Industry News

Card-on-file threat overlooked in point-of-sale hacking uproar

As retailers and consumers across America and around the world continue to take stock of the theft of 40 million credit and debit card records from leading department store Target, the U.S. Federal Bureau of Investigation said that the worst may be yet to come. According to a confidential report distributed by the FBI to selected retailers earlier this month, the same kind of malicious malware used against Target would likely be used against other retailers in the near future.

“We believe POS malware crime will continue to grow over the near term, despite law enforcement and security firms’ actions to mitigate it,” the FBI report warned starkly.

But as retailers rush to harden their systems against so-called “memory-parsing” malware aimed at point-of-sale (POS) systems – like the credit-card swiping terminals and cash registered compromised at Target – a potentially even larger threat exists in the form of vulnerable “card-on-file” systems.


As the name suggests, card-on-file is the practice of retaining a customer’s credit or debit card credentials to make regular purchases more convenient. Most regularly used by online retailers, such systems tend to work in similar ways, involving one-time registration of the “visible” card details and encrypted storage of card and related customer information in highly-protected and monitored databases.

Yet as with POS systems, most card-on-file systems are inherently vulnerable, as they contain sufficient card and customer data to initiate and complete fraudulent transactions elsewhere if the servers holding the information are breached. And whether the data are stored in the cloud or on physical servers hidden under a mountain, the one guarantee is that cybercriminals are working 24/7 to get and exploit it.

“We think that as long as there is card-on-file there will be theft,” says Balázs Dobos, senior advisor to Cellum Global. “But with the right solution the threat can be avoided.”

According to Dobos, card-on-file systems can never be secure as long as all of the customer’s card data are kept in one place. Cellum’s solution, therefore, is to make sure the data are stored separately, “keeping part of the data on a central server and part on your phone.” The only time the data are brought together is when a customer initiates a transaction, entering a unique MPIN created during the registration process. (Click here for more information on Cellumn’s approach to security.)

In addition to rendering moot the risks posed by card-on-file, Cellum’s solution has other benefits for both consumers and merchants. For merchants, it can involve a “liability shift” that classifies the transactions legally in a way more similar to those initiated with a physical swipe of a bank card, making them less risky and potentially less expensive. Meanwhile, if the user consents the merchant can receive more information about who is buying their products and services, and even where they are when they do so – knowledge that becomes increasingly valuable as e-commerce continues to become ever more mobile.