%`JZ-$/ Z@ NVP? uΑkQ2Z-_ J6ԒRoIna>E4f™XTYln\ :WW~ :Sdo̲1<?TrJg3F~5uVק'݋uISGV=Bg#j`BmiuZʿup}6O{uHYz>54Y0^H;dOzǃϗ2 ˏGgcdt,'ˇ0dio,Y\H.)M|(7 F`X@7? iP2zq* 2@/a7W Q<88mT3o`2 f4.fh- @ho*KjLrM&@Sk~$M5ņ])!ed*}/)`I˪ TE&嗋mQq>]Q${3BDȭ`g/3A.r)i!`o8{ØWXף(x_ .ã!fmٜ҅%]Wc>ޢG=-+<ǞN;ǫ _.=t;0*>c]g",QqsuTStTkՃt =Jj2o+&r/L f[Ԗ-Pò˔A ޿NfQ |>95Gm'!|Аd6ml-3IXn`"I4X86(Zt 0Iscм`yn`25f_#]5I#ˋ0P} 2/?Ch9N@tmS(}9\P lmV3-mdZ`1 5:%ޥ6tV\IQo '2(%%E2 4.gP)AH =k 99z  #!b+6Os@PGҙ3qJRF;7 +=*%nqR%a 934YIjL=?躾j1!|#'bXr`Y \h+|i)lb ը6؛PՃj>5hқM݄%Һ<M mX LcF3pEq<39`'s<4ğNP }Ǻ VV̚s=R.ƃ5jtݴyB͙iÂqjS9_Aa" eBC`9N{S~`jk(L%~Cz]0s k2 'yv=&.УB8$?iy>grGֶLo + jJ=SsA|5 i!3L&Ze onplZ`/R7uig#e&-JjE)1`k@Lf2,rƎe9wلAٌ$ Ei.rnHx HSXGSsDB$ԊU$of旪 đaaܧ^hN`lE+ 570M9#LKo=9;ĢL* 7~?DFS}O=ܴ>?CU^ofx,"ZTbjxSCZ\j8Y+0yϹoSO@H.աCg<ޗ8kC }w=(i4^Sz3t~ gn-!s㑏.S)c# ,c0kfW#S@TWHF(/h1 Ε TN:hb4B1_RN]Cy.+pD\POL_]XCc+LΓu O#%c:Yd:w@ݐZ,2tXݘ `1}j$>a#C`JEWFڬv33Ho 0ӛ-tq"~iͻ'M^,mhD1(dyDF4@/q8bk Nu|8ZJ5qvsTy9kY%f+aEyݚiz|ylFYTęty9~x˗ޒ-gn);pi%uQby.A!/5r=]'tNd_&z}V@ ϓ{^TJ_,09|փu8홗]`Ϙɧ~PFpapgHo| ]۠|m*Mn1}c%[ŜRx` fΌzlhN<͠1p NuLi;IղA Jk|#097 kS@}Otɲ\' ׫UV:]H3Az DBs=ǣۻBlpI3TlCXx|{ `KXXD`дJ+.avOT+e4A48&ˏ<`}֕^#1@E1 w܆cyIV~ZgZqRtt Е7ݓCRR>ib ϻg>?kٿn006ȇNA`}W?H LӀïR!4Z~~xq"u;lb8 } L@IP 4p5H1ڈ9W3QPFl/''݋6|v92DHv4|7wֻG{ёXKփ ;R%9!hUHN*<fSڌ7MJ,#Y`Xc?$]w ^Cһ:\qfij ^Ue z AUk>]wVu8/g`{y!^o ?"HtSO+C25 &r֚SE[BqLӆ'>fax!w-08D@ISN&M(I[`feafIlx8cƂN)tJȓÓ!F=)jIIYO)Eqhd*꒐~*~(i&'ءXҡԛ_/6'8 $O krisq/P{~%h dgKe 3 KqkP q,+ ` ;|E?RJ[L>XɫI-jշΫ؉|@s`czH4S `'#9ʼSsa GW ./CWC1kyR̵j idŽ%j{`ֳs9[Q> rЧxf"64Nlwy/ xESrmXi8:*/q)~<,?4f9鑋ހ+Ҿ<ju`~%X|ORoAn5h`waw;.|ʜ(=}![5'Zxu?qF.N~T1hKw+~Oy)턟yP1h鈧vlLgI")jAH*rQ)I}YDG㳑)G8{tH_ulǵ4/ Z7?/!N˷^+S*Q.rݙx%;6 kXܘ sF``9$Ϸ+v><.k3g> Uj)-2l5a\%4`$!9qGM4[|c5}XglKCD ;YZ.a*Sv7j2Ўy6NbM[ch2yr?L0 ÷2g@=\E );xP}(P'IL̘N80_BdJdA/βZNAIgآjB}s̕@- rF.6|p4ub"gQ<oGaX{2Q~tNӚ{,1f~dR7r-޴,WxDdId+N`$nU%Ɛ^Ar *qSm^&/{sk31%7{yb7ɶgZwz+ezbfartAech\{U,UVC\dkJ=j%j-ֈ^Nt b[0-ށkS # ZQlr7=⋧̓ACJl,8 qY,MP !眥xwwf)qjnIA9ҙ3 ұCHǚg +(8TRYh1PۆC& 2ъAȄC&7:L8l(w,%)_B=HgX!*:;&I)%fRHxY`ۀt`-mKϭzݗ̴jVR*ɡ0("|,Gx6HŢTm.b&sޘ=Hg֧@ zg<'zHj&r8HD" iҾ &zؚmx7ekϨ'k93M6h>LO$W=f5fVZLjeSD> 6;qbr ! @ Ww;lmX \n%էsn: D4㆚| + C:6D OI% =iv90' &LgTj{9@\=k΋#ֽnmVlU`R6fkO@m& H´L=\' *0՘6%BdlֆTLJYR.XJgozoV}ܴܴܴܴݴz]-=MϗF6nœ֧&U,m{^H[ȝ e"B\8m%6&l֖/lph@=27 >q!3_r ڵX?&ذx.7zۙc+>Sǃdһ^E86ɩ敩艄i= : /~BI.(@'ZH)pҙvn2.QQ|Q=!}=NEnU7k{/*nt!GX05;MKDA$1D3Bvj= yRRLf~ $~CX,qNoֆ__9|M͗3ѕda!'Pm >,9 Ezv|޶6.̱3 h&I7TY T\;l ;BW@ }52suq?k5L?0Lo o|} }}ߢ\חֺwK+}4~tYǂ:KpbIdL n@gb!zu=Y?!I& 4[!h& 4_`"运 …4{>Z?/cIr߼ҹi|К)=3@=DB@p~PW2+P%"ȖThm_Dםߖ5#0:1Ԗ"] @$DA206C7#mE8tNl Ͼg~gkl~HVZ˞H{˙8ʽZ;nrݸ4ş z+Bh"q5KDZ:5_Ñ[xx5:R50dț^gt찆w~&:@QE볗R_/u#t .W'5 ʗy0 ۖX '+wC4b%1Y~Gj 3Ta!rjK"0ta;|ca>Y;:8Sٿc y}o U6iZP_E,xq9x)@f8#nX};Ow!?O_tI5,S`, wh67`aVf0nۿPǸn2ۭy+o!qi4cH~n' |oy 턷够¤Zt'O|dQ+Cx8n 1w=]ĝ _.ON;mk)'>?FWLb}ܷ.z noRW.qI*X[qR]  TeQO㻝j+'k"VPVôL5cWF%5z J 0۷AX^qV1&c0F⸾X/[a0̉ߟ1Z'GBA8AXJXDJ ć!^ KECA%e3)4ka˰>FSYhf!11\Rëf՚rP\-Dr/N+J+ȈZnj\!1cTA9iAK5.'Z!ѤFGZj>A1Rhs05̈Gbv mz^CJ[76]4_q=!o7ݛAfnVuZLd< Gf߬rGn܀S~mQNa}b,!o7w"6٦k')KpʭG-tsvTa6 'jUi%RV 7tCyA x=G.UE0=R^6fa@שR'W*9O,P=ӂ"^GlۏRQ˥z5Ym8.f0Rac&F5"%Z:<}Q-mEJ)&>(-^a̷fᮧj@:`J#~4 4]_aJ1&oI{m >dg"'th&vUtRIujϳT5 >#4N cĞ뛫u,2 TY+ 66mX%d[htowAY&%Xf@>hf>fM5~vDD+4 ?R)!_6~uXW"гAܳFܞVkDž#J ]0] aL_ňVR>dDk9mǦNOeBѹЩ @>+pS C7R,6$Aeȃ5T?0tм`7~BJ{od}exx]J"rG:mkZ]GtMx ;[CG} zrt&ݒ_,Fãw_ 6a^fZq)IG^>xAnfa``ԓG=)׀gȂxBW7 elNh$~b Ƀ"uFf."T( 8`NZ`u3taCZ3&2>aQq}GL:C7>(4xJb4Jz3y9asH ]TW\AfHnb_=kXuh c>zS=|u|1[GB(W9Ĝ#Xzݍ\|uWv{~#:́ lZhY5F2*mG&/W>nr$[-YC) Q?9^nmDRRactkn ~a;mOBBR[}׽dbWoP$P +wdcB rY"|%,%R)T&}fA=bA!>?$~'Tmn$|s !8Xh0usXc- .E.ӻqwSܕmm>5Kq:rtԬ)ʾ*|{#a > c9rSRC´vx֢\/?>& .ycI ^yN4xPZ!௛6} =Lz%r`xfNRsdhhz߇[)rIS`7Csgrڻ"mrzǣUr]YOSa[+p ZOS E{1ȵNM<·_3meR0mw 5E9ši'\ «Q_esxgixID_04eODAwpD(/pY QJNa21S>9j6ZAwN|vuIÍ֧A=^Zǻm7s5N>Mo )ns9E' MjV}Q}xQ3Q+Q~Wˏ2ʑO'c(?^_~ 9͠{}?Bևr<'ז~ ?ӽ(ϵ~gY|Zs?9?ς=Ϡ9<>g9y^d(2(?rߋȐ  {z_.?.3޿x *~F~F 忬/1>Arߧ}}ʠ5_g^g55u%:Iʘ!gK\8=JeWr ~TA_d_y*%iFg質+V/_̠sk3U_?Cޫ@1~oenldڽ<$*WEntEճj񅗬fZk ǸZu yW /"y%6d(n%Y}Mʑ 4tk 7b[yBYII{R}tEI>tp̋i@Lw<_[nNJ>z9.~QJxdB$W0'fY kxcFUyD4kp'$1W YXf>!&)Lݞ܃~r m>G1[W_|=xjG܌Ӄ&X^A5\]φОϚ%f}ςoDB$p G 0d<.1Kx @LBDWiޣ6LgƟf uؑ&ɹT-jXjR'W:+0 'G1w)rQ:[VJ0X\^9Q(Fuoo*F0f=q'a1V1 !cc6H_,mgrlkt~Wwhy-g"d`*OL_j&%l g~1;=C$2).Kˌq?Ih"v]!6 R Ň%/3ӞKmH=7Z9?9O/=Y V_$v{gZPp|"7eΌzLU"zʴw{DqKVvޒۍƾ( ;><=صB4#eUI;.~=ITKxҍHqp/>~ElC`A^eKBį;6`@5+J "@"d/qYja_D4fR*4$NS xSEz?ĵ6 |؆;q^'܈(4+1-i?WKu A]=_vs[>/'_1[=܋ϑ{̾1 Yf#1ثtg)d̅2 !NZxyU~ҥN.I,'_aQd+8*)ؐWrm5G0X1'(NRLf7`N*)Asa#El [ApV.8LgѸ;K1E~cxpP0UXul#^"|fna*aHeS#'@n0\| d9[Lօ4.xB/bY4~!\99.@OI"cXM1}aE|iOx0tEA `x87&ŕ>;۴?wޘc{O@$x>5`]e"oׁYL 3m_;|0e"j,La?OO9 QƷF#}f$h 9G cD/5xЃ|oXl* 7 \x,tk_Hݻ)길lI~*` N.QvF7Xf({з`٩y  KԷň0fhtX,~jx@ OH'42mY7,;vscaI<(t=IsՒRSE! J jiae_F9OMoLhGWH˻v+b=5;,z7";,*J#͜/qW NPW;cr&;vEQ yg҉Kf3 Pzn*,aDa) L>3-_Z-J*ȯ /&KN/zW?ꝝ苍 GqwY̾v F:8h 'o⫻Ac'=R0f㱯ov›eZT0xsB:[oAkqt2XSjἤa42ЩH, AwdM~j;H =M6#ʾ[4P9,'sz쨭$Cqḓ;rX=z @O'0ebHf\TyK5zP|+ᰈ #Ռq"qpհ]鈲+[Os+8+tFmNCe/LCEW\p N{}=|(h)t%yJaJFFk02JBl4*םǽa x>UʼnVG(nъ:Nջlt/'+f 6x4Ӑy(AU{K0RժZKd!} %((!ɁR0ol0+C|}܆mJƨX䛅2~# M܈NBLmSfr0Nu=̭N#͆[l?EGWXx.xZ۩D A