Card data exposed as Radisson Hotels becomes latest breach victim

Over the past ten days, a string of card data thefts have been made public. Radisson Hotels & Resorts is the latest to announce that its computer systems have been illegally accessed, putting customer card details at risk. This follows the news that US authorities have charged 11 people in connection with the theft of credit card details in the country's largest-ever identity theft case. They are accused of stealing more than 40 million credit and debit card numbers before selling the information.

As fraudsters become ever more sophisticated and bold in their bid to steal credit and debit card data, financial institutions, merchants and industry players need to be confident that they have sufficient security measures in place to protect customers from fraud, even if their card details are compromised. Visa and MasterCard have been putting measures in place over the past few years to ensure that this is the case. VISA's Dynamic passcode authentication (DPA), like MasterCard's Chip Authentication Protocol (CAP), enables EMV IC cards (smart cards) to provide security in Internet transactions where the card cannot be presented to the merchant or bank. While this approach has been widely implemented for online banking, particularly in the UK, it now needs to be extended to e-commerce too. In fact, Visa has mandated that by June 2010, all Visa cardholders will need to use dynamic password strong authentication for all types of online transactions.

While security breaches and data theft instances are likely to occur regardless of how hard financial institutions and merchants try to protect their data and systems, the widespread roll-out of dynamic passcode authentication solutions in the form of personal Home Chip and PIN card readers for all online transactions will render such stolen data useless.