The solution is obvious, but the two sides of most transactions -- the credit card companies and the retailers -- haven't made it happen yet. More than a decade ago, Visa and MasterCard helped retailers across Europe upgrade their point-of-sale (POS) systems to interact with chip-and-PIN cards. So far, however, the credit card networks have balked at an upgrade, and the card-issuing companies have failed to deploy chip-and-PIN cards in the U.S.
In an economy increasingly built on digital information, this is unacceptable. The Internet is the ultimate multipolar threat environment -- lots of bad actors targeting numerous points of vulnerability. So Americans might expect our payment networks, a foundation of our economy and a key repository of our most personal information, to be the first thing we should protect. They are learning, however, that the government and private industry are not keeping up with the bad guys, let alone staying several steps ahead of them. Retailers and credit card companies share a responsibility to protect customer transactions, but the credit card companies have the unique role of issuing the cards, which at bare minimum should use the simple chip-and-PIN system. Many emerging cyberthreats are highly complex. Fixing our credit card security problem is relatively simple.
Sign up for Computerworld eNewsletters.