More than 40 million shoppers who used their credit card to make purchases at a Target store between Nov. 27 and Dec. 15 got an unpleasant holiday surprise: Their data is turning up for sale on the digital black market. Californians were particularly hard hit; here in Sacramento, The Golden 1 Credit Union estimates about 10 percent of its members were affected.
This massive data breach, at perhaps the worst time imaginable, rightly upset consumers. Target – facing multiple lawsuits, an investigation by the U.S. Department of Justice and possible congressional hearings being pushed by California Rep. Jackie Speier, D-Hillsborough – is trying to calm consumers with free credit monitoring and other assurances. But sadly, over the next several months, millions of consumers will experience a great deal of uncertainty and worry over their transactions and spend endless hours recovering their hard-earned money.
While this incident is a massive public relations embarrassment for Target and likely cost the company holiday sales, the real costs of this breach will fall on the shoulders of consumers and their financial institutions. Each card costs a credit union, for example, $5 to $10 to reissue and deliver. This expense is greatly exacerbated by the immense costs credit unions and other financial institutions also will be required to pay to reimburse consumers who have lost funds due to fraudulent transactions.
How do we prevent this from happening again?
While no data system has been proven to be completely secure, we can start by toughening what are now dangerously weak credit and debit card security measures employed by U.S. retailers.
For starters, we should ask American retailers to issue credit cards like those that are in widespread use in most other nations. These cards feature hard-to-replicate digital chips to store account information.
Here in the United States, cards rely on easily copied magnetic strips. That makes them prime targets for card hackers all over the world.
Why aren’t our cards being switched over to the more secure technology used in Europe and Asia? Because retailers want someone else to foot the bill for them.
That needs to change. Consumers, the financial services industry and lawmakers need to engage in a dialogue about moving away from antiquated magnetic-strip card technology.
There also is a real need for national cybersecurity legislation that will hold those that conduct debit and credit transactions responsible for system breaches. These steps are in the best interest of retailers, but also of financial institutions and most importantly, the customers that all of us serve.
Diana Dykstra is president and CEO of the California and Nevada Credit Union Leagues.