Target; Nieman-Marcus; Michaels. Lately, it seems that a week doesn't go by without some major retailer being forced to inform customers that their payment systems have been compromised, potentially affecting millions of cardholders and their finances. Of course, that's on top of the myriad scams that happen every day on a smaller scale and end up costing both consumers and businesses billions of dollars every year.
As plastic has increasingly replaced cash over the years, the financial industry has worked hard to tighten its grip over payment networks in an effort to curtail fraud—obviously, with mixed results. But that's due largely to the fact that the weakest links in the long chain of providers that make charging your credit card possible are outside of the industry's control. In the end, the best solution to this problem may already reside in your pocket: Your phone could be the key to a truly secure way to spend your money.
Would you like my wallet?
Despite the fact that it often gets a bad rap, the amount of technology that surrounds the plastic we carry in our wallet is something to behold. You could be ordering a latte in Shanghai and, with little more than a phone call, the coffee shop would be able to contact your American bank in real time to find out if your credit card is legit and if you have enough credit to cover your purchase.
Still, unlike cash, card transactions are inherently insecure: Handing over your Visa to store clerks is essentially equivalent to giving them your wallet, trusting that they will only take the money you owe them and return it to you. Of course, most merchants are honest, but the fact that every bit of information needed to take your money is encoded in the magnetic track of your cards means that all it takes is a small, hard-to-detect change to the hardware they use—either at the point of sale or in transit from the manufacturer—to turn them into hapless enablers of fraud on behalf of unscrupulous criminals.
Card networks have tried to combat this problem by implementing increasingly sophisticated solutions. For example, Visa, MasterCard, and their brethren have put numerous regulations (part of their PCI initiative) into place aimed at making retailers handle their customer data in a more secure manner, and even introduced chip-and-PIN technology (called EMV in the industry), which essentially places a tiny computer right on each card; its job is to mediate each transaction interactively, thus providing merchants with only the information they need to charge you once.