Coakley is Wrong to Champion 'Chip and PIN' Fits-All-Solution

Neil McCabe
|
Posted: May 26, 2015 12:01 AM
Coakley is Wrong to Champion 'Chip and PIN' Fits-All-Solution

Martha Mary Coakley, recently hired at the liberal Boston law and lobbying firm Foley Hoag, has come out swinging for mandatory “Chip-and-PIN” systems for debit and credit cards.

Although, she must be desperate for a win, it is hard for me to pity Coakley or agree with her.

When I was a reporter in Somerville, Massachusetts, a small city bordering Boston, I knew of three instances, where she declined to pursue sexual assault charges against politically connected suspects, as the Middlesex County District Attorney.

This was before she lost a Senate race to Republican Scott P. Brown in 2010 or she failed in her 2014 bid for Massachusetts governor against Charles D. Baker Jr., a man even more liberal than Brown.


The Chip-and-PIN system is almost universal in Europe and Canada and it is familiar to federal civilian workers and military personnel as the Common Access Card, or CAC card, that allows the holder to access buildings, digitally sign documents and log on to government computers.

For the consumer, it means he no longer has to sign a paper receipt, when he interfaces with the Europay-Mastercard-Visa transactional grid. With the Chip and PIN card, the consumer inserts his card with the brass colored chip into the reader and for purchases over a certain amount, let us say $20, the consumer types in his personal identification number.

In the United States, retailers and card companies have been pushing to leave the magnetic stripe and its vulnerabilities which Professor Aad van Moorsel, head of the School of Computing Science at Newcastle University and expert in cyber crime security, said is the lowest hanging fruit with regard to payment card fraud.

The professor said, “With the magnetic stripe option currently being phased out, the next target that criminals will aim for is the contactless payment feature.” Chip-and-PIN is called contactless because the cashier no longer inspects a card or signature at the point-of-sale.

Already, the hackers have figured out how to subvert the Chip-and-PIN. At the August 2014 Black Hat cyber security conference in Las Vegas, researchers from MWR Labs, simply used a “Chip-and-PIN” card loaded with a spy program to override at reader's instructions.

Writing for CNN Money, Jose Pagliery said that the new instructions could be: "Stop encrypting PINs and store all subsequent credit card swipes in your computer memory." Then, at the end of the day, another hacker inserts a card with new instructions: “Download all data to me.”

Getting back to Martha Mary, what she is trying to do is get Congress to make the “Chip-and-PIN” system the law of the land, which is a problem. The one size-fits-all solution would not do anything to protect the massive data hacks that have compromised consumers’ personal information held by major retailers.

Coakley should know better, she has investigated and sued multiple retailers for failing to protect consumers’ personal information from hackers.

During the recent data breaches at Target and Home Depot, Coakley said: “This significant data breach has put the personal information of Massachusetts consumers at risk,” Coakley claimed her office would ensure that proper safeguards were in place on the retailers’ systems to protect consumer information.

In 2011, Coakley took action against a major restaurant group in Boston and said her office would continue to take action against companies that fail to implement basic security measures on their computer systems to protect the sensitive information entrusted to them by consumers.

In announcing the settlement with TJ Maxx, the Massachusetts-based retailer, Coakley said, “All retailers and companies that hold or use personally-identifiable information must employ data security systems that guard against the improper disclosure or use of that information."

The Chip-and-PIN system has great advantages over the magnetic stripe, but it is not invulnerable. In the free market it will thrive until it does not thrive and the next security system takes over. Locking in one technology to the exclusion of others stalls innovation and disrupts the competitive evolution of technology.

Yes, Coakley desperately needs a win, but giving Chip-and-PIN feudal rights over all transactions is the wrong win for consumers and the free market.