Buh Bye

When I am out of time, or out of options, I go to a brick-and-mortar. My most recent trip was to Target.

I love Retail – Lord knows I do. I spent a large part of my career protecting and leading one.

However, If I can buy a $5 item on Amazon and it appears at our office door in downtown Baltimore only a couple hours later, why do I need to start at a doorway, directionless, “Named Page” searching 80,000 square feet for a 3 square inch item?

After my walkabout, I found something equivalent to what I was looking for and rode with a wave of people across the empty shoals of unlit registers to the two that were occupied. It occurred to me that I had not been to a Target since “the incident”, so I was excited to see the innovation and approach the lessons of experience had taught this really good retailer.

Hey there, this is all I need. OK, please place your card into the reader with the chip facing the reader”. Ah, OK, so this is your new reader? Yes sir, they make sure the credit cards are valid. I place the card into the reader and stand there looking at the associate for my next steps. A receipt comes out and the associates smiles and says: thankyouforshoppingatTarget (I heard Seinfeld “Buh Bye”). I don’t have to show ID? No sir, the chip makes it secure. So, this chip knows it’s me using it? Yessir, thankyouforshoppingTarget Buh Bye. No Pin? Buh Bye.  I literally imagined Charlie flying horizontally with his right leg extended screaming AAUGH! And Lucy looking up with Cheshire punctuation.

You may have read that Europe experiences less card fraud than the US. As an experienced traveler, you will also know, nothing happens in Europe without ID. Ever.

Merry’s holy trinity of safe credit card usage: Your face, Your ID and Your credit card.

The only lemma to this trinity is Pin.

Yes, EMV is a needed improvement and “Chip and Pin” a meaningful standard, but they are only worth the enormous capital and expense if wrapped comfortably in the credit card trinity.

Every time I read of the latest breach, or listen to the latest Webex on the newest methodologies and technology, I always wonder why we humans are left out. It’s like we get a pass due to not being as cool as the technology, even though we are, predominately, the crux of most all of the problems!

If Mr. Schneier will forgive me, I would like to take liberties with the greatest security quote ever conceived:

“If you think technology can solve your security problems,

then you don’t understand the problems and you don’t understand the technology”, Buh Bye

-Bruce Schneier/Gary Merry

– Gary Merry, CEO