“Swipe-and-Sign” Authentication to be Phased Out by 2015

Last week Target CEO Gregg Steinhafel appeared before the Senate Judiciary Committee to discuss his company’s role in one of the largest debit card heists in the history of modern commerce. During the hearing, Steinhafel reassured the American people that the leaks at the company had finally been plugged, and that it was safe to shop at any Target location.

Other major retailers affected by similar breaches, including Neiman Marcus and TJ Maxx, were also called to testify, reaffirming the belief that a new system of card security needs to be implemented if we’re expected to weather similar storms that will inevitably arrive on the horizon in the future.

One of the major reasons hackers on the Target heist were able to make off with so much data is that on the whole, most of what was recovered was signed off credit card information, rather than its more protected cousin, PIN-protected debit data.

Because the only thing that’s required to use these credit cards is a hastily scrawled, barely legible signature that isn’t matched against any other databases, identity thieves can easily get their hands on spoofed information, flash it to a fake card, and go gallivanting around the world without having to ever worry about the repercussions.

“If a merchant is still using the old system, they can still run a transaction with a swipe and a signature. But they will be liable for any fraudulent transactions if the customer has a chip card. And the same goes the other way – if the merchant has a new terminal, but the bank hasn’t issued a chip and PIN card to the customer, the bank would be liable.”

A more secure payment system, called the EMV (short for Europay, Mastercard, and Visa), is already in widespread use in regions like Europe, but have taken significantly longer to catch on in areas such as the US.

In light of the newest hacks, Mastercard and Visa have both decided to ramp up their deployment of EMV cards to 2015, which come pre-secured with an on-board encryption chip and 6 digit PIN that’s required every time the card is used for a purchase.