In the world of data security, 2014 will likely go down as one of the rockiest years in history. We have previously covered recent cyber attacks and data breaches at Target and Neiman Marcus, among others, as well as ways businesses can tighten up data security to prevent against breaches. The problem has continued to spread, however, and the past few weeks have been eye-opening in terms of the helplessness of corporation against data thieves when using conventional financial technology.
Currently, Home Depot is embroiled in a data breach that may end up affecting even more accounts than the total number of compromised Target customers announced earlier this year. Home Depot confirmed that U.S. and Canadian locations for the home improvement retailer were targets of a cyber attack that may have started as far back as April of this year. Those close to the investigation reportedly have indicated that the number of affected customers could exceed 60 million, 20 million more than were affected in the Target breach.
Home Depot may be the latest and largest breach to become news, but it’s certainly not the only one and hacking activity seems to be ramping up in the past few months. Malicious software known as Backoff, responsible for the Target breach, has also been identified as a potential culprit in recent breaches at Dairy Queen, Supervalu and United Parcel Service. Law enforcement officials have theorized that an Eastern European group may be responsible for a majority of these breaches because of links to Ukraine in the malware’s code.
It’s a disturbing experience to be the target of identity theft. However, more often than not, banks are the ones left covering the bill, and although account holders might have their funds restored, increased costs are likely to be passed on in the form of higher interest rates to recoup the millions being lost by banks. This has been a problem for financial institutions before the recent breaches at Home Depot and Target. In Maine, for example, a 2008 survey conducted by that state’s Bureau of Financial Institutions found that 71 of 75 banks responding were affected by data theft, including a total of 315,000 compromised customer accounts. The reissue of nearly 250,000 debit and credit cards by these Maine banks cost a combined $2.1 million, the survey found.
There is a lack of data security involving credit and debit card purchases and the magnetic stripe which conducts the transaction when the card is swiped through a card reader. However, recent data breaches at major corporations have agitated some financial technology developers to look for more secure options for conducting transactions without cash. Many are touting a new wave of debit and credit cards which have microchips that improve data security as a possible answer. Retail stores and other businesses will have to purchase specialized card reading equipment for chip cards, but it’s expected that American banks will put about 575 million chip cards into circulation with account holders by the end of 2015, a total that represents about half of all debit and credit cards used by Americans today.
Smart Card Systems for Data Security
With major concerns regarding identity theft back at the forefront of our consciousness, we thought we would take a look at the current state of innovative development in this field. The field of cyber security has become much more lucrative in recent days as banks and other corporations are realizing the economic benefits of providing stricter safeguards that protect financial information. Identity theft and data security is a worldwide problem, although it is interesting to note that an overwhelming majority of the inventions we found were assigned to U.S.-based companies or inventors.
We were very intrigued to learn about a recently issued patent for secure smart cards developed to mitigate the risks of identity theft while conducting a transaction, assigned to X-Card Holdings, LLC of Frazer, PA. This company has been developing multiple technologies to protect consumers using debit or credit cards, most notably with the company’s innovative X-Card, essentially a card embedded with small computer that has the flexibility of cellophane and provides various identity safeguards. X-Card Holdings recently received protections from the USPTO for a smart card for use in magnetic swipe transactions at a terminal through U.S. Patent No. 8814052, which is titled Secure Smart Card System. The smart card protected by this patent includes a smart card chip with a transaction application that can provide secured data during a transaction. This particular patent protects an innovation to X-Card Holding’s smart card systems which reduces the financial investment necessary to implement smart cards by allowing these chip cards to be used at any of the estimated 20 million point-of-sale magnetic stripe readers in use today.
Mobile Devices Reducing Identity Theft Risks
Some innovations in the field of financial transaction security involve the use of mobile devices and mobile communication networks to either add another layer of security to credit cards or, if data is already stolen, uncover people who are trying to pose as someone else during a transaction. A method for receiving payment credentials which addresses some security flaws of magnetic stripe readers is disclosed within U.S. Patent No. 8818870, entitled Using a Secure Element Couple to a Mobile Device as a POS Terminal for Processing Mag Stripe Transactions. Assigned to solo inventor Michelle Fisher of Oakland, CA, the patent protects a method of sending a payment authorization to the mobile device of a person or entity engaging in a transaction used with debit, credit or even prepaid cards. This reduces the risk of identity theft by associating a user’s mobile device with a transaction, requiring the user to have the proper cell phone or other mobile device on-hand to complete a purchase. It also sends financial data directly to a mobile device through a local connection instead of online networks, reducing the risks of having information stolen and sent through those networks.
Using data which is specific to a mobile device in order to authorize transactions and prevent identity thieves from successfully completing their crimes is a method discussed within U.S. Patent No. 8831564, titled System and Method for Identity Protection Using Mobile Device Signaling Network Derived Location Pattern Recognition. This patent protects a system which obtains geographic location information about a person attempting to complete a transaction through a mobile directory number. The system analyzes past signaling data for a mobile directory number to determine historical trends for locations frequented by a mobile device user. If a person uses financial credentials to make a purchase under someone else’s identity, this system could analyze the location where the transaction is being made and refuse to authorize the payment if identity theft is suspected. This patent is assigned to the Finsphere Corporation of Bellevue, WA.
Other Methods for Preventing Identity Theft
The inventions related to data security technologies listed above all address the basic risk of sharing sensitive financial information across data networks. It’s easy to take the security of a transaction for granted, especially when debit and credit card transactions are much more common than they used to be in past decades. What our recent foray into identity theft prevention technologies is showing us that innovation is alive in this field, and companies are working hard to find new software systems that can keep them one step ahead of cyber attackers.
Much of the recent news reports on identity theft have focused on magnetic readers at brick and mortar stores, but identity theft from online transactions is also a problem. One method to address both areas that involves the obfuscation of a person’s financial data has been protected through U.S. Patent No. 8719106, issued under the title Identity Theft and Fraud Protection System and Method. Assigned to Kemesa Inc. of Sandy, UT, the patent protects a method of registering an individual as a member of an identity protection system, where a member’s name and account information can be safely stored. When conducting a transaction, the identity protection service presents anonymous information to a merchant that keeps the data in the identity protection system protected while enabling completion of the transaction. The identity protection system utilizes a controlled use card which offers no traceable connection to a financial account by itself, a concept that stands somewhat in opposition to the smart card technologies discussed earlier in this article.
Some inventors have focused on methods of ridding sensitive financial data from computer networks, similar to the invention protected in the aforementioned ‘106 patent, to mitigate the risks of identity theft. U.S. Patent No. 8752181, which is titled System and Method for Providing Identity Theft Security, protects a software system for identifying and locating the presence of sensitive data and removing that data if it poses an identity theft risk. The patent cites the incredible amount of identity theft which occurs at educational institutions in the background section, indicating that this technology may be designed specifically for colleges and universities. The technology was developed and is protected by TouchNet Information Systems, Inc. of Lenexa, KS.
Finally, we wanted to explore one last innovation in this field, one which uses biometric data of a consumer to validate their identity and their transactions. U.S. Patent No. 8799088, entitled System and Method for Validating User Identity Information in Financial Transactions, protects a method of validating the identity of someone using a financial services provider card by collecting biometric from that card user at the point of a transaction. The biometric data collected in this way includes digital photographs or digital signatures which can be compared to photo and signature data stored by the system. Another solo inventor, Leigh M. Rothschild of Sunny Isles Beach, FL, is responsible for this innovation and has been awarded this patent.