Target and Neiman Marcus and the other hacked retailers that have bled millions and millions of consumers’ data into the global underworld generally carry on unharmed. Yes, they might pay fines, get sued, and lose short-term sales. But they don’t pay a cost that’s proportional to the vulnerability they hoist upon their banking partners and customers. Wall Street, which strives to build any and all perceived risks into company share prices, reflects this truth. Consider Target: the company’s shares traded at $17.51 per share a week before it announced it had lost up to 40 million consumers’ credit card and personal data, a figure the company later revised to 70 million, and then revised again to 110 million. A week after the announcement, Target shares had declined $0.42, or just 2.4%. To put that in perspective, Apple shares dropped 8% in late January after announcing record-setting yet lighter-than-expected iPhone sales. That’s right: the most valuable brand on the planet lost more than $39 billion in market capitalization for selling just 51 million iPhones—the most it has ever sold in any quarter—while Target lost just 42 cents a share for exposing 110 million consumers to untold risk. It’s this failed logic that explains the real reason consumers should expect retailers to continue fumbling their credit card data: retailers are being out-innovated by hackers and they don’t have the resources or motivation to create counter-innovations.
This, of course, is terrible news for consumers. Even one of Target’s offers to potential victims—free credit monitoring by a third party—underscores how little control they have in the matter. Consumers can opt for this monitoring, and have their bank issue new cards with new numbers. But that’s about it. And that’s only if consumers know about a retailer getting hacked. Target, after all, made its first announcement 22 days after the initial intrusion. So why do consumers—those personally affected by a data breach—have so little control within this growing problem? It’s simple: the modern credit card is a relic. Its design is stuck in another era, in a time before sophisticated electronic crime.
It’s true that credit card companies have added some new layers of security to credit cards. These include anti-counterfeiting measures such as holograms and watermarks, as well as card security codes (the three- or four-digit codes on the back of most cards for use when the card is physically not present), which are sometimes referred to as a card verification values (CVV or CVV2). But these codes are just another piece of static data that can also be stolen en masse from retailers. In its online FAQ about the data breach, Target tells customers: “At this time, we have no indication that CVV2 was compromised . . .” Comforting, isn’t it? Even the newer “chip and PIN” standard that’s already common in Europe and Asia is not the answer. Chip and PIN just makes it harder for crooks to use stolen data, and doesn’t represent the innovative leap forward that credit card design requires.
So what is the answer? The technologies that could bring credit card design into the modern era are already thriving in other consumer products: biometrics and location-based services. New iPhones know their users through fingerprints. And smartphones in general know precisely where users are, enabling all kinds of social-media applications and advertising, which means they can be tethered to credit card transactions as well. Integrated into a credit card, these technologies would make batch theft of consumer data from retailers obsolete. No, they are not bulletproof, and some level of fraud will always occur. But they could modernize credit card design, and—importantly—return more control of personal data to consumers. Predictably, credit card companies will balk at the cost of integrating these technologies. But consumers have already demonstrated their interest in a better credit card design—and their interest in paying for a better card themselves. Coin, the credit-card consolidator startup, reached its initial crowdfunding goal in less than 40 minutes, and it’s explanatory YouTube video has more than 8 million views.
We need to move beyond these archaic pieces of plastic. Let’s stop waiting for black hats to pilfer more credit card data in batches of millions from incompetent, disinterested, or complicit merchants. Let’s design a credit card that reflects the technological advances we’ve already made. In a world filled with smartphones, smart keys, smart insurance ID cards, smart homes, and smart everything else, it’s time for the credit card to become smarter. So bring on the biometric iCard. Bring on new hardware tethered to Google Maps. Bring on the modern credit card consumers need—and deserve.