Weak credit card security is to blame for data theft at U.S. retailer Target


The U.S. is the juiciest target for hackers hunting credit card information, and experts say incidents like the recent data theft at Target’s stores will get worse before they get better.

U.S. credit and debit cards rely on an easy-to-copy magnetic strip on the back of the card.

In most countries outside the U.S., people carry cards that use digital chips to hold account information. The chip generates a unique code every time it is used. That makes the cards more difficult for criminals to replicate.

The breach that exposed the credit card and debit card information of as many as 40 million Target customers who swiped their cards between Nov. 27 and Dec. 15 is still under investigation. It is unclear how the breach occurred and what data criminals have. Although no security system is fail-safe, there are measures that stores, banks and credit card companies can take to protect against these attacks.

The magnetic strip on the back of a credit or debit card contains the cardholder’s name, account number, the card’s expiration date and a security code different from the three- or four-digit security code printed on the back of most cards.

When the card is swiped at a store, an electronic conversation is begun between two banks. The store’s bank, which pays the store right away for the item the customer bought, needs to make sure the customer’s bank approves the transaction and will pay the store’s bank. On average, the conversation takes 1.4 seconds. During that time, the customer’s information flows through the network and is recorded, sometimes only briefly, on computers controlled by payment processing companies.

Retailers can store card numbers and expiration dates, but they are prohibited from storing more sensitive data such as the security codes printed on the backs of cards or other personal identification numbers.

Hackers have been known to snag account information as it passes through the network or pilfer it from databases where it is stored.

Target says there is no indication that the security codes on the back of customer credit cards were stolen. That would make it hard to use stolen account information to buy from most Internet retail sites. But because the magnetic strips on cards are so easy to generate, thieves can simply reproduce them and issue fraudulent cards that look and feel like the real thing.