Payment processor Global Payments has been hacked and data about 1.5 million credit cards has apparently been released, including the “Track 1 and Track 2” data needed to re-create the magnetic stripe on a credit card. The goal of the hack was probably to get enough information to clone those cards so they can be used for fraudulent transactions.
Visa has dropped Global Payments from its registry of providers who meet security standards, which means nothing since Global Payments will still be processing Visa transactions. Since the credit card companies have to eat fraudulent transactions, this will be a lot of hassle for them and for affected card users, but hopefully nobody but the banks will pay directly for fraud (though we’ll all pay indirectly, of course).
I wonder if the media freakout will mention a couple of facts about the payment system. First, we’re way behind Europe in the use of smartcards, which are much harder to clone than the 60’s-era mag stripes on US cards. Second, the use of your cell phone as a means for payment has been working for almost a year in the form of Google Wallet, but that hasn’t been rolled out officially anywhere but on the Sprint network, because the rest of the cell carriers have grouped together to create their own standard to allow them to take a cut of transactions made using your cell phone.
I have Google Wallet on my non-Sprint Galaxy Nexus (officially unsupported and installed via a work-around) and it’s fun because the sales clerks treat me like Dumbledore every time I use it. Besides that, it has the potential to be more secure because I have to enter a PIN on my phone before any payment can be made. I’m sure everybody will have it in five years after the free market of a few huge cell providers, phone makers and banks all decide how we’ll all be charged more for the privilege of a secure payment system.