Government Data Security Effort Must Address Credit Cards

Finance

Government Data Security Effort Must Address Credit Cards

Posted to Finance March 18, 2015 by Jeremy White

Amid the madness of a new Congress and the desire of a second-term President to cement his legacy, one policy area continues to receive deserved attention in Washington, D.C: data security.

President Obama and leaders in Congress are pointing out the hard truth that America is falling behind the world in cyber and data security, and that without significant reforms, we remain highly vulnerable to dangerous threats.

The Administration has proposed sensible reforms that are straightforward and even gel with similar, ongoing efforts on Capitol Hill that have garnered hearings in both chambers. Rather than rely on a patchwork of state laws for data breaches – specifically, how consumers are made aware – the President and Congress seek to implement a national standard. Based on the tone of conversations at both hearings, led by a bipartisan caucus eager to pass a data breach bill this year, there seems to be significant momentum for meaningful progress.

Continued dialogue and action on data security from the President and Congress is an undeniably positive development. The conversation, however, is largely evading a very pressing matter – security for Americans using credit cards.

Enhanced financial security measures continue to be introduced this year. Banks and credit card companies have begun replacing nearly half a billion cards containing the old-fashioned magnetic stripe technology in use today with updated versions that employ computer chips. The overhaul will put in place cards that create a unique code for each transaction, making cloning by thieves infinitely more difficult.

Unfortunately, those cards will still have a glaring vulnerability. “In a retreat for the industry,” the Wall Street Journal reported, “the new cards don’t use [Personal Identification Number (PIN) technology] that could prevent fraud if a card is lost or stolen.” Financial institutions will do this despite the fact that “PINs are widely considered to be more secure than signatures, which can be easily copied.”

So it was especially peculiar when several national trade organizations representing financial firms and credit unions circulated a letter around Capitol Hill about their supposed commitment to protecting Americans’ personal financial information, while simultaneously shifting blame to the nation’s retailers, who are stuck with the very same flawed payment systems the banks have propped up.

As troubling as the banks’ half-measure approach of using just chip-equipped cards is their rationale for not using PINs. Executives have publicly stated they are opting for signatures instead of PINs so that Americans will not have to remember a four digit code at the checkout line. When pushed by Senator Amy Klobuchar (D-Minn.) on that argument, the American Banking Association’s Doug Johnson noted that if Americans really want PINs, they should just use their debit card.

Such brazen arguments are not only deceptive – Americans today remember dozens of passwords every day – but insinuates that Americans, many of whom may depend on credit cards, do not deserve maximum protections.

This problem is that much more troubling for communities of color, who according to research from Demos’ National Survey on Credit Card Debt of Low-and Middle-Income Households, “face challenges to their financial security that are unlike those of white households.” The stall tactics by the banks threaten the financial security of Americans everywhere, but the damage done to minority communities is even more acute. The average overall cost of identity theft, $1,769 according to the Bureau of Justice Statistics, is steep for anyone.

But for many black and Latino families who are disproportionately impoverished and often one paycheck removed from fiscal distress, that type of damage can lead to financial ruin. Efforts to repair the damage and subsequent negative impacts of fraudulent activity can take years and may impede their access to the use of bank accounts, a critical financial lifeline for many families with limited access to credit. The result of this negative spiral often leads them to check-cashing businesses where even more of their gainfully earned income is siphoned away through fees.

Perhaps this is why Senator Mark Warner (D-VA), consumer groups and the public are calling on America’s financial regulators to ask why financial institutions insist on chip-and-signature technology when chip-and-PIN is clearly more secure. “I have concerns,” the Senior Senator from Virginia wrote recently, “that as merchants spend billions of dollars this year to upgrade their infrastructure to accept chip-and-PIN enabled cards, there is an insufficient emphasis being placed by federal banking regulators on ensuring a meaningful improvement in consumer safety with the corresponding issuance of chip-and-PIN debit and credit cards in the private sector.”

Senator Warner is correct, and both his and the President’s efforts to put in place a security system already in use throughout the world are common sense. That is why as data security continues to dominate discussions in Washington, credit card security must be a part of those talks.

Americans deserve the maximum protections available when using their credit cards, and if banks and credit card companies won’t implement chip-and-PIN technology voluntarily, our leaders in Washington should begin exerting pressure for them to do so. American consumers cannot afford to wait any longer.

About the Author

Jeremy White

Jeremy White is founder of DiverseTech. He is a former special assistant for the White House Office of Faith-Based and Community Initiatives and a national diversity advocate.