Home Depot Breach and the Need for Mobile Payments16.09.2014 | Blog
My name is Stephen Fluin, and my credit card has been compromised twice over the last 6 months due to the Home Depot breach. I’m a relatively infrequent shopper at Home Depot. I typically visit the store in either Eden Prairie or Roseville, MN about once every 2-3 months. My purchases are typically small, between $20 and $40. The last thing I was expecting was that making these completely ordinary purchases would put my financial well-being at risk. The first time was in April of 2014. I was checking my statements and there was a strange $2400 purchase at an Apple Store that I had never been to. I submitted a fraud report, they canceled the card, refunded the transaction, and that was that. The strange thing was that when I called the store regarding the purchase, they said the card had been swiped, meaning that someone had physically swiped a card in store, rather than simply providing a number. The card had never left my wallet, so that meant that someone had printed an identical-looking card with my number on it. In August 2014 the same thing happened again, this time at a Family Dollar two states away. This time, the credit card company called me and asked me if the purchase was fraudulent, which I stated it was. Again, the card had been physically presented and swiped. Again, they cancelled the card and sent me a new one. Over the past 2 week, it has come to light that there has been a massive breach of data security for shoppers at Home Depot, which I now know was the source of my problems. How It Happened The current state of credit cards in the US is a mess. The US doesn’t require a technology called “chip and pin” that effectively uses a different credit card number for each and every purchase. This means that even if someone can see a past transaction, they can’t make new transactions. Without this technology, a single swipe of the magnetic strip on your credit card can leave you completely vulnerable to fraud. This type of fraud costs our economy millions per year. The Solution New options are arriving, and mobile is going to be at the forefront. Currently, by October 2015, US law requires that retailers end support for swipe and sign credit card usage. Credit cards will require “chip and pin” systems similar to those found in Europe and internationally. Unfortunately this will make transactions slightly more time consuming and error prone for consumers, and has the important implication of transitioning some of the liability for fraud from Credit Card companies to consumers. Alternatively, consumers and retailers are beginning to adopt alternative currencies such as Bitcoin and Litecoin. These solutions work well as they are based on mathematics and the power of the network, rather than central authority. Companies like Newegg, Overstock, and even Paypal are getting into the Bitcoin payments world, and it is only going to keep growing from here. As of August, 2014, you can even buy plane tickets with Bitcoin with services like CheapAir. Mobile Is Key mobile-payment Android has had NFC and mobile payments since 2011 with devices such as the Galaxy Nexus. Google Wallet was hailed as a single place that payments, loyalty programs, and offers could be collected and stored and used. The unfortunate thing for Android was that many carriers rejected these capabilities, and blocked them from becoming widely available enough for the technology to catch on at scale. With the iPhone 6’s announced support for NFC mobile payments will now be supported by virtually every smartphone device. This means that for a consumer to make a purchase, all they have to do is unlock their phone and tap it against a small device on a counter. Mobile also supports direct person-to-person payments via traditional services like Google Wallet, Square, and Paypal, as well as newer systems such as Bitcoin and Litecoin wallets. These types of payments (which can be remotely locked/wiped/disabled) are going to make the world a far more secure place.