Account data theft. The sophistication of the criminals far out ways the built in protections from the retailers and creditors who lend us money. One banks reaction appears nor selfserving than the good of customers, what are you going to do, unless your sure your account information is safe . Is cash king after all . Well talk about all this. But first some background. Reporter on the backside of your credit or debit cart i cara black magnetic strip why all your information is stored. The strip is the target of hawkers. Security as many as from retailers, banks and Credit Card Companies so consumers have in a sense lots of reasons to trust that their transactions are safe. Still the point of Sales Systems are out dated tired to wouldbe thieves, and it is expensive for companies to update their systems. And there was a data breach during the heart of the Holiday Shopping someone. The secret service and others are investigating the data theft. In response jp morgan and chase decided to limit the amount people could use your cards. Atm withdraws are set to 100 a day and inperson purchases to 300. Neilsen, a global payment tracking firm reports that credit and debit card fraud is on the rise. Last year over 11 billion were stolen from credit card users worldwide, up 11 from the previous years. Despite this growing number. Credit card fraud makes up less than 6 of all fraud crime annually. Attorneys general from four states, connecticut, massachusetts, new york, and south dakota, are beginning investigations into the target credit card breach. With more than 1700 stores nationwide, the big box retailer saw a backlash during the final days of the busiest shopping season of the year. This weekend target experienced 3 drop in sales compared to this time last year despite the 10 discount offered to all because of the breach. Target has said concerned customers can get free credit monitoring assistance from the company. In 2007 the retail giant tj max was hit, and User Accounts were compromised. In the end it cost the company 256 million in lawsuit, investigations, and security upgrades. We approached target and Jp Morgan Chase with invitations to appear on this program. They declined. We turn now to connecticuts attorney general George Jepson joining us from hartford. You asked with there other states for corporation. What does the state of connecticut want from this big National Retailer . Under our connecticut state law theyre obligated to provide us with information about how a breach occurred, the risk that was compromised, what theyre doing to fix the problem, and so its a pretty thorough investigation that we use. I respect the fact that there is some information they cannot provide because there is a federal investigation under way. But we want to get to the bottom of this. So far is target complying, cooperating with your requests . Our attorneys have been in conversations with target. Its still very early in the process. I couldnt characterize them as being uncooperative. Is it hard inside connecticut to protect your own consumers when so much activity around charging and purchasing goods involves other states. In all likelihood this attack was from outside of this country, eastern europe, russia, who knows. We work close with our counterparts. We have cooperative relationship. The state attorneys general work to solve these issues, but this is a big one. State law is governing in the case of terms of credit card arrangements the kind of contracts that you sign with that tiny type on the back. What does connecticut ask of people who issue credit cards to its citizens . Well, if there is a breach they are required to inform my office. We then have a standard follow up protocol that shows how that breach occurred, what steps are being taken to solve the issue, and its thorough, and this one is very big, and its just under way. If a consumer in bridge fort, hard forhartford or new haven wo sign up to monitor their account, should target be asked to pay for that . Yes, on a consistent basis we think if there is any risk for loss of information we ask that the target, and in this case target, for two years of monitoring. They have provided monitoring, but the length of time has not been stated. If you can change the pin number, change the pin number and to look very closely at your Bank Statements and at your credit card statements or debit card statements to detect if there are any unauthorized purchases. What is the latest breach of this size. There have been several big ones involving National Retailers it is your impression that companies are learning anything by playing defense or are the same mistakes going to be made over again. This is a growing issue and growing problem. Whatever the companies are doing are not keeping up with what the hawkers are able to do. As you pointed out in the intro, the sophistication of the hawkers seems to exceed what defensive measures are being put up there. There is a need for federal involvement. Were essentially using 20th century technology, which is magnetic strips when there is more sophisticated technologies embed chips which creates a new unique pattern. There are steps that need to be taken, but the federal government is in position to push the Credit Card Companies, and to do what is necessary. Attorney general george j jepson thanks for joining us on inside story. Thank you. When we come back well broaden this discussion with security expert and Electronics Payments industry representative. Stay with us. This is inside story. Welcome back to inside story. Im ray suarez. Were talking about the massive data breach of debit and credit card and retailer target. We welcome our guests. Sally greenberg let me pick up with you where i left it with the attorney general, is there a learning curve here . Are the companies that are involved all along the chain that starts when you swipe that card becoming harder targets . Well, it seems like this happens over and over and over again. We hear about the big cases , target last week, tj max. It seems that there is no change on the part of the retailers, the banks that back up the credit cards and consumers end up holding the bag. By that i mean consumers, its on them to check their accounts. Now were seeing millions of consumers being forced on the limitations that they can take out of their own account, the amount of money that they can spend when shopping. Were very sorry that this happened. These are all the 20 things that you as a consumer have to do. Consumers are fed up. Theyre tired of being at the raw end of the stick on this type of data breach that happens over and over again. I think we need a national solution. Jason, you heard Sally Greenberg, you heard the attorney general, and its true. When this first happened a lot of advice went out to consumers. Maybe consumers were doing those things, what were the companies doing . What gets set off when there is a breach like this . I think its important to note that the system is designed to insulate consumers from any responsibility for fraudulent activity on their accounts. This was a significant criminal enterprise, no question about it. Target was the victim of a very serious crime possibly of global significance. But at the same time the Credit Card Networks are designed to insure that consumers have zero liability for any fraud that occurs on their accounts. Thats the way the system is built. Its important to know that this is not only a rare occurrence, you noted at the outset, 11 billion on global fraud on top of 4. 6 trillion in credit card and debit card usage in the u. S. Alone in a year, so its a fraction of a percentage. Its less than a tenth percent of over all network usage. Its important to note that consumers are protected. The second thing that is important to remember this was a criminal activity, and these stolen account numbers were stolen by criminals who will attempt to put them to use but the network is set up to make sure that consumers dont suffer. And by all accounts they have already been put into use, but lets get back to my question when a breach of this magnitude is discovered what do companies do on the back end do, what do the banks do, the Electronic Systems that is sending the information back and forth between all the parties. You realize there is a leak. You realize someone has gotten in the file cabinet. What do you do . This is a Law Enforcement investigation. Part of the equation, the secret service has jurisdiction on behalf of the federal government to investigate this type of fraudulent activity by international or criminal enterprises. It is a cooperative effort, and Law Enforcement to find that point of vulnerability. You described it exactly right. The networks are secured, but there has to be a point of entry into those networks. The question is where is that point of vulnerability. The last time this happened in this significant way was more than five years ago. They have done a lot to shore up the systems but in this case criminals have gotten smart, and as part of this Law Enforcement investigation how do we prevent it from happening again. Chris, do you agree the industry has been doing a pretty good job policing its breaches, and hardening its systems . Well definitely apairness has increaseds quite a bit throughout , regardless of the size of the organization. Its important when you have internet facing systems you have commensurate risk with that. Whats going on right now in a situation like target, there is an activity intensive forensic investigation going on, and every aspect that could be a vulnerability is being looked at, and weve seen an increase without knowing anything about the specifics of target just in general weve seen an increase in criminal activity as it relates to getting insider help. It is constant and i you cant t down because it has gotten sophisticated. This is a rare crime, so what are we to make of that . Is this a big deal, a significant crime or small potatoes when you consider the amount of money that is changing handing. The breach itself is not small potatoes. It affects 40 million cardholders, and im sure theyll do a final analysis on that, but that has a big impact, no doubt. I believe it will serve to the issues that its not just compliance but security, daytoday attention to security. And the Larger Companies who have a lot more touch points and more complexity to what theyre trying to deliver the consumer, they have additional vulnerabl vulnerability points, they have more resources but it makes them more vulnerable in terms that they deliver services. Definitely if youre Large Business or a small one its definitely a wakeup call. Why is this a problem to be worried about and noodled over by the banks, by the fulfillment companies. You heard that consumers will be held harmless, and having to make good on fraudulent charges being made in their name. The consumer is responsible for find ing thoug those fraudulent charges. And there are breaches we dont hear about. The federal trade commission has many cases against companies for security breaches. So no, this is not small potatoes, and consumers are limited in the amount of money they can take out, and they have to be on the alert to report. So it is on the consumer. The bottom line there is technology that these companies could be using, including retailers, the banks, and everyone along the change, but no one wants to pay for it. This is one of those instances where there has to be a coming together with federal agencies, Law Enforcement agencies who bring together the banks, the retailers, and lets figure out how we can ramp ourselves up to the 21st century. Nothing is foolproof but we can do much, much better. Lets take the murder off the individual consumer and put it on these far more sophisticated entities like retail establishments, like the banks. Target is a 340 million profit company. They can forward to do this, and not put their customers at risk. When we come back well talk about what the industry and consumers can be doing, and what remains to be done to clear up some of these breaches and make it a safer system for everybody. Stay with us. Youre watching inside story. Here is more. Beneath the fluorescentsun in a former meat packing plant is the latest trim in farming. They call it vertical farming. These fields grow on floors on at Industrial Park and farmer john adel and his staff agrees user. My shipping proceed did you say 1500, 2,000 miles to get are. The plant of the indoor as the indoor formers call it doesnt grow corn or soybeans but mustard, high end micro greens on the plates of whitenapkin restaurants. These fish supply the vert liser that number issues the welcome back inside story. Im ray suarez. Were talking about the debit and credit card breach. With us Sally Greenberg and brett and jason oxman ceo of the Electronic Transaction association, and countless times when ive been overseas i hand somebody my card, they swipe it and instead of handing me back my card they hand me a keyboard. I say im american and they put the charge through. What are we not doing that they are doing around the world, and are there more secure ways. There is a Technology Used in europe called e. M. V. Its a chip in the card that you see outside of the u. S. And many travelers have those cards. Theyre more secure than the magnetimagnetic swipe cards. Its harder to counterfeit the card with a chip in it rather than the magnetic stripe. We anticipate a lot of those account numbers will be for sale and many overseas will generate counterfeit cards. Were in the process of migrate to go e. M. V. That will take a couple of years. For a couple of reasons. One there, are 1 billion cards in circulation, and there are 8 million merchant who is accept cards, and they have to install new equipment. So it will take some time, but the bottom line is well get there eventually over the next couple of years. And those cards will make it harder for counterfeit cards to be produced by criminals. Its possible to produce credit cards for all kinds of things that they couldnt used couldnt be used for. You could even use them to pay for a parking meter. If we up security do we have to trade that speed and screen convenience to get a more secure system . Well, its not necessarily that its going to be a speed and convenience issue. Its the cost issue. When you go, you mentioned the parking garage or Something Like car wash that has an unintended device. Its basically a computer with a card acceptance system. Its not going to be inexpensive for them to upgrade that to accept chip cards, but i definitely agree there are security enhancements for card present or when card is present type of transaction that will be helpful in addressing this risk issue, especially if its used with the pin number keeping in mind there are hundreds of thousands of merchants that dont take pinbased debit transactions today. Theyre going to have to add the capability of taking pin transactions if that is part of it. Lots of changes will have to occur. And card brands are driving that with deadlines that are in the marketplace now sally you heard millions of sales points, millions of places where you can swipe a card and pay. Who should bear the cost, should it be shared among all the parties . I think most who have the most resources and can forward the more Sophisticated Technology you have profitable Credit Card Companies. As weve heard, very profitable merchants, walmart, target are hundreds of millions of dollars profitable companies. I think its a conversation we should have. Some of the smaller merchants maybe they get assistance from the Credit Card Companies, the banks and the smaller merchants pay on some ratio thats commensurate with their profit level, but i think very unfortunate to put consumers in this very vulnerable position where we dont have any control if targets system is hacked. So something needs to happen. Somebody has to agree to pay for this, and its a conversation for some reason we havent had in this country, but we have more secure systems in europe, and consumers are asking why. Quickly before we go. Its a more economical business here in the u. S. Were robustly a competitive environment. Well chris mentioned cost. Its a significant cost. The question on the table will merchants undertake that cost to upgrade why does it have to be merchants if processers are making 3 to 5 per swipe. I would dispute those numbers but the merchants benefit from some protection on the network if they make that infrastructure. And do Consumers Want that capability or is it irrelevant because theyre already protected. They already have zero reliability for fraud. Are we going to see this happen quickly . Were on a timetable. October 2015 is the tentative date where were supposed to have this emv capability in place. I think well have one in place but well have to do a lot more to look at these sophisticated criminals. Thank you all. That brings us to the end of this edition of inside story. In washington, im ray suarez. Welcome to al jazeera america. Im rich rich. Here are the stories were following for you. With more than a thousand south sudanese dead, the un votes to keep peacekeeping troops there. And parents declining the vitamin k injection for their newborns. Bethlehems church of the nativity gets a facelift. And a space walk happening right now at the International Space station