If ever there were a cause for bipartisan support in Congress, it is protecting Americans’ personal information following the 2013 credit-card debacle.
It now appears that information on as many as 110 million customers was breached during the holiday season by hackers who got access through systems at Target, Neiman Marcus and other retail outlets.
Decades-old technology is to blame, experts say. Retailers and credit-card companies in the United States continue to use 20th-century magnetic-stripe cards that allow data to be accessed more easily, rather than 21st-century chip-embedded cards that make it nearly impossible to duplicate.
Retailers and bankers in Europe have moved to more secure cards with embedded chips that require a personal identification number and enter data differently for each transaction — two features that thwart cyberpunks.
But U.S. companies have stuck with the cheaper, insecure stripe cards because they considered the losses manageable — ignoring the hassle to customers when their information is breached.
It’s time now for the suits in America to think about customers first and shareholders second. Security analysts say MasterCard, Visa, American Express and Discover have set October 2015 as the deadline for phasing out stripe cards. Businesses should accelerate the switch to the more secure chip technology by next Christmas.
Sen. Patrick Leahy, D-Vt., has reintroduced a Personal Data Privacy and Security Act, which he has been pushing since 2005. Congress ought to pass it.
The bill spells out tough criminal penalties for those who intentionally conceal a security breach that causes economic damage to consumers, requires companies to protect data privacy and makes attempted computer hacking punishable under the same criminal penalties as the underlying offense.
Credit-card transactions in the United States have been ripe fruit for easy picking by Web demons who take the information and sell it on the black market. Let’s make it more difficult for them to bring in the harvest.