Once thieves capture the card information, they check the type of account, balances and credit limits, and sell replicas on the Internet. A simple card with a low balance and limited customer information can go for $3. A no-limit "black" card with the security number printed on the back of the card can go for $1,000, according to Al Pascual, a senior analyst at Javelin Strategy and Research, a security risk and fraud consulting firm.
To be sure, thieves can nab and sell card data from networks processing cards with digital chips, too, but they wouldn't be able to create fraudulent cards.
Credit card companies in the U.S. have a plan to replace magnetic strips with digital chips by the fall of 2015. But retailers worry the card companies won't go far enough. They want cards to have a chip, but they also want each transaction to require a personal identification number, or PIN, instead of a signature.
"Everyone knows that the signature is a useless authentication device," Duncan says.
Duncan, who represents retailers, says banks want to preserve the higher profits they can get when a signature is needed because there are fewer signature processing networks, and less price competition. The higher profits outweigh the cost of fraud, Duncan says.
"Compared to the tens of millions of transactions that are taking place every day, even the fraud that they have to pay for is small compared to the profit they are making from using less secure cards."
Even so, there are a few things retailers can do, too, to better protect customer data. The most vulnerable point in the transaction network, security experts say, is usually the merchant.
"Financial institutions are more used to having high levels of protection," says Pascual. "Retailers are still getting up to speed."
The simple, square, card swiping machines that consumers are used to seeing at most checkout counters are hard to infiltrate because they are completely separate from the Internet. But as retailers switch to faster, Internet-based payment systems they may expose customer data to hackers.
Retailers need to build robust firewalls around those systems to guard against attack, security experts say. They could also take further steps to protect customer data by using encryption, technology which scrambles the data so it looks like gibberish to anyone who accesses it unlawfully. These technologies can be expensive to install and maintain, however.
Thankfully, individual customers are not on the hook for fraudulent charges that result from security breaches. But these kinds of attacks do raise costs —and, likely, fees for all customers.
"Part of the cost in the system is for fraud protection," Oxman says. "It costs money, and someone's going to pay for it eventually."
Jonathan Fahey can be reached at http://twitter.com/JonathanFahey .
- SUV that rolled, killed 'Star Trek' actor is...
- Yellen faces GOP criticism over weak economic...
- How the UK could remain in the EU even if it...
- US new-home sales tumbled in May after a...
- Markets reel as world absorbs shock of UK...
- Governor touts education as key to state tech...
- Groups write U.S. Attorney General asking for...
- Michelle Singletary: Should you replace your...
- Trial ordered for politician accused of... 5
- Costco begins new credit card agreement 4
- Emery County defrauded out of nearly... 4
- GOP gubernatorial candidate Jonathan... 4
- Yellen faces GOP criticism over weak... 3
- What Costco shoppers should know about... 3
- Delta pilots picket for better pay in... 3
- Governor touts education as key to... 2