Smart Cards, Smarter Passwords

The nature of payments, and how they’re made, continues to change — whether credit, debit, or prepaid. Payments continue to move from one digital platform to the next, sometimes leaving customers wondering if making any of the changes are worth it, or if something even newer will come along first.

The latest entrants to the field are mobile pay systems, and virtual wallets, such as those offered by Apple and Google. And for those still using cards — which at the moment, is still mostly everybody — changes are coming there, too with new EMV standards becoming, well, standard by this fall, here in late-adapting America (the cards have long been used in Europe, Asia, and other territories).

But now the Extreme Tech website is reporting on a have-your-cake-and-eat-it-too innovation that may allow card-users to move into the next arena of payment technology while still using a familiar device. This hybridized plastic is called “the smart card.”

“Smart credit cards mimic the look of current plastic credit cards, but come with a microprocessor chip that has standard PCI-DSS data encryption compliance to protect your personal information,” the site notes. “Once you’ve swiped your card, the card reader uploads the information to the smart card via Bluetooth.”

But this isn’t the same kind of chip that the coming EMV cards will have: “Whereas current credit cards can only read one set of financial information for one store brand, smart credit cards can store credit card information for multiple stores.”

In other words, like with your phone, you could have several “accounts” on a single piece of plastic — and still manage to slim down your wallet.

ExtremeTech thinks some of the appeal of sticking with a “card” platform could be security: “With the hack attacks executed on the IRS, the White House, and major banks like Chase, some consumers would rather have at least one plastic card in their wallet or purse to pay for purchases. Starbucks saw its mobile app hacked into recently, with hackers stealing money from the digital cards of regular customers.”

And yet, another recent CNNMoney article shows an astonishing lack of security on the receiving end of purchases, making all kinds of hacks and breaches still much too likely. And what is the main reason?

“Get ready for a facepalm,” the article says. “90% of credit card readers currently use the same password.

“The passcode, set by default on credit card machines since 1990, is easily found with a quick Google search and has been exposed for so long there’s no sense in trying to hide it. It’s either 166816 or Z66816, depending on the machine.

“With that, an attacker can gain complete control of a store’s credit card readers, potentially allowing them to hack into the machines and steal customers’ payment data (think the Target and Home Depot  hacks all over again). No wonder big retailers keep losing your credit card data to hackers. Security is a joke.”

That’s right — up to 90% of merchants keep the default passwords that come with their machines, which are easily searchable on Google — and don’t change them!

We, of course, have written up various security reminders here to get those passwords changed right away (and then keep changing them every so often), as one of the most basic security steps you can take.

“The default password thing is a serious issue,” the article continues. “Retail computer networks get exposed to computer viruses all the time. Consider one (recent) case:  A nasty keystroke-logging spy software ended up on the computer a store uses to process credit card transactions. It turns out employees had rigged it to play a pirated version of Guitar Hero, and accidentally downloaded the malware.”

So be a real Hero, and not only change those passwords, but use a separate, dedicated machine for processing payments — one that isn’t also being used to play Guitar Hero, Grand Theft Auto, or anything else.

And as for the smart cards? ExtremeTech says “at the moment, smart credit cards are in their prototype stage, with few available for preorder.”

So whether smart cards can carve out a market share before consumers make their next big payment adaptation — much as layaway gave way to credit accounts — remains to be seen.

Either way, AVPS will be here to help keep you current. And either way, make sure you’ve changed those passwords.

Leave a Reply

Your email address will not be published. Required fields are marked *