The answer to these recent security breaches by hackers against retailers is being called for by retail corporations.
They are demanding that the chip and PIN (CPIN) cards be implemented to protect customers from POS attacks.
The CPIN looks like a traditional credit card; however a chip is installed that contains the same information that is embedded into the magnetic strip.
The swipe option for the CPIN cards will work just as current debit and credit cards are used.
NerdWallet is a corporation that produces CPIN cards.
This company claims that with Canada and Europe poised to implement the CPIN cards as standard, there will be less fraud being perpetrated onto unsuspecting customers.
The National Retail Federation (NRF) wrote a letter to Senate Majority Leader Harry Reid and House Speaker John Boehner to implore Congress to adopt the CPIN cards with legislative backing in order to ensure the public is protected by the federal government against hackers.
Matthew Shay, president and CEO of the NRF wrote : “Our partners in the financial sector have a critical role to play in making sure their cards are secure,” NRF President and CEO Matthew Shay said in the letter. “For years, banks have continued to issue fraud-prone magnetic stripe cards to U.S. customers, putting sensitive financial information at risk while simultaneously touting the security benefits of next generation ‘Pin and chip’ card technology for customers in Europe and dozens of other markets.”
The NRF correlates the small percentage of CPIN cards being used in the US as problematic in shielding the public from hacker attacks.
The UK Card Association (UKCA) asserts that CPIN cards are helping to reduce digital fraud by 70% despite the recent cyber attacks in the US.
In Canada, Target uses the CPIN cards and those outlets were not affected by the POS malware.
Mallory explained that “a chip-and-pin card costs about $2 apiece, compared with 50 cents for a magnetic-stripe card, [and] it could cost retailers $1,000 apiece to replace the point-of-sale card reader.”
However, Mallory said that “the banks are the chicken,” he said. “They have to issue the cards. There’s no point in issuing readers if there’s no card to read.”
Last December, Senator Robert Menendez called for the US government to hold corporations accountable for customer financial and personal information when there is a cybersecurity breach like the recent data stolen from Target.
He said he wants to ensure that corporations are “putting their customer ahead of profits” and announced that he was inquiring of the Federal Trade Commission (FTC) on whether or not a fine can be imposed on companies that are vulnerable to cyber-attacks.
Menendez also hailed that the government should pass more laws protecting customer data.
Media is reporting that the Federal Bureau of Investigations (FBI) is claiming there will be more cyber attacks on retail corporations to steal customer data.
The report outlines how “memory-parsing” malware was used to infect computers at the point-of-sale (POS).
One type of POS malware is Alina , “included an option that allowed remote upgrades, making it tougher for corporate security teams to identify and eradicate it.”
Earlier this month, Gregg Steinhafel, CEO and chairman of Target, said that “the hack was related to malware infecting the point-of-sale (POS) systems.”
Steinhafel described malware known as a RAM scraper which has been singled out by the US Computer Emergency Readiness Team (US-CERT) as one of many types of malware which “”use a memory scraping technique to locate specific card data.”
RAM scrapers are nothing new and have been the source of previous hacker attacks which affected grocery stores using parallel tactics as was deployed in the Target breach.
Mallory Duncan, general counsel said: “This is a very disturbing report and obviously, there is a great deal of work that’s going to have to be done by all of the parties. There is a fundamental flaw in the current card payment system, and until we can remedy that, and that’s a reliance on easily copied numbers and data, that flaw is going to plague us.”
The FBI report cites that 20 hacking incidents during 2013 were conducted using this type of malware.