What Does the Michaels Stores Breach Show us?

Michaels Stores breach

The recent breach of security at Michaels Stores, which involved the corruption of nearly 90 PIN pads in 964 Michaels stores across 20 states and led to fraudulent withdrawals from customers’ bank accounts, reveals a vulnerable point in payment transactions in the United States.

Thieves find the magnetic stripes on credit and debit cards about as impervious as a pair of dollar-store pantyhose. With a little tampering, thieves can obtain the information they want.

The U.S. Secret Service is investigating the Michaels Stores situation and hasn’t yet released its findings.

Boston-based McAfee consultant and identity-theft expert Robert Siciliano said magnetic stripes are antiquated and easily skimmed.

Devices that read—or skim—the magnetic stripes are being attached to the faces of ATMs and point-of-sale terminals, Siciliano said. That’s how thieves collect the data.

Many countries have incorporated chip-and-pin/EMV (Europay, MasterCard, and Visa) technology, which is said to be more secure than the magnetic stripe alone. Of course, chip and pin is not without its flaws, as the BBC reported in 2010.1

France, the United Kingdom, Canada, Mexico, and other countries have all embraced the chip and pin, according to a February 2011 comment by the Secure ID Coalition to the Federal Reserve Board of Governors.2

The U.S. has not embraced chip-and-pin technology. Fraudsters have taken note.

“The bad guys know that a good portion of the world will go to EMV/chip and pin,” Siciliano said. “Right now, we are definitely the biggest fish in the ocean.”

The lack of chip-and-pin prevalence in the U.S. also creates problems for U.S. citizens who travel abroad with their cards. Ed Perkins at wrote that some banks have begun offering chip-and-pin cards to U.S. travelers.3

For a quick background on how and why the U.S. got to be where it is in regard to magnetic stripes, read Randall Stross’ 2010 piece in The New York Times.4

Chip-and-pin technology has found favor with Wal-Mart Stores Inc., the United Nations Federal Credit Union, and others, but it’s uncertain whether or how far it will spread in the U.S.

Until either EMV/chip-and-pin technology takes off in the U.S. or mobile commerce revolutionizes noncash payments, a slew of efforts will be made to attempt to decrease the vulnerability of magnetic stripes.

Fox Business reported that interactive credit cards are coming out that can be used on magnetic-stripe readers.5

A majority of the point-of-sale terminals available through The Small Business Authority currently do not support chip-and-pin technology. However, point-of-sale terminals can be easily converted to support chip and pin, according to Jim Bembenek, vice president of merchant services at The Small Business Authority.

“So, if chip-and-pin does finally arrive to the U.S. market, our equipment suppliers such as VeriFone have assured us that they will be prepared, and thus [The Small Business Authority] will be ready to deploy the proper equipment to get our merchants up and running with both EMV and NFC payments technology,” Bembenek said in an email.

Did you know that you could either save or make $250 on your merchant processing? The Small Business Authority is poised to write you a check for $250 if we can’t save you $250 on your Visa or MasterCard processing costs. Click here to save money.

Fore more information, visit:
1. “New Flaws in Chip-and-Pin System Revealed
2. Comments of the Secure ID Coalition before the Federal Reserve Board of Governors
3. “Big Banks Finally Break Chip-and-Pin Credit Card Logjam
4. “Maybe Your Old Credit Card Is Smart Enough
5. “Credit Card Magnetic Stripes Get Smarter

Comments are closed.