|
|
How bank cards work
Swiping your card sets this process into motion
There’s a complex behind-the-scenes process every time you buy something with a credit card, even though it usually only takes a matter
of seconds to complete:
A transaction begins when a customer presents a card to pay for a purchase. Bank cards can come in several varieties, including credit
cards issued by national banks and debit cards issued by local banks. The magnetic strip on the back of the card stores the information
that identifies the cardholder account number, name, and card’s expiration date.
At most stores, the consumer’s card is swiped and the transaction amount is entered. A machine at the cash register electronically reads
the cardholder’s account information. Through a phone line connected to the back of the machine, the terminal dials out to the processing
network for authorization to complete the transaction.
A similar process occurs on a retailer’s Web site, except the consumer must enter in the data that would normally be picked up by a card
reader in a store. Most retailers use an encrypting protocol known as SSL, short for “Secure Sockets Layer.” An encrypted Web site is easy
to spot - the start of the address will change from “http” to “https,” and, if you’re using Netscape, a padlock icon appears.
The processing network is responsible for translating and delivering the electronic information sent from the checkout aisle. The
transaction data is first routed to the issuing bank for authorization of the cardholder’s account, with the appropriate data then sent
to a processing bank as well as back to the terminal.
The consumer’s issuing bank verifies that the account is valid and the sale is within the cardholder’s available credit limit. This
triggers the network to send an approval code back to the retailer’s terminal so the transaction can be completed. Transaction details
appear on the cardholder’s next account statement.
The completed transaction is saved in the point-of-sale terminal until the business closes out the current batch of stored transactions.
This process, called “batching out,” generally occurs automatically at the end of each day.
Sources: National Federation of Independent Business, Smart Computing
A new standard
Credit card companies have begun to respond to heightened concern about security breaches by penalizing member retailers. In December,
Visa said it will spend $20 million in incentives to make members’ banks compliant, and begin fining those banks up to $25,000 if large
merchants aren’t compliant by the end of August and smaller merchants by year-end.
Experts recommend that merchants maintain a firewall to protect cardholder data, encrypt all data that’s transmitted across public
networks, regularly update antivirus software and monitor access to cardholder data.
“It’s a relatively new standard and our membership has been working very hard to get up to speed,” said Liz Oesterle, government affairs
counsel for the National Retail Federation.
But critics say Visa’s penalties don’t come close to covering banks’ losses. Issuing a new card costs up to $20 per card for some banks,
and a data breach stemming back to July 2005 may have affected the card data of millions of customers.
Solutions
While technology has contributed to the spread of credit card fraud, it also offers potential solutions.
Security consultants are pitching upgraded monitoring programs for retailers designed to flag unauthorized releases of data, rather than
the earlier emphasis on keeping out hackers.
“There’s a very telling shift between (monitoring) who’s getting in and what’s getting out,” said David Etue, senior security strategist
for Fidelis Security Systems, a Bethesda, Md.-based electronic security company.
More than three-quarters of data breaches are caused by an existing employee, Etue said, either through malice or ignorance.
“Half of the violations are someone who doesn’t know any better and doesn’t realize they’re putting data at risk,” he said.
All of which has consumers such as Drew, the jewelry designer from Boston, wary about how they pay for their purchases.
“I’m very afraid of someone accessing my bank account other than the bank,” she said. “It’s really terrible. In the age of technology,
every time you turn around someone’s hacking into somebody’s system. You almost want to go back to the old days of stuffing money in your
mattress.”
More
| |