Target says it is fast-tracking a program the will install chip-enabled smart cards to protect against cyber theft in stores across the U.S. The retailer, the third largest in America, was slammed with an extensive data breach during the holiday season that affected upwards of 70 million shoppers.
In an op-ed published in The Hill yesterday, John Mulligan, Target's chief financial officer, said that they company aims to have chip-enabled smart cards in stores by early 2015, six months earlier than orginally planned.
The smart cards, Mulligan wrote, "have tiny microprocessor chips that encrypt the personal data shared with the sales terminals used by merchants…Even if a thief manages to steal a smart card number, it's useless without the chip."
The adoption of the system, he continued, would be "one step American businesses could now take that would dramatically improve the security of all credit and debit cards."
Mulligan's op-ed was conveniently timed. Today, he appears before the Senate Judiciary Committee to explain exactly how hackers gained access to payment data and/or personal information for millions of shoppers. (Congressmen have already blamed the attack on weak passwords in Target's point-of-sale system).
If it had been implemented earlier, smart card technology -- which Mulligan noted is already widely used in the U.K. and Canada, where it has dramatically reduced credit card theft – could have prevented a lot of headaches (around 70 million, if I had to put a number on it).
So why wasn't it? The short answer: It was too expensive. "At Target, we've been working for years towards adoption of this technology," Mulligan wrote. "About 10 years ago, Target piloted an early generation of the chip-enabled technology on the Target VISA REDcard, with mixed results." Smart chips cost significantly more than store card-readers, so Target stopped the project.
In his op-ed, Mulligan placed some of the responsibility – as well as some of the blame – on other retailers and companies who have also failed to install smart card technology.
"If we truly want to prevent this from happening again, the business community must move together. No one company or industry can solve this challenge on its own. Strengthening consumer protection requires a coordinated response," he wrote." This is a shared responsibility."