Cyber crime is on the rise, hitting retailers especially hard in 2013. Credit card information is vulnerable, and consumers are hungry for the next generation of data protection. The good news is that a solution is close at hand — literally — in a smartphone.

Hackers Hit Bulls Eye

The most high profile cyber attack of 2013 was the Target data breach, hitting the US retail giant at the peak of the holiday shopping season. It exposed credit card information of up to 40 million customers and spilled personal data of 70 million more. Authorities confirm the attackers stole customer data by infiltrating Target’s internal servers. They installed malware on POS systems to intercept data when customers swiped their cards.

The offenders ultimately took 11GB of data, including payment card and other personally identifiable information. Hackers performed similar operations against other major retailers around the same time, and the reported damage is staggering. The breaches exposed sensitive personal and financial information of more than a third of the US population and cost banks over $200 million to replace vulnerable cards. It was an extraordinary financial loss and an even more substantial loss in consumer confidence, emphasizing the pressing need for a more secure solution.

Plastic Poses Problems

Some in the payments industry are pushing EMV as a solution. EMV cards have been used throughout Europe for the past decade as a replacement for magnetic stripe cards. EMV stores encrypted payment data in a tiny embedded chip and typically requires a PIN to process payment, earning it the moniker “Chip and PIN” in the UK. 

While EMV is slightly more secure than magstripe, it is costly to employ. Adopting EMV will require a complete overhaul of the US POS payments infrastructure. The cost to merchants and banks of implementing this major change may exceed the security benefits, which is the main reason why EMV has not been embraced in the US.

EMV cards cost significantly more to produce than magstripe cards — between $2 and $4 compared to about $0.15. To accept them, all merchants will have to upgrade to more expensive card readers. The price tag for the conversion is estimated to be over $10 billion.

These large investments do not guarantee bulletproof security. EMV is susceptible to numerous attacks. EMV cards can be stolen, and thieves have tampered with stolen cards to disable PIN security, eliminating a key benefit of EMV. In addition, EMV cards and readers cannot safeguard against Target-like malware attacks, and that means that payment data and PINs remain vulnerable to interception by cyber criminals.

In short, plastic cards are not the solution that retailers, card issuers, and consumers are seeking to solve the payment security problem; they are looking to a new generation of technology for answers.

Usher Promises Payment Security

Usher, MicroStrategy’s Mobile Identity Platform, is the answer. It provides a secure and convenient private label mobile payment card using something that is in the palm of most hands: the smartphone. When paying with Usher, customers no longer openly present payment data at the front-end of the transaction. Instead, the cardholder communicates her identity through an encrypted, out-of-band channel, and her identity is then matched with the associated payment data stored by the issuer or other trusted entity. For higher risk transactions, Usher can enlist biometric-caliber security by requiring customers to prove identity with their voice or face.

This mobile solution also saves money. Usher avoids the crushing expenses associated with issuing new credit cards and updating to EMV-compatible card readers.

Retailers, issuers, and consumers are ready for an effective and timely solution to the security problems inherent in the current payments ecosystem. The answer is not a costly transition to a 20-year old technology that does not completely solve payment card fraud. The next generation for consumer security is with advanced mobile platforms like Usher.