Menu

How to boost security of your payment cards

SEATTLE -- The U.S. stands alone as a modern nation that continues wide use of magnetic striped payment cards designed more that 40 years ago to mechanically store payment card account numbers.

In the Internet age, the rest of the world, led by Europe, Asia and Canada, has moved to chip-embedded payment cards, which are much more difficult to counterfeit.

Visa, MasterCard, Discover and AmericanExpress intend to shift liability[1] for fraudulent transactions to U.S. businesses that do not migrate to contactless chip technology known as EMV. But that doesn't occur until October 2015 for merchants and October 2017 for gas stations. Even once this shift goes into effect, only 60 percent of U.S. sales terminals are expected to be upgraded.

CyberTruth asked Christopher Strand, Security Compliance Practice Director at tech security firm, Bit9, what Americans can do to reduce their exposure to payment card fraud, given magnetic striped cards aren't going away anytime soon.

CT: What are some simple ways to make magnetic striped cards more secure?

Chris Strand

Christopher Strand, Security Compliance Practice Director at tech security firm, Bit9,(Photo: Bit9)

Strand: Behavioral alerts can be set up for most cards and many banks will allow people to build a trust profile for their transactions. Many people don't realize that these extended services exist, and that they can benefit from putting their cards in a "positive" stance when it comes to protecting them while we wait for the move to EMV technology.

CT: So these alerts flag suspicious transactions?

Strand: Yes, most card brands have these tools. They help you wrap a "trust policy" around transactions. The sooner you can spot a transaction that is not part of the "Known Good," based on your trust policy, the sooner you can take proactive measures to counter the event.

CT: It's convenient to link my checking and savings accounts to my debit card, but is it smart?

Strand: Don't attach your debit card to your savings account. The bank may do this by default, but it's not a good practice in general as the first thing you want to do is reduce your risk profile. This will probably cause you to lose some of the convenience within transactions, but in the long run a proactive approach will reduce the threat window.

CT: What if I cut up my plastic and just use mobile payments?

Strand: Mobile payment tools increase the access points to the data that attackers are attempting to steal. The burden is going to fall back to the business systems that process these transactions and they will need to ensure that they take a positive approach to protecting every part of the transaction, and all the endpoints involved.

CT: Anything else?

Strand: People can ask what type of security their card brands, banks, and merchants are using. It's not a secret, and if the public becomes more observant of what is used to protect their data, it will help them make educated and safe choices.

back to top