In light of the recent hacking scandals with large national retailers and exploit attacks into celebrity iCloud accounts, taking an active role in personal data security is more relevant than ever. Due diligence and integrity of personal data is ultimately our responsibility as end users.
Especially so, as retailers continue to lobby Washington against upgrading the magnetic strip and the infrastructure that supports the fifty-year-old technology. If you have ever traveled abroad, you may have noticed that credit cards have a small chip embedded in the top corner. What that chip provides is a platform for encrypted data transmission and PIN authentication—two-factor authentication: swipe then confirm PIN upon purchase.
Why has this technology not been adopted in America as of yet?
(Lack Of) Adoption
Well, for the reason stated above. Each embedded card has a cost of around $25, and to upgrade every point-of-sale device and the infrastructure to support this technology is going to cost billions of dollars to retailers. So you can understand the resistance. And if people are not demanding action from Congress, the status quo will continue.
“It’s important to realize that there is no silver bullet solution to having your personal data compromised.”
Even with no change in sight for the near term, there are steps you can take to protect yourself. However, it’s important to realize that there is no silver bullet solution to having your personal data compromised. We live in a fallible time and technological environment where the bad guys seem to be always a step ahead.
Taking Matters Into Your Own Hands
The good thing is, if you have ever used VPN and token to log into your work systems, you are already familiar with two-factor authentication, and adopting these methods in your personal life should be relatively painless.
Yes, taking an extra 30 seconds to log into your bank account, Gmail, iCloud, Facebook, or using a PIN to enter your smartphone may seem annoying at first, but it’s one of the many zero-cost things you can do to adopt an active role in securing your personal data. Also, asking retailers and banks for additional verbal passwords when conducting business over the phone is a great way to prevent social engineering.
Practicing proactive data security will never totally eliminate the chance of being hacked or becoming a victim of identity theft, but it dramatically lowers your attack surface. Most of the apps hackers use are tuned to find data using the lowest common denominator tactics. If you are using two-factor authentication, you make it a lot more effort than it’s worth for such hackers to take the extra time to dig in deeper on an individual level when they are scanning millions of queries. These apps are all about quantity and speed—not quality.
“Practicing proactive data security will never totally eliminate the chance of being hacked or becoming a victim of identity theft, but it dramatically lowers your attack surface.”
I would not expect any movement from Congress or regulators on forcing retailers to adopt the embedded chip standard any time soon. When providing a safe retail experience is trumped by facing billions of dollars in capital expenditures for infrastructure upgrades, they are going to slow roll this situation as long as they can.
The embedded chip is a good technology that has been adopted globally except for in the United States (much like the Metric system). With the wide adoption base, the platform has a life cycle and history. There is really no reason it can’t evolve and be improved upon for years to come. But, while there is apathy, stall tactics, and ignorance, there are always those who will look to use this time in history as a crossroads for innovation.
A Software-Defined Future
Technology companies like Apple, PayPal, and Google are developing software-defined systems that will use your smartphone, in combination with biometrics, and PIN to act as a proxy between you and your bank, facilitating an environment where your data is not even shared with retailers. This adds a third element of authentication, effectively enabling three-factor authentication.
Software-based authentication methods have the potential to eclipse the embedded chip and harness the already very powerful hardware in your smartphone. With buy-in from the banks and credit card companies already, software-defined payment is moving forward with iPay from Apple. It’s a win for the American consumer, it’s a win for Apple as it provides them with another revenue stream—and ultimately, this get retailers off the hook from spending billions on uprooting their existing infrastructure.
It will be interesting to see how the adoption into general society of the “iPay” plays out, as Google has offered these features for a few years already with Google Wallet on the Android platform.
Photo credits via Flickr: shuttercat7