In direct response to Target’s Black Friday card breach reported last Thursday, JP Morgan Chase & Co has notified customers who bought items at Target that it is limiting the amount of debit withdrawals to $100 a day, and $300 dollars in purchases a day. This will effect an estimated 2 million debit card holders.
The bank plans to keep branches open near major retailing centers in an attempt to alleviate the inconvenience, but the timing couldn’t be worse right in the middle of the holidays.
This brings up the issue of the U.S. card security, or to be more accurate, the lack thereof.
American credit and debit-cards store payment data on a mag-stripe based on tech that’s several decades old and easily duplicated. Outside of the U.S., chip-and-pin tech brings added security to deter hackers and evil doers. Of course, nothing is perfectly secure, especially in a sector as sensitive as payments. It’s an asymmetric arms race where the security absolutely has to be foolproof 100% of the time. Hackers only need to be right once.
With such high stakes, does it make sense to build security measures on top of technology from last century?
In a conversation with the Associated Press, Mallory Duncan, general counsel at the National Retail Federation said that the U.S. was lagging far behind in security and had been using “20th century cards against 21st century hackers.”