PALM DESERT, Calif.–Credit unions are focused on card security, but one person here told them they are basically wasting their time.
Pablos Holman, who was introduced as a “notorious hacker,” but who also calls himself an inventor and resident futurist at Intellectual Ventures Labs, suggested in remarks to the California and Nevada CU Leagues’ REACH Conference that credit unions and consumers are kidding themselves if they believe their cards are secure.
“I didn’t really talk a lot about security, but it’s not looking good,” said Holman near the end of his hour-long remarks, during which he gave a demo on how easy it was to buy an $8 RFID reader on eBay to steal payment information from people with RFID-enabled devices.
Not that plastic cards are any easier.
“Don’t ever use debit cards—ever,” said Holman. “If you want to do your members a service, stop issuing debit cards. Statistically, every credit card number has already been stolen–it’s just a matter, mathematically, of when someone gets around to using yours.”
Half-joking, Holman noted he recently received a new “secure” credit card from his financial institution, observing, “That was kind of interesting because I don’t usually get things in the mail that are secure.”
While he didn’t speak to the issue of what effect EMV will have on card security, Holman said any card information stored in a computer is easily hacked.
“Your laptops are wildly insecure,” said Holman. “Ads in your browsers can take over your computer using Adobe PDFs and Adobe Flash. Those are the easiest ways in. I don’t work for Apple, but iOS is the safest thing you could do right now.”