The slew of recent high-profile data breaches at major retailers, restaurants and even healthcare providers across the United States has led many security analysts to call for the implementation of "smart" credit cards, which store consumer data in small, embedded chips rather than on the current magnetic strips.
Credit card companies like Visa, Mastercard, American Express and Discover are demanding that American retailers upgrade their point-of-sale payment processing systems to read the chip-based cards by October of next year. After the deadline, they say stores will be responsible for covering fraud associated with magnetic strips. Sam's Club recently became the first national retailer to offer its own branded smart cards to customers.
Creditors hope that the new system will significantly cut down on credit fraud, but there are some significant hurdles. Firstly, smart cards will initially come with a magnetic strip, until all American retailers have had time to transition their systems. This means that your new card will be just as vulnerable to cyber criminals as your old one.
Secondly, two security researchers at the BlackHat cybersecurity conference in Las Vegas recently demonstrated that even upgraded retail payment systems can be hacked, CNN reports. The new credit card terminals that are designed to interact with chip-based cards are supposed to encrypt your debit pin number and purge your credit card data immediately after your payment, thus protecting it from cyber criminals who try to hack into the system. However, the MWR Labs researchers discovered that they could install malicious software on a smart credit card, make a purchase with that card and take control of the terminal.
Here's how it works: The malware on the card instructs the point-of-sale program to stop encrypting pins and remember the personal data from all credit cards used on that machine going forward. The identity thief can then later return with another pre-programmed card, make another purchase and pull all of the collected information. The researchers told conference attendees that the hack leaves no trace of criminal activity, making it even more dangerous. As a consumer, you might assume that your smart credit or debit card is protecting you from fraud and fail to realize for months or even years that your payment information has been stolen.
New security innovations are important but, unfortunately, they simply cannot keep pace with hackers. This is why it is so important to keep a close eye on your credit history, regardless of how safe you believe your financial information is. Remember that every adult in the United States is legally entitled to one free credit report per year from the three major credit bureaus - Experian, TransUnion and Equifax. While it is a good idea to take advantage of this free service, it may not be enough to guard your privacy. In a year's time, a cyber criminal could do considerable damage to your credit.
We recommend that consumers also invest in a credit monitoring service for an extra layer of protection. While such services cannot guarantee your safety against identity thieves, they can alert you to certain activity that may indicate fraud. When you are made aware of possible criminal activity under your name, you can take steps to defend yourself and to thwart the culprits from further financial gain. Without such an alert, you might not realize that someone has taken out a line of credit in your name until your creditworthiness has taken a severe hit.
The bottom line: as anti-identity theft measures evolve, so do the techniques and skills of identity thieves. While you can never be 100 percent safe, you can aggressively help to mitigate your risk and reduce your chance of becoming a victim with regular monitoring.