California’s a Great Place to Live … Except for the Earthquakes and the Data Breaches

I’ve lived in California all my life, and – truth be told – the earthquakes are really no big deal. Sure, every once in awhile you get “the big one” like Loma Prieta. But it’s over in less than a minute and you don’t have to worry about another one for 50 years or so.

Californians aren’t as lucky with data breaches. Our Attorney General Kamala Harris just issued the “California Data Breach Report” which indicated:

With the world’s eighth largest economy and more than 38 million consumers, California is uniquely impacted by data breaches. In 2012, 17 percent of the data breaches recorded in the United States took place in California – more than any other state. Even more troubling, the number of reported breaches in California increased by 28 percent in 2013…. Largely due to two massive retailer breaches, one of which, the Target breach, involved the payment card data of 41 million individuals, including 7.5 million Californians.

The report goes on to make the following recommendations:

California retailers should:

• Move promptly to update their point-of-sale terminals so that they are chip-enabled and should install the software needed to operate this technology.
• Implement appropriate encryption solutions to devalue payment card data, including encrypting the data from the point of capture until completion of transaction authorization.
• Implement appropriate tokenization solutions to devalue payment card data, including in online and mobile transactions.
• Respond promptly to their data breaches and should notify affected individuals in the most expedient time possible, without unreasonable delay.
• Improve their substitute notices regarding payment card data breaches.

Our recommendation? Biometric verification.

The chip and PIN encryption solutions the report recommends are certainly more secure than our current (40-year-old) magnetic strip card technology. But it’s massively expensive and vendors have no real incentive to upgrade. It’s only a matter of time before hackers crack chip and PIN encryption.

A better solution is biometric verification with two-factor authentication (typically, fingerprint scan plus PIN). Although this may evoke memories of Tom Cruise’s retina scan in “The Minority Report,” it’s really quite innocuous and significantly harder to hack. I’ll happily pay my luxury tax to live in California but not at the expense of my identity.

Hey, Attorney General Harris: think outside the POS terminal. Use any of my fingerprints instead.