Card Security Breaches: Why They Occur And Who's To Blame

It seems like there's another financial disaster at every turn lately. Target's card databases get hacked. Heartbleed puts your passwords at risk. Home Depot's credit card numbers are compromised. JP Morgan Chase's credit information is breached. Shellshock threatens the integrity of the Internet. It's enough to make you long for the days of the corner store keeping credit on a sheet of graph paper.

 To better understand how these things happen, let's first take a look at the steps involved in a financial transaction. Then, we'll see where vulnerabilities exist. Finally, we'll check out a few strategies you can use to keep yourself safe.

 When you swipe your debit or credit card at a terminal, the only thing you see is an approval screen. Behind the scenes, the process from the moment you swipe a card to leaving the store with your purchases is complicated. And you want it to be that way. A less complicated process would remove many layers of security.

 First, there's an "authentication" process. The POS terminal in which you swipe your card reads the card's information from the magnetic strip, encrypts it, and sends it to a payment processing center. This facility streamlines the data into a format your issuing company can understand and sends it along. Your card network company - Visa, Mastercard, Discover, etc. - validates the legitimacy of the information. You may be prompted for some information, most commonly your billing ZIP code. This is done to help authenticate the card.

 Second, there's the reconciliation process. This is usually done at the end of the day for most retailers. The retailer sends all the day's receipts to a payment processor, which then sends them to the issuing institution - the credit union, bank, or credit card company. That institution debits its member or customer accounts for the amount of the transaction, then sends that money to the payment processor, which sends it to the retailer.

 This is an explanation of how things work in a very simplified example, but it gives you an idea of the complexity that's involved in the process of paying with a card. While it's a lot of steps, it's the best system that the brightest minds in the financial industry could develop. Unfortunately, each step also introduces a layer of vulnerability.

 The encryption protocol for card authentication can be busted (that was, in part, what Heartbleed was about). The retailer's receipt records they use for reconciliation can be hacked (like what happened to Target and Home Depot). The credit union or bank can have their register of accounts hacked (like JP Morgan did). So many layers of complexity create more possibilities for hackers to compromise sensitive information.

 You might notice that there's only one step in the process that involves Pen Air FCU or our computer systems. That comes at the very end of the process, when member records are debited for purchases. In the latter example, the only victim of that theft was a big Wall Street bank. In such cases, the kind of hacking hardware and know-how that is required to orchestrate such an attack are expensive. Because credit unions are smaller and less centralized, they're much less likely to be targeted by this kind of attack.

 
That's not to say Pen Air FCU doesn't take cyber security seriously. We keep up-to-date with the latest in computer hardware and software to make sure our members are secure against illegal access. We also have to adapt to a world where everyone else doesn't follow those same values. That means we have to adjust our security protocols to cover for the failings of other parts of that big, messy system.

We're all in this together. The convenience of the modern economy makes things better for everybody. If you go on vacation, you don't have to fuss with traveler's checks or currency exchange troubles. You can take your debit card or credit card and spend just the same. Electronic record keeping helps financial institutions keep costs down and we all benefit from a growing economy. If we want to keep getting these benefits, we all need to put the work in to make sure our networks are secure. Here are five small tips to make your little corner of the Internet more secure.                                        

1. Install updates for your computer, tablet, and mobile phone regularly.
2. Don't open suspicious e-mails or questionable links.
3. Don't install software you don't recognize.
4. Monitor your financial statements closely to check for unauthorized activities.
5. Get an anti-virus program and run it regularly.                      

If you follow these five steps, you can help make the Internet a safer place for people to share things they love and buy things they need. You can help make sure the big system of merchants, processors, and institutions keeps chugging along while providing benefits to everyone.