Retail chain, Target, one of the nation’s largest merchant processing companies, confirmed in December that approximately 40 million credit and debit card accounts were hacked over a two-week period beginning on Black Friday. The stolen data included customer names, credit and debit card numbers, card expiration dates and the CVV2 security code stored on the card’s magnetic strip.
The nation’s second-largest discount retailer is now facing almost two dozen customer lawsuits after hackers stole data from debit and credit cards used at Target stores from Nov. 27 through Dec. 15. Officials at the Super-Chain also confirmed that encrypted pin numbers were targeted in the massive hack. On Dec. 21, Chase temporarily limited two million customers to ATM withdrawals of $100 per day and purchases of $300 per day with their debit and prepaid cards. This caused more discontent among shoppers who found the ability to complete their Christmas shopping dramatically hindered.
Columbus-based Huntington Bancshares, as well as Chase, took the most drastic action in response to the theft by quickly replacing debit and prepaid cards affected by the breach. Banks are also recommending that customers create new pins and passwords for their accounts immediately, as the stolen data is already showing up on the European black market.
This financial uproar has brought several issues to light in the U.S. payment processing system. Probably the most important is that credit cards are much safer than debit cards and far less problematic when getting out of messes caused by fraud.
For instance, liability is capped at $50 on a credit card but the four major credit card networks have zero liability policies that ensure you won’t even pay the $50. Debit card liability is capped at $50 unless you don’t report the fraud within two days, and then your liability jumps to $500. And, if you never report the fraud you can lose all of the money in your checking account. If the consumer gets their debit card funds returned by the issuing bank, that doesn’t solve the problem. Those funds need to be there to clear other transactions. While a disgruntled customer is arguing with the bank to get their money back, other transactions may not clear and consumers face over-limit or late fees.
Another problem with debit cards is they act as an incentive for consumers to keep too much money in their checking account. Most debit card users retain an amount sufficient to pay bills like rent, car, and student loans and maintain enough to pay for utilities, cell phones, shopping and some mad cash. Those are thousands of dollars every month that are at risk, unnecessarily. Unless money is being moved in from a separate savings or money market account, where it’s actually earning some interest, then every dime of the bank balance is at risk because of debit card fraud.
Perhaps the most important piece of information that has been uncovered is that credit card companies do have the technology to protect their customers from breaches like the Target fiasco, but have not yet implemented the upgrade. Most cards in Europe, for example, incorporate tiny computer chips and require a PIN code to secure transactions and virtually eliminate counterfeiting. But these cards are much more expensive to make and require a costly upgrade in transaction terminals and back-office systems. The Target breach, which inconvenienced millions at the height of the Christmas shopping season, will add pressure to improve the system sooner, but as of this posting, these ‘smartcards’ aren’t scheduled to be widely available in the United States for at least another two years. As the saying goes, “timing is everything.”
Target Hack Reveals Major Issues in the U.S. Payment Card Processing System – ©2014 Money Movers, Inc.