Click to expand.
In the wake of a credit card data breach that jeopardized the information of about 70 million consumers, an Ohio State professor is working to improve the safety and decrease the costs of the cards used in the U.S.
Paul Berger, an Ohio State professor in the Department of Electrical and Computer Engineering, is working with a team of researchers in Finland to develop a credit card that is not only safer for cardholders, but cheaper and easier to produce.
Berger believes he was one of the about 70 million Target customers who had their credit card information, as well as names, phone numbers and email addresses, stolen because of a security breach during the holiday shopping season at the end of 2013.
“Shortly after shopping there, we started seeing bogus charges from somewhere in Mexico,” Berger said. “Our company called us about suspicious behavior and we had to cancel and replace the card immediately.”
Since the breach, Target representatives have said the company is working on a plan to distribute chip-based credit cards.
Currently, many Americans use cards with a magnetic strip on the back that contains all the necessary information for a purchase. A customer swipes his or her card through a reader and sometimes uses a personal identification number, more commonly known as a PIN, or signature to confirm.
Alternatively, more than 80 countries are using “chip and PIN” credit cards, including most of Europe. These cards are built with an extremely small chip inside a silicon disk on the card, which has enough technology to store memory and perform other basic functions. The biggest difference between the systems is the chip and PIN cards use a timing mechanism to generate an encrypted key at the moment of purchase that only lasts a set amount of time.
Berger said this system is more secure because if someone gets a hold of the card or PIN number, the encryption key would prevent them from accessing the account or using the card for a purchase.
“Hardware encryptions are more ‘hack-proof’ than the magnetic strips, so there’s a need to have a computer system physically in the card,” Berger said.
A big reason the U.S. has yet to make the transition to chip and PIN cards is retailers and merchandisers would have to upgrade their card readers, Berger said. Many vendors would need to buy a new scanner. Berger said he thinks, though, eventually the need for the investment will be too great to ignore, and a credit card “revolution” is imminent.
An executive from a leading credit card company who wished to remain anonymous because the person was not authorized to speak to the media said they’ve heard the chip and PIN system is safer.
“In the U.S., it’s not used for the most part. If the merchants are forced to buy new POS (point of sale) equipment, it would be pretty expensive. That would be a huge investment,” the executive said.
The costs to the company in the case of a data breach, though, can often be great, the executive said.
“We have to set up financial reserves (for the company) in case of theft to reimburse the victims,” the executive said. “The company has to have a testing process in place to mitigate fraud. They need a way to monitor and differentiate fraudulent charges. We have to maintain good customer relations, point out odd behavior, etc., so there’s a cost of ensuring that you have a complete and successful system there.”
The executive said there are costs for consumers, too.
“It’s rare that a company will deny retribution to a victim of fraud, so usually they don’t have to worry about the actual money that the thief used. Still, in most companies there are fees and charges for canceling and ordering a new card. Also, there is the large inconvenience of waiting for the new card to be issued and arrive. During that waiting period, they may be unable to do a lot of things, especially if they only had the one card,” the executive said.
Berger said he wants to take the movement toward chip and PIN cards farther forward.
“If we had this revolution and moved to the chip and PIN system, why don’t we go one step further and use organic materials to cut cost?” he said.
Berger said to construct silicon microelectronics, companies need lab equipment such as hazmat suits, quarantined machine stations and an assembly process of completely automated machines working together in a large facility.
Berger said it could cost about $6 billion to build a factory meeting those requirements.
He’s working on a process that could produce the card and chip together using organic polymers and plastics for the chip, rather than the traditional method of silicon transistors. He compared the idea to a newspaper press that rolls a sheet of material continuously through a series of steps.
“It’s kind of like a 3-D printer,” Berger said.
He said there are multiple advantages for this process. For example, the entire space of the card could be used for circuitry and computer components, as opposed to the small disk of silicon that contains all the working parts. It also means that conditions for manufacturing do not need to be so restrictive.
“The smallest hair, dirt particle or flake of dead skin can disrupt the building of a silicon processor,” Berger said, which is why companies spend so much money and time keeping machinery clean and separate from their employees.
At OSU, Berger and his team of researchers are working on building the individual components of the polymer computer system. His research partner in Finland, Donald Lupo, a professor at Tampere University of Technology in Tampere, Finland, is working with scientists to develop the system that Berger calls “a marriage between high-tech and paper: printed electronics.”
Berger and Lupo have been sending their research students to each other to bolster their communication and increase their understanding of the work.
Conner Chambers, a master’s student in electrical and computer engineering, has been conducting research with Berger for two years, starting when he was an undergraduate student at OSU. He said he will be spending about a month with Lupo’s team in Finland at the end of the summer.
“I’ve never been to Europe, so I’m ready for the experience. They have a lot of equipment over there that’s not available anywhere in America,” Chambers said.
Zachary Imm is another master’s student researcher in electrical and computer engineering working for Berger. He said he likes how Berger thinks ahead.
“He’s always looking to the future and the effects of his work, not just the nuts and bolts,” Imm said.
Chambers agreed.
“Most professors are focused on the results and the data, but Berger looks ahead. Like with the credit cards, he’s focused on the long term goal of commercialization and security,” Chambers said.
