Swipe, sign, and pay—it's a simple ritual that we may perform several times a day with our ubiquitous plastic credit and debit cards.
But as the Target security breach showed us, the classic magnetic stripe, which shares our account number with a merchant, is a dangerously insecure technology. It's on its way out—but it can't go fast enough.
Here in the United States, we're about to get entirely new kinds of physical cards already in use overseas. We are also on the cusp of a revolution that might see smartphones play a key role in how we pay for things. It all adds up to a lot of confusion. And it's not clear we're actually getting any safer.
What Will Replace The Stripe?
The problem with the magnetic stripe is that once someone else has your card, they have all the secure information they need to compromise it. The full 16-digit account number is embossed on the card. It’s also encoded in the magnetic stripe in a format that’s easy for anyone with the right kind of device to read—and hence copy. There’s one more security feature, the Card Verification Value, or CVV2 number—which is printed on the back of the card. Oh, and a clerk might check your signature and your driver's license.
As the Target hack exposed, there’s another problem with these cards: They transmit your account number—and, in the case of debit cards, your PIN—to merchants. We used to think this was safe, that merchants would protect their internal systems from hacking. Thanks to Target, and previous incidents of mass card theft like the T.J. Maxx hack a decade ago, we now know better.
There are two main contenders to replace that thoroughly broken system: chip-and-PIN swipe cards and contactless, or NFC (near-field communication), cards.
Chip-and-PIN cards are a descendant of the smart cards I'm familiar with from my time selling government systems for Apple. There's a chip in the card that communicates with a chip in newer card-processing machines, or terminals. NFC uses short-range radio waves to communicate with terminals, which means you can just tap your card to pay. You'll sometimes see both features in newly issued cards.
Chip-and-PIN and NFC both have an advantage over the magnetic stripe: At least with the latest versions of these cards, you’re not transmitting an actual credit-card number, as you do with a magnetic stripe. Instead, they transmit a “token”—a one-time-use number that banks and card processors can match up with your account on the other end to process the transaction, but that doesn’t reveal your account number, even to the merchant.
Here's the problem: New cards with these more-secure payment features will carry—you guessed it—an insecure magnetic stripe for “backwards compatibility" with ATMs, gas pumps, and other payment devices that are costly to upgrade. We’re paying for convenience with our safety.
I found this out myself when I talked to American Express the other day. The customer-support rep said they would be happy to send me a new chip-and-PIN credit card. However, it would come with my information encoded on the magnetic stripe. They did assure me that I have zero liability for fraud.
Someone's going to pay for fraud, though, and it's likely to be retailers. Right now, retailers are largely protected if they follow the rules around swiping magnetic-stripe cards. That will change once chip-and-PIN cards are widely available: Banks and card processors will shift fraud liability to retailers who let their customers swipe the old-fashioned way.
Here's the other irony of this transition: American Express and a lot of other card issuers are favoring an approach called "chip-and-signature.” That means that while you'll dip your card in a reader instead of swiping it, you’ll still approve transactions by signing a piece of paper instead of entering a PIN.
It’s not hard to see why they’re doing this. Chip-and-signature might work better in, say, a restaurant where the waiter brings you the bill. It will also require a lot less retraining of store clerks (and consumers). Again, though, we're going to pay for the convenience with our security.
Just Ditch The Card
You’re seeing a pattern here: Adding security features to a physical card makes the simple, fast swipe of a card a needlessly complicated process. Yet we just can’t rely on the magnetic stripe the way we used to.
Some people have tried replacing the card with your phone. But this has been riddled with complexity, too. Google has had a big failure with trying to get people to use Google Wallet in retail stores. Isis, a joint venture backed by wireless carriers, has similarly flopped.
I’m not convinced that replacing the card with a phone is a great idea. That might be okay if your phone doesn't get stolen, is securely protected from unauthorized use, and can be remotely wiped clean before someone has time to crack into it. But I need to hear more to be convinced.
Ultimately we may need a system that combines cards and phones. For example, what if I could tap a card and then enter a one-time PIN sent to my smartphone? That seems more secure than using the same PIN every time—we know that fraudsters have hacked ATM-card PINs to get into our bank accounts.
Ultimately, what we may realize is we don’t really need a card at all. If all the card does is carry our account number, we have machines that do a good job of storing numbers for us. And if we can't trust retailers with our credit-card details, maybe we shouldn’t be giving them a piece of plastic printed with our account number in the first place.
The way of the future may be carrying out commerce in physical stores the same way we do on Amazon and iTunes—we click "buy” and the retailer charges our account, with the details walled off in many layers of digital security. If banks carry out their current plans, they’ll make buying things in stores more complicated without making them any more secure—and that may be the thing that kills off the magnetic-stripe card for good.
Photo by Shutterstock