How the Credit Card Industry Can Better Protect Your Information

As the fallout from the Target (TGT -0.70%) data breach continued, The Motley Fool spoke with one leading payments industry experts to learn what could be done to help reduce the likelihood of massive episodes that affect millions of consumers.

Jason Oxman.

Jason Oxman, the CEO of the Electronic Transactions Association (ETA), noted the two critical steps included one technological shift by the payment networks as well as greater security by retailers. This is in addition to the steps Congress must do to protect your financial information.

The ETA represents the payments technology industry, and its 500 member institutions -- including American Express (AXP 0.07%), Visa (V 0.33%), MasterCard (MA -0.07%), and others -- process more than $4 trillion in payments annually. While Oxman made sure to note, "I cannot understate the amount of money and resources that the credit card systems spend on insuring that consumer data is protected," he felt that two steps could be taken to help safeguard consumers.

A safer way to send data
Oxman began by speaking toward the payment industry itself, and said, "One of the most exciting things the payments industry is working on now is something called tokenization. This essentially replaces all of that information about the card account with a token, and transmits that in lieu of the card network information, like the account number and expiration date."

Essentially, as it stands currently, when a card is swiped, the relevant card information travels across the networks to ensure the merchants receive payments from the consumers. But the industry is now pushing toward a system that will instead create a "token" for each transaction, which will ensure that an individual's account number isn't moving across the networks.

And as Oxman describes it, "that token is uniquely generated for each transaction and then discarded when it's done. And that token would be meaningless to anyone that intercepted it."

Just last week, EMVCo, which is collectively owned by American Express, Discover, JCB, MasterCard, UnionPay, and Visa, announced it would begin expanding its scope to work toward the standardization of this technology. Christina Hulka, the chair of the EMVCo board said the push to tokenization would, "make online and mobile transactions simpler and safer for all payment stakeholders." 

While new technology always raises eyebrows, and this isn't something consumers can immediately see, a coordinated industry effort to push for safer transmission of data is definitely a good thing.

Oxman also noted that enhanced security extends beyond just the payments networks, especially in the example of the most recent Target breach, because in that instance, "the payments networks were secure, but Target's own systems were not."

Source: FutUndBeidl on Flickr.

End-to-end encryption
Current rules do not require that retailers encrypt and protect information on their own premises, whether it be at the point of the sale or in the retailers own systems. In the example of Target, Oxman notes it seemingly did not deviate from any rules or regulations, but instead, the current industry standards just don't provide an adequate level of protection.

Oxman suggests every point of entry into the networks that store financial data should be encrypted, which would in turn create a more secure environment for consumers and retailers alike. In the example of Target, one would hope even though it announced a $5 million initiative "to advance public education around cybersecurity," both it and other retailers would also be working toward ensuring that where sensitive financial data is stored is indeed more secure.

While such a large-scale data breach is deeply troubling, it has sparked a dialog between consumers, companies, and congressmen alike on how financial data can be best protected, and one can only hope it leads to change in the near future. Certainly these are two great places to start.