Conversation with Mr. Andrew Langer

Send us a text

If you want to know what the single biggest vulnerability is for identity theft and credit card fraud in your name, that's easy: it's using your card at major retail stores that have repeatedly been breached by hackers.

Using outdated kiosk computers to process sales, retailers have allowed clever thieves to install viruses that silently relay customers' credit card info back to them. This is how Target negligently let thieves pilfer 70 million card numbers, it's how Home Depot allowed 56 million credit card numbers to be stolen, it's how Michaels' stores – well, the list goes on. But that's how it happened.

Facing these disasters, big box stores might work to increase the security on their own systems, that, according to the Identity Theft Resource Center, a non-profit organization that monitors identity theft and assists victims, are the number one cause of data breaches.

Alas, the stores' have decided to instead to rely on slick lobbying campaigns and well-compensated political allies to confuse the issue. Specifically, the retailers have been clamoring for banks and credit card companies to issue cards with four-digit PINs.

PINs are annoying to consumers and, from a security perspective, relatively worthless. A four-digit numerical password is inherently insecure because there are only 10,000 unique combinations. A computer can generate all of them in under one millisecond, making “brute force” attacks completely painless for any mildly sophisticated criminal.

Indeed, law enforcement officials in Europe, where credit card PIN use is more prevalent, have observed thieves adapting, sometimes by waiting to view someone key in their PIN before stealing their card.

But what's easy for a computer is sometimes difficult for the average person, who carries four cards in their wallet, to remember. For these reasons, experts consider PINs to be headed shortly to the scrapheap of history, to be replaced by much more sophisticated approaches like encryption and tokenization.

That doesn't mean that PINs can't be a useful cudgel for the retailers, who are looking to use the issue as a wedge that prevents them from upgrading their outdated technology faster.

Enter noted computer security expert (I jest) Sen. Dick Durbin (D-IL), who weighed in on the issue this week in a letter to the FBI.

Durbin complained the FBI hadn't included language about PINs in the final version of its consumer bulletin that even the newest types of credit cards can still be vulnerable to fraud.

The bulletin “raises significant questions about...whether the FBI is taking appropriate steps to warn against and deter payment card fraud involving lost or stolen cards,” Durbin wrote.

For the second-ranking Democrat in the Senate, Durbin sure is shameless about pl

Support the show

"Wherever you find yourself is exactly and precisely where God wills you to be"

• Support our show at the following: https://www.buzzsprout.com/2063276/support
• Follow us on X: @CFC30290
• Follow us on Rumble: https://rumble.com/c/c-3123766
• Website: https://clarityfromchaospodcast.buzzsprout.com/
• Website: https://dkc051952.substack.com/

Thanks for listening to Clarity from Chaos