By Dr. Byron Jeff, Computer Science and Information Technology Department Chair and Associate Professor of Information Technology,Clayton State University
"Should I never swipe a debit card at a retail outlet again?" It’s a question a lot of people have been asking in the wake of the massive security breech associated with Target, wherein as information on as many as 110,000,000 transactions may have been stolen and subsequently sold on the shadow information market where personal data (name, E-mail, phone, etc.) can be used for anything from ID theft to building better phishing applications.
While there has been a lot of technical talk recently about firewalls and the safety of POS (Point of Sale) systems, here are a couple of things you still need to know as a consumer.
You may be surprised to know that the answer to the above question is, "absolutely!" Continued use of debit cards at retail outlets, in the wake of the Target security breech, and other recent reported possible security breeches, is analogous to continuing to use a bank even though banks get robbed.
There's no such thing as perfect security, and even though, when security fails, the use of electronic accounting systems facilitates the replacement of funds if they are stolen, the larger impact of a security breech is both the inconvenience of having to replace compromised cards and the overall additional costs in fees and insurance to retailers, costs which of course they simply pass on to their customers. The overall impact is that all prices rise due to theft.
So, should we use cash only in our retail transactions? No… cash customers have a much greater personal risk than anyone carrying a card. In fact, one thing you want to walk away with following the Target snafu is that it is always safer to use a card rather than cash. That’s because cash can be lost or stolen and because there is no electronic record of its transfer, there is no possibility of it being replaced if it is lost or stolen. All card transactions are electronically recorded. That’s why there’s such an elaborate fraud system in place. We all need to live with that system, because every bit of fraud we can avoid lowers the cost of business to everyone, both businesses and consumers.
The one security suggestion I'd offer is never use your debit card with a PIN unless you absolutely have to get cash back. It's always safer to run your debit card as a credit card, precisely because the PIN is never entered. You can always use a debit card as a credit card, unless you need to get cash back. When you do use a PIN, cover the keypad.
See the PIN number isn't stored on the magstripe of the card. Neither is the CVV number on the back of the card. So, even if you capture a swipe of the card, you cannot get the PIN or CVV. The PIN is only entered into the POS (Point of Sale) machine and it's encrypted before the request is sent out on the network for processing. The only reasonable way to capture the PIN is to get it as it is being entered into the terminal, often through a hidden camera or other clandestine observation. So, cover the keypad when you do enter your PIN.
The bottom line is, you should not be fearful of using your card, however, debit cards are much more risky because they are connected directly to your checking account. From a security standpoint; it’s almost always safer to use a credit card, and signing is better than using a PIN, and everything is better than cash.