This Target data breach is exposing some of the laziness, laxity and lies of our credit card oligopoly.
First, as Kevin Drum points out, if we had Chip and PIN in the US, Target and banks would be in much less trouble, because you need a smartcard chip and the user’s PIN to complete a transaction using the standard most other first world countries use.
Second: I have a Target Red Card, their store card, and I used it a couple of times during the breach period. Now that Target has enough call capacity to actually answer the Red Card fraud line, rather than having it just give a fast busy signal, the first thing they are eager to point out is what the credit card industry would rather obfuscate: “You have zero liability for any charges you didn’t make.” Over the past decade there have been lots of scary commercials from businesses trying to sell identity theft protection. Some of those products are from banks that issue credit cards. People watching those commercials might think that they’re in trouble if their credit card is stolen and it is used by the thief. Though they’re probably in for a big hassle, in the end the bank and card companies are liable for the transaction. That’s part of the deal with interchange, the 2-3% that banks and card companies charge retailers for every credit card transaction.
Of course, banks are now limiting transactions on accounts used at Target to cap their liability, which is another huge hassle, but I’d cut up that card and use a different one if my bank did that. They make billions of dollars of easy profits from interchange and interest on credit cards, so fuck ’em if they can’t secure the product that they’re jamming down our throats.