Arent we smarter than this?
News that a hacker recently accessed as many as 8 million Visa and MasterCard accounts would have been shocking if we werent becoming so disturbingly numb to such break-ins. We really cant go on this way if retail e-commerce is to become a permanent, trusted part of our lives.
How did we get here? Credit card companies and online retailers bent over backward to make consumers feel secure about their transactions. Seeing to it that credit card numbers cant be lifted via communications over the wire or over the air was an important step.
But what of the credit card data once its in the hands of the online retailer or the transaction processing company? In the instance above, Data Processing International, which services mostly television and catalog sales by phone, was the target. At a minimum, that data should be stored in encrypted form, preferably encrypted with the credit card vendors public key so that the data is inaccessible to anyone but the vendor. But even better, it should not be stored at all.
The credit card data needed to complete a transaction should be submitted once and not retained. American Express Private Payments program is a leader here, as the vendor gets a temporary transaction number, not the actual credit card number. But retailers have, by and large, chosen to store credit card numbers in online databases to encourage easier purchasing. Heres where smart cards can help. Using a smart card and scanner in combination with online wallet software can alleviate the chore of entering card data manually.
Credit card companies such as Visa and MasterCard need to seed the market with scanners and smart cards, and they need to offer discounts to consumers who use them. American Express has converted its Blue card to a smart card and is giving away free smart-card readers to encourage use of the technology.
Smart cards are not a cure for all security ills, but they are a step in the right direction. Most consumers do want to be smart; they just need a little help. The time for smart cards has arrived.
Most Recent Security Stories: |
Most Recent eWEEK Editorials: |
Find white papers on smart cards.