Inside This Issue - News
Push to implement smart cards accelerates at Target
February 17th, 2014
WASHINGTON – Target Corp. intends to accelerate its shift to more secure microchip-enabled smart cards in the wake of the massive data breach that hit the retailer during the holiday shopping season.
“The data breach that struck our company spotlighted the sophistication of criminal hacker networks operating across the globe,” Target executive vice president and chief financial officer John Mulligan wrote in an opinion piece that appeared earlier this month in The Hill, a newspaper for and about Congress. “We know the attack created significant concerns for millions of customers. We will learn from this incident, and we will work to make Target and the wider business community more secure in the future.”
The article, which was published on the eve of Mulligan’s appearance before the Senate Judiciary Committee, argued that the adoption of chip-enabled cards would be “one step American businesses could now take that would dramatically improve the security of all credit and debit cards.”
The enhanced smart cards contain microprocessor chips that encrypt the personal data that is shared with the sales terminals used by merchants. Stolen smart card numbers would be useless without the chip, Mulligan said, adding that another layer of security can be added by requiring customers to type in a four-digit personal identification number (PIN).
Although credit cards and debit cards using magnetic stripes containing customer information remain common in the United States, smart cards with microchips are widely used in Europe and Asia, where they have helped reduce losses associated with lost or stolen cards.
“At Target, we’ve been working for years toward adoption of this technology,” Mulligan wrote. “Since the breach, we are accelerating our own $100 million investment to put chip-enabled technology in place. Our goal: to implement this technology in our stores and on our proprietary REDcards by early 2015, more than six months ahead of our previous plan.”
On December 19 Target disclosed that cyber criminals had obtained more than 40 million credit and debit card records from customers who shopped its U.S. stores from November 27 through December 15. (It later determined that the malware remained in place on a handful of point-of-sale terminals until December 18.) In addition, 70 million other records with customer information (including names and addresses) were compromised, the company admitted.
“We now know that the intruder stores a vendor’s credentials to access our system and places malware on our point-of-sale registers,” Mulligan told members of the Senate Judiciary Committee.