50 Ways to Lose Your Numbers: Why Credit Cards Need to Go


Illustration by Alyssa Minko

Your credit card has been stolen. If you have multiple cards, they have all already been stolen. Due to the absolutely atrocious security surrounding one of the most popular forms of payment, it is exceedingly likely that if you've ever used your card to pay for anything, the number is already floating around on the internet.

The first types of credit cards gained popularity in the 1950s and have only become more pervasive over the years. However, since the introduction of the magnetic stripe in the 1980s, not much has changed in the way of credit card technology. The entire way we make electronic payments is in desperate need of an overhaul. Maybe there's no such thing as perfect security, but what protects our information these days is far from it.

Magnetic stripe technology has been out of date for years. Card skimmers are easy to install and can swipe data from tens or hundreds of cards before anyone realizes they're there. They offer no sort of encryption or advanced security; if you can swipe someone's card, you have all the information you need to use their account. Starting in 1990, in an effort to shift the burden of blame for credit card theft from credit companies to merchants and store owners, Europe began implementing a new form of card security known as the chip-and-PIN system, which is much more secure and much more difficult to steal than a simple magnetic stripe card. However, this technology is only just now coming to the United States — over 20 years after the system began. It's no wonder America reports one of the highest rates of credit card fraud in the world.

Of course, chip-and-PIN technology isn't entirely foolproof, either. The chips generate a string of supposedly random numbers to be scanned, then require the cardholder to enter their PIN. However, these "random" numbers are sometimes produced by a simple counter or a timestamp. A skilled hacker can check the current number and guess what the next number will be. Worse yet, a stolen card can become subject to what's known as a "man-in-the-middle" attack, in which a second chip is soldered onto the card to make it accept any entered PIN. Both magnetic stripe and chip-and-PIN cards share a set of large vulnerabilities.

When your waiter walks over to the register with your check, or when you read your card number to a cashier over the phone, there is very little you can do to stop them from writing down your number for their own personal use. You can't see them, so you can't stop them. The only way to prevent this would be to strip all visible credit card information, such as the card number and expiration date, from the physical card itself. If that happens, however, one would be unable to enter the necessary information for making a purchase with that card online.

Then the issue becomes how to make online payments despite not having that data on-hand. Several online merchants and companies are working on projects that would allow the user to enter their card information once into their database and then use their service to make online payments. Furthermore, some of these new programs would have an app for smartphones that would allow the user's phone to be scanned like a credit card to make physical purchases at a store. PayPal and Google Wallet are two such programs that fall into this general category.

However, digitalizing everyone's credit cards has risks of its own. While physical thieves would be hard-pressed to steal information from you when your card is a few bytes of data in Google's databases, online thieves might have a better shot. Although credit card information is kept behind some of the toughest encryption and digital security, it doesn't mean it's impossible to steal. Target was breached in 2013, and Walmart was hit just last year. Online security is improving, but hackers are always looking for new ways to get your information.

With so many ways for credit card information to be stolen, it's a very fair assumption to say that almost every currently existing credit card number is somewhere on the internet. Which is to say, somewhere on the internet that it should not be. There are numerous websites that allow scammers to buy and sell card numbers like commodities. They can be purchased in the tens or the hundreds.

Becoming a victim of credit card theft is comparable to winning a very bad raffle; your number was pulled out of a sea of millions. If someone becomes a victim of card theft, they usually find that their bank will quickly reimburse the stolen funds. Banks know that card theft is nearly impossible to avoid, so they don't really argue when fraud is claimed. In fact, they're constantly monitoring cards for any shady transactions in an attempt to prevent them before they get approved. This just goes to show how prevalent fraud really is: it's become so frequent that even the banks accept it as a normal part of having a credit card.

Millennials, including college students who may be fairly new to carrying a credit card, are especially vulnerable to having their cards stolen, whether it be physically or digitally. They may be unfamiliar with how to avoid fraud and fall for scams. They might also be more prone to forgetting their card somewhere, like at a restaurant or bar. It's imperative that new cardholders take the time to learn how to recognize potential fraud and avoid it. A good starting point is learning to check one's accounts more than once a month when the monthly statement arrives.

Account security in general is in dire straits. It's filled with cracks and holes that allow thieves to steal money from anyone they please. Fully digitalized cards may be the most secure for the time being, but even then, they aren't entirely safe. There might be no entirely flawless system, but we need something more secure than a few static numbers between criminals and our bank accounts.