With reports that hackers have accessed 2.2million credit card details in a massive security breach many people will be asking just how safe payment systems actually are.
The interesting thing about the Sony case is that the group affected are the younger generation, a generation which has grown up amidst the glitchy 8-bit bilp-bliping of Mario become submerged in the immersive online worlds created by todays consoles like the PS3. This is a generation which has more than any other embraced the possibilities of doing business over the net.
Counting myself among that generation (my first console being an Atari 2600) I often laughed at my generally elderly customers who live in blissful ignorance of the internet, or else tend to see it as a scary unknown personal-detail gobbling monster. Countless times a customer calling in with their order has told me “I’m looking on the website, but I don’t trust ordering over the internet” whilst for others even this measure is not enough; they refuse to use a card at all preferring instead to deal solely by cheque. We actually get quite a few of these people dialling the credit card order line – only once we have done the whole order and ask for their card details do they say “Oh I don’t use cards- I’ll be sending a cheque in is that ok?” This causes us to let out a groan before tell them they’ll need to complete the order form provided in the catalogue.
The irony is that phoning-in your order is probably less secure than using the website as all that happens is that I enter the details onto the same system only there is now an extra link in the chain. As for the cheque-only people well they have another 7 years until 2018 before cheques finally disappear for good. But how secure are card payment systems? In my experience it all depends on the company, their procedures and the software they use. Some will use instant billing services so by the time you put down the phone your bank has been contacted and card debited with any details then encrypted and only ever used again in the case of refunds. Others however, are far less secure. In fact for one company we worked for the procedure until recently was to jot customers card details down on a paper form which was passed to admin who would compile them and then email the list to head office. I leave you to wonder if a less secure system could ever be devised.
If the reports about Sony prove to be accurate, or if there is another similar incident then it may well be that the lack of confidence in card payments vaults the age barrier. It is unlikely though that the internet generation will want to adopt the Luddite ways of the cheque-brigade in which case banks will need scratch their heads and come up with even tougher security measures something which poses a massive practical challenge.