Visa and MasterCard are cranking up security
Visa (V) and MasterCard (MA), the two largest credit card companies, are taking more measures to ward off the hackers. The two companies today announced plans to strengthen their security features in the wake of high-profile breaches at retailers such as Home Depot (HD) along with attacks at health insurer Anthem (ANTM) and Sony Pictures (SNE).
Visa announced that it's extending the use of its Visa Token Service, which it began rolling out last October. VTS uses a unique series of numbers to replace the traditional 16-digit account numbers, allowing transactions that don't reveal the account number.
The Foster City, Calif.-based company plans to introduce the technology on more devices and platforms and overseas as well. All of Visa's member banks offer tokens, which are now available on Apple's (AAPL) Apple Pay and will be on other mobile payment services later this year.
"The best reaction we can get from a consumer is no reaction at all," said Sam Shrauger, senior vice president for digital solutions at Visa, adding that in 15 to 20 years, the use of physical credit cards will be "much lower" than it is now.
MasterCard, based in Purchase, New York, will roll out a pilot program with First Tech Federal Credit Union later this year that will enable consumers to authenticate their transactions using unique biometrics such as fingerprints and facial recognition.
The announcements coincide with President Obama's new executive order on cybersecurity signed today that's designed to promote the sharing of data about hacking attacks between the private sector and the government. Often, reports about cybercrimes are delayed because companies are worried about harming their brands and providing information to rivals that can be used against them. The reticence about reporting attacks has made catching the criminals behind them more difficult.
"Rapid information sharing is an essential element of effective cybersecurity, because it enables U.S. companies to work together to respond to threats, rather than operating alone," according to a White House statement. "This Executive Order lays out a framework for expanded information sharing designed to help companies work together, and work with the federal government, to quickly identify and protect against cyber threats."
The Financial Services Roundtable, Wall Street's main lobbying group, greeted Obama's announcement enthusiastically. The organization's head, Tim Pawlenty, said he hoped it would encourage Congress to pass legislation that provides strong protections to encourage companies to share more information with one another.
The payments industry is far ahead of other sectors when it comes to cybersecurity, so much so that security expert Richard Moulds of Thales e-Security notes that a "gap is opening up." Hackers who broke into Anthem's network, for instance, were able to access to unencrypted data. That's a common occurrence in Fortune 500 corporate networks, where administrators the need to balance how to secure data from criminals with the needs of people who have to access that information for their jobs.
"The payments industry has been encrypting data for years," Moulds said. But he also pointed out: "Encryption doesn't stop data from being stolen. It just mitigates the impact of it being stolen."
He believes government officials will eventually require that companies holding personal data must encrypt it.