In an open letter addressed to the payments industry today, MagTek Inc. President and CEO Annmarie D. Hart said that current security solutions meant to protect consumers’ credit card data do not go far enough, and that today’s security measures focus on the wrong issue. The main problem isn’t necessarily credit card data being stolen, but the ability for criminals to use that stolen data fraudulently, Hart wrote.
“True consumer protection demands that the payment community authenticate the payment card and the data on it,” she said. “With the means to determine that a card is genuine and the account data has not been altered, fraud can be stopped in its tracks, saving billions of dollars annually.”
Hart’s letter references the recent public quarrel between point-of-sale terminal manufacturer VeriFone Inc. and mobile POS provider Square Inc. In an open letter to Square, VeriFone CEO Doug Bergeron claimed Square’s product facilitates credit card fraud by not encrypting data collected through its credit card readers. Square CEO Jack Dorsey responded in an open letter of his own by saying Square’s product was no more insecure than many other POS products, and that ultimately industry safeguards protect consumers from fraud and data theft.
In her letter, Hart said that neither side in that debate provides complete security for consumers if their products do not verify that a credit card is being used legitimately. Hart said that while VeriFone’s solution does provide more security than Square by encrypting swiped credit card data at the point of sale, “ironically, it will encrypt and protect both genuine and counterfeit cards equally well.”
Hart said Square’s contention that existing consumer protections for victims of credit card fraud are sufficient, including $0 liability for fraudulent transactions, is an inadequate argument.
“There are other consequences, which cause consumers untold aggravation, including affidavits, police reports, credit report monitoring, endless phone calls, bounced checks and lost wages,” she said. “No one can adequately console or compensate the consumer for this kind of anxiety and hassle.”
In her letter, Hart said that dynamic data authentication technologies, technologies that change credit card information randomly so that data cannot be used again, are a better solution to prevent credit card fraud.
“By introducing dynamic data elements and using technology to authenticate those data elements in real time, we can create point-of-sale environments that contain no information valued by criminals and therefore are no longer the targets of criminal attacks,” she said.
Dynamic authentication is available today and adopting it to protect consumers could happen “without radical changes to our payment system,” she said.
“The only change required is a minor modification to the small read module inside the Verifone and Square readers,” Hart said. “The industry can take advantage of dynamic authentication now without changing anything about the card itself, how it’s manufactured or the cost to manufacture it.”
“As an industry, we have the power to stop the fraud and make stolen cardholder data useless by means of dynamic authentication,” Hart said.