Here we go again. Hot on the heels of Target's massive security breach and Neiman Marcus' consumer data theft, craft store Michael's has now inadvertently exposed the data of more than a million customers. And chances are excellent that this is only the beginning.
The story behind the story is the United States' outdated magnetic stripe technology. The superior standard used by more than 80 other countries, including Great Britain, is called chip & pin. The technology is just as it sounds: a chip-embedded credit card requires its owner to enter of a pin number for all in-person transactions. The result is a direct blow to credit-card fraud.
The problem? Chip & pin is expensive and slow to integrate because Visa and MasterCard can't simply force merchants to buy new point-of-sale systems, nor would they want to simply provide them. Worse still, even if Target hadn't shelved the idea of a chip & pin system, the upgrade wouldn't have prevented its landmark data breach, according to InformationWeek. In this case, the data was siphoned from Target's servers, not from in-person swiping of data, meaning that skewering Target for not using the C&P system isn't productive. It also misses the point that our bigger problem may be with the 'card-not-present' attacks that make up the majority of credit-card fraud.
There is another solution to the problem: preventing retailers from storing customer data. If I buy a toaster at Target and pay $50, why does Target need to keep my credit card number, name, and address? I've paid them for the product I wanted to buy; all it should retain is my $50. Convincing retailers to not store our data would do the most to protect us from identity and credit-card theft.
Before Square, point-of-sale systems were an incredibly lucrative market in part due to the difficulty and expense of getting a credit card-swiping machine. At present, there are several huge opportunities for security-minded startup founders to attack:
1. The No-Storage Solution
Design a product and business model that provides retailers a solid incentive to not store consumer data. Thus making both the consumer and the retailer more secure. This is the simplest and most straight forward way to protect consumer information.
2. The Chip & Pin Market
Yes, it's incredibly expensive to install the physical hardware needed to bring chip & pin systems into the marketplaces owned by Visa and MasterCard. But perhaps there is a better way. Venture capitalist Marc Andreessen says that software is eating the world. Perhaps the chip & pin answer is not hardware, but software.
If you've traveled recently to Europe, you know that chip & pin devices are awkward and clunky, especially when brought to a customer's table. While there are security risks associated with offsetting a transaction's security to a software level, the key problem with chip & pin adoption is the physical cost and relocation of card-reading devices. The startup that devises a cheaper, more elegant, and equally secure alternative could be the next Square.
3. The Card-Not-Present Market
All someone needs to easily buy a bunch of stuff using Amazon is your billing address. There exists no clean, quick solution (like Captcha, but for your personal data) invented to easily combat one of the more obvious holes in credit card security.
Yes, banks have made a habit of calling if transactions look 'strange,' but that doesn't mean that someone with enough smarts to buy things at the right time of day, from the right websites, couldn't take your card for a fraudulent ride. In fact, it might be as simple as a quick verification system for each transaction -- personal information that you volunteer within an agreed-upon, monthly-rotating database. No one has introduced a more sophisticated system and it's clear that, if and when they do, it could chop fraud down.
While nothing will ever eliminate credit card fraud, the bulky corporate entities are failing to take care of even the most obvious problems. It's time for entrepreneurs to turn these systems on their head before the next big breaches cripple America’s trust in the credit card system.