How the Credit Card Industry Can Better Protect Your Information

As the fallout from the Target (NYSE: TGT  ) data breach continued, The Motley Fool spoke with one leading payments industry experts to learn what could be done to help reduce the likelihood of massive episodes that affect millions of consumers.

Jason Oxman.

Jason Oxman, the CEO of the Electronic Transactions Association (ETA), noted the two critical steps included one technological shift by the payment networks as well as greater security by retailers. This is in addition to the steps Congress must do to protect your financial information.

The ETA represents the payments technology industry, and its 500 member institutions -- including American Express (NYSE: AXP  ) , Visa (NYSE: V  ) , MasterCard (NYSE: MA  ) , and others -- process more than $4 trillion in payments annually. While Oxman made sure to note, "I cannot understate the amount of money and resources that the credit card systems spend on insuring that consumer data is protected," he felt that two steps could be taken to help safeguard consumers.

A safer way to send data
Oxman began by speaking toward the payment industry itself, and said, "One of the most exciting things the payments industry is working on now is something called tokenization. This essentially replaces all of that information about the card account with a token, and transmits that in lieu of the card network information, like the account number and expiration date."

Essentially, as it stands currently, when a card is swiped, the relevant card information travels across the networks to ensure the merchants receive payments from the consumers. But the industry is now pushing toward a system that will instead create a "token" for each transaction, which will ensure that an individual's account number isn't moving across the networks.

And as Oxman describes it, "that token is uniquely generated for each transaction and then discarded when it's done. And that token would be meaningless to anyone that intercepted it."

Just last week, EMVCo, which is collectively owned by American Express, Discover, JCB, MasterCard, UnionPay, and Visa, announced it would begin expanding its scope to work toward the standardization of this technology. Christina Hulka, the chair of the EMVCo board said the push to tokenization would, "make online and mobile transactions simpler and safer for all payment stakeholders." 

While new technology always raises eyebrows, and this isn't something consumers can immediately see, a coordinated industry effort to push for safer transmission of data is definitely a good thing.

Oxman also noted that enhanced security extends beyond just the payments networks, especially in the example of the most recent Target breach, because in that instance, "the payments networks were secure, but Target's own systems were not."

Source: FutUndBeidl on Flickr.

End-to-end encryption
Current rules do not require that retailers encrypt and protect information on their own premises, whether it be at the point of the sale or in the retailers own systems. In the example of Target, Oxman notes it seemingly did not deviate from any rules or regulations, but instead, the current industry standards just don't provide an adequate level of protection.

Oxman suggests every point of entry into the networks that store financial data should be encrypted, which would in turn create a more secure environment for consumers and retailers alike. In the example of Target, one would hope even though it announced a $5 million initiative "to advance public education around cybersecurity," both it and other retailers would also be working toward ensuring that where sensitive financial data is stored is indeed more secure.

While such a large-scale data breach is deeply troubling, it has sparked a dialog between consumers, companies, and congressmen alike on how financial data can be best protected, and one can only hope it leads to change in the near future. Certainly these are two great places to start.

Stop worrying and start investing
The thought of losing your personal finance information is scary. Yet at the same time, millions of Americans have waited on the sidelines since the market meltdown in 2008 and 2009, too scared to invest and put their money at further risk. But those who've stayed out of the market have missed out on huge gains and put their financial futures in jeopardy. In the special free report, "3 Stocks That Will Help You Retire Rich," The Motley Fool shares investment ideas and strategies that could help you build wealth for years to come. Click here to grab your free copy today.


Read/Post Comments (1) | Recommend This Article (2)

Comments from our Foolish Readers

Help us keep this a respectfully Foolish area! This is a place for our readers to discuss, debate, and learn more about the Foolish investing topic you read about above. Help us keep it clean and safe. If you believe a comment is abusive or otherwise violates our Fool's Rules, please report it via the Report this Comment Report this Comment icon found on every comment.

  • Report this Comment On January 26, 2014, at 3:48 PM, PhilipCohen wrote:

    The newly launched “digital wallets” from MasterCard ("MasterPass") and Visa ("V.me") would seem to solve this security problem in that the merchant will no longer have access to the individual credit card details of their customers; indeed, with such "wallets" and NFC incorporated into plastic or phone, the credit card information that fraudsters rely on would appear to be now redundant, or am I missing something …

Add your comment.

Sponsored Links

Leaked: Apple's Next Smart Device
(Warning, it may shock you)
The secret is out... experts are predicting 458 million of these types of devices will be sold per year. 1 hyper-growth company stands to rake in maximum profit - and it's NOT Apple. Show me Apple's new smart gizmo!

DocumentId: 2807398, ~/Articles/ArticleHandler.aspx, 10/24/2014 8:52:53 AM

Report This Comment

Use this area to report a comment that you believe is in violation of the community guidelines. Our team will review the entry and take any appropriate action.

Sending report...


Advertisement