What the History of Credit Cards Can Teach Us About Cloud Security Issues

Blog post

According to Gartner, the Cloud will be the default option for software deployments by 2020. Despite this movement, many companies still hold many preconceptions surrounding cloud security issues. While change can be concerning and feel unpredictable, especially when it involves financial security, it’s interesting to note that the history of how credit card technology has developed can actually tell us a lot about what happens when you overcome the reluctance to change. Being able to move past feelings of hesitancy can help companies tap into a level of safety that others have already become well accustomed to.

What is the Stripe?

The original payment card payment method used something known as “the stripe.” Stripe cards are a type of card that stores information, primarily financial information, on the back of the card with a band of magnetic material. Designed in 1966, the technology involved with these types of payment cards was originally made to be used inside tape recorders but was later adapted to protect consumers’ financial information.

Despite new technology being invented to replace the stripe, most of which is vastly more secure, up until 2015 about 25% of all electronic payment card transactions were conducted with a magnetic stripe card[1] – the majority of those transactions taking place within the United States.  Before the switch to a more technologically advanced option, which we’ll discuss in the upcoming section, American consumers were used to the magnetic stripe within cards, mostly oblivious to the security issues, and companies took a “why fix what isn’t completely broken” approach.  However, as you may have already guessed, ignoring an issue doesn’t make it go away, and eventually even the states decided to convert to a more secure option – the EMV Chip.

What is the EMV Chip?

EMV chip stands for Europay, Mastercard, and Visa, the three companies that created the technology. These cards process payments using an embedded microprocessor that protects cardholder data. And for most of the world, the change between the stripe and the chip came in the early 2000s, primarily because the cost of authorizing the stripe transactions is more expensive due to a lack of phone line infrastructure.

And with the chip came not only cost savings, but also an increased level of security. When hackers steal the financial information of a payment made with the stripe, they essentially get a copy of the card, with almost all the available purchasing power of the original card. But, when a payment is made with the chip, a unique personalized key is created for that specific purchase. So, when the financial information of a payment is stolen from a chip, only a copy of that specific transaction is stolen. This information is essentially worthless for any fraudulent activity as you can’t use that key to make additional purchases.

What Happens to the Ones Left Behind?

Before the inevitable switch to the EMV chip, the United States was a hotbed of payment card fraud activity and record-breaking data breaches. Making up about a quarter of the world’s electronic payment card transactions, the United States contained half of the world’s fraud rate,[2] due almost entirely to the fact that the rest of the world had already made the switch to a more technologically advanced option. For over a decade, the rest of the industrialized world had been using the EMV chips because of the level of security and data isolation that they provided. Because the magnetic stripe is a much easier target and the US processes a large majority of the world’s credit card reconciliations, it makes sense that it would have such an uneven distribution of the fraud attributed to this outdated technology.

Unfortunately, the switch in the US from the stripe to the chip did not come from a needed security upgrade but because of liability issues. For years, companies and card processors went back and forth arguing about who would be responsible for covering the cost of implementing the new technology. Finally, the big card networks announced that companies that didn’t accept the chip would soon become responsible for compensating people for fraud activity. While the change may not have been instigated by the most admirable of motivation, such as protecting the consumer, the benefits have been undeniable.

Why Evolving with New Technology is Important

While some would consider the move that the US made in 2015 towards the EMV chip to have been a bumpy one, the benefits are unmistakable. Both Mastercard and Visa have reported a drop-in counterfeiting of over 76%,[3] and experience tells us that markets with chips can expect instances of fraud to continue to decrease.

On the retailer side, EMV-ready merchants are once again free from the liability of chargebacks. Additionally, customer experience has improved, as research shows that the influx in contactless transactions, enabled by EMV technology, is approximately 53% faster than traditional magnetic stripe credit card transactions, and 63% faster than using cash[4].

No one loves change, but you can’t solve a problem with the same level of thinking that created the problem. While the initial transition might have been unpleasant to and even feared by some, the overall experience and level of security for credit transactions is better than ever.

 How On-Premise Software is Like a Stripe Card

As Robert Stevenson said, “It is the mark of a good action is that it appears inevitable in retrospect.” Just like the movement from the stripe to the chip, companies often lag behind in moving their technology from on-premise to the cloud. And similarly, to the increase in security that the United States experienced after switching to the EMV chip, companies that switch to a cloud-based system experience a level of protection that others are well accustomed to.

This is because like the stripe compared to the chip, it’s much more likely that a data security breach will happen within an on-premise system, not a cloud-based system. In fact, the majority of data leaks occur within on-premise systems.[5] Cloud hosts are far more likely to have well-configured, state-of-the-art load balancers and web application firewalls to protect from Denial of Service attacks, SQL Injections and Cross-Site Scripting, the most common types of hacking attacks, as well as more up-to-date patches than the average company. The expertise they bring to IT infrastructure helps maintain the protection that companies need for reliable data security.

Credit card processors knew that to keep up with current demands of security, change needed to happen. Our cloud security helps to make sure that we don’t fall behind in the first place.

To learn more about Trintech’s data security in the Cloud, read this brochure.

Written by: Caleb Walter

[1] Banjo, S. (2015, May 27). Americans are, by far, hackers’ favorite credit-card fraud targets. Retrieved June 11, 2018, from https://qz.com/411000/americans-are-by-far-hackers-favorite-credit-card-fraud-targets/

[2] Banjo, S. (2015, May 27). Americans are, by far, hackers’ favorite credit-card fraud targets. Retrieved June 11, 2018, from https://qz.com/411000/americans-are-by-far-hackers-favorite-credit-card-fraud-targets/

[3] Fraud Drops 76% for Merchants Using EMV, Says Visa. (n.d.). Retrieved June 11, 2018, from https://www.darkreading.com/risk/fraud-drops-76–for-merchants-using-emv-says-visa-/d/d-id/1331891

[4] B. (2015, December 28). 10 Things to Know About Contactless Technology. Retrieved June 11, 2018, from https://www.justaskgemalto.com/en/10-things-to-know-about-contactless-technology/

[5] Clouds are more secure than traditional IT systems — and here’s why. (n.d.). Retrieved June 11, 2018, from https://searchcloudcomputing.techtarget.com/opinion/Clouds-are-more-secure-than-traditional-IT-systems-and-heres-why