SHCC WYSIWYG Article from January 2014

Previous Next

This article was written by Don VanSyckel, the club president, as a part of "The President's Pen".  This article appeared in the January 2014 WYSIWYG newsletter.

Target Gets Hacked and Smart Credit Cards

by Don VanSyckel

I hope you had a Merry Christmas and didn't do any shopping at Target. Did you hear about this? Target was hacked and millions of people's information was stolen. This information allows unscrupulous people to purchase stuff and do cash withdrawals against the Target customers' accounts. One good thing is most mail order firms will only ship to a street address. Of course the crooks can walk into a store and purchase stuff, like expensive things that can be pawned. Even though this only yields pennies on the dollar, the crook doesn't care because it's now clear cash and all free to them.

From what I read the USA is one of the few places that has not implemented more secure charge cards. If I understand many charge card provides have implemented a smart card of sorts. The card has a chip in it and this chip provides a different code every time the card is used. This code must be valid or the transaction is refused. None of the accounts I read mentioned where the code is checked but I have to think it's sent back to the company and checked there.

A few years ago the virtual private network (VPN) my employer deployed used a similar scheme. Everyone who was authorized to VPN into the company was issued a small device the size of a credit card and about twice as thick. This device displayed an eight digit number for about 20 to 30 seconds. When you VPN'ed to the company network you had a window of time to key in the code displayed on your device. After a few failures, many of us learned to wait until the display changed and then typed in the code. Anyway the 'system' on the other end, at the company, would validate the connection based on the code. Obviously there was a clock involved on both ends because each code was only valid for so many seconds. I would guess that the technique the foreign charge card companies are using is the same except the code is transmitted to the company without the need for human intervention. So from my own knowledge I know that this secure technology has been available for literally years.

I believe the technology has evolved and the cards might not be quite as thick as before. So instead of carrying eight cards, you'll only be able to carry four or five because they're thicker, but they would be secure. If someone cracked a retailer's database and stole your information it wouldn't be usable because the code from the card would be required.

I haven't read about how these cards are used on-line. Possibly they simply go without any code because they only ship to street addresses. This is just one other detail that needs to be handled.

Speaking of the number of cards you carry, how about those store customer loyalty cards. How many of those do you have. It's fairly well recognized that people can't carry them all so many retailers are able to connect your card to your purchase by referencing your phone number. I'd like to see a loyalty card that you could register against the many individual loyalty cards you have. Then when you use this card at any of the registered stored it would cross reference the card number for that store and the transaction is done. This way you could carry the one card and it would represent all the various loyalty cards you have.

End of Article

Previous Next

To discuss the article with the author, send an email.

Article Index Page

Club members should contact the webmaster with comments and suggestions about this web site.