Target, still reeling from a massive credit card breach that impacted millions of customers, said it would launch chip-enabled smart card technology to help reduce payment fraud and prompt a broader adoption of the technology across the industry.
Target CFO John Mulligan, in testimony before Congress, said the company had a plan to roll out support for the technology but now would accelerate the process, with equipment supporting smart cards by 2015. The technology, branded REDcards, will be launched as part of a $100 million project to get it supported in all of its nearly 1,800 stores, Mulligan said.
"Updating payment card technology and strengthening protections for American consumers is a shared responsibility and requires a collective and coordinated response. On behalf of Target, I am committing that we will be an active part of that solution," Mulligan said in his testimony to senators Tuesday.
[Related: Data Breach Costs: 10 Ways You're Making It Worse ]
Chip and pin credit card technology, designed to reduce the threat of credit and debit card fraud, has been rolled out in Europe and Canada, but security experts say credit card makers, banks and retailers have been slow to adopt smart card technology in the U.S. Solution providers say banks don’t want to incur the expenses involved in reissuing the expensive cards and retailers, in some cases, would have to rip and replace point-of-sale systems at tens of thousands of endpoints. The latest string of high-profile data breaches may fuel adoption of security technologies as merchants race to protect their reputation, solution providers told CRN.
"Customers don't budget for software; they don't necessarily care about the software, they care about the business problem and the issue behind the business problem they are trying to solve," said Alex Moss, managing partner at Chicago-based security consultancy Conventus. "For POS devices, no one wants to be in the news. They want know how much money they’re going to need to spend to stay out of the news and protect their reputation and, in turn, that means protecting their data and their customers’ information."
Target in 2012 became a founding member of the EMV Migration Forum at the Smart Card Alliance, which advocates for the adoption and use of smart card technology. Executives from the Payment Card Industry Security Standards Council Monday testified before separate congressional committees about the industry’s antifraud efforts, including smart card technology. The council, which oversees the Payment Card Industry Data Security Standards, opposes federal legislation to require its adoption, instead calling on the private sector to promote a broader rollout.
Chip-enabled smart cards contain a tiny processor that encrypts the transaction data shared with sales terminals used by merchants. As a result, even if the card number is stolen in a data breach, the thieves cannot counterfeit the card. Some experts, however, say the technology has its limitations. For example, it is only effective at brick-and-mortar stores, not e-commerce websites where cybercriminal threats are greater for consumers.
Troy Leach, the council’s CTO, said moving toward smart card technology is important but it is not a complete solution. Merchants must meet all the security guidelines established in the PCI DSS, he told legislators on the U.S. Senate Subcommittee on National Security and International Trade and Finance Monday.
"High-profile events such as the recent breaches are a legitimate area of inquiry for the Congress, but should not serve as a justification to impose new government regulations, "Leach said in his testimony." Any government standard in this area would likely be significantly less effective in addressing current threats, and less nimble in protecting consumers from future threats, than the constantly evolving PCI standards."
Attackers struck at Target during the holiday shopping season, infiltrating the retailer’s point-of-sale systems with malware called BlackPOS, designed to function in the memory of card readers to steal data. The attackers also used stolen account credentials from a vendor to gain access to the underlying infrastructure to encrypt and upload the data to a remote server. A total of 70 million credit and debit cards were stolen in the attack, and a database containing account information on 40 million customers was exposed in the breach. Other retailers, including Neiman Marcus and Michaels Stores, are investigating similar incidents.
"At Target, we take our responsibilities to our guests very seriously, and this attack has only strengthened our resolve, "Mulligan said in his testimony." We will learn from this incident and, as a result, we hope to make Target and our industry more secure for consumers in the future."
PUBLISHED FEB. 5, 2014
related stories
Video
trending stories
sponsored resources

Cysurance
Cyber Insurance 360

Carbonite
Cloud Storage 360

Application Integration 360

Tenable
Cyber Risk 360

NPD
Industry Trends 360

Channel Chief Showcase

Smart 3rd Party
3rd Party Maintenance 360

Cradlepoint
5g for Business 360

Cato Networks
SASE & SD-WAN 360

Trend Micro
Trend Micro Learning Center

HubStor
Cloud Backup 360

eSentire
Managed Detection and Response 360

CyberPower
CyberPower

Veeam
Veeam

Comcast Business
Comcast Business Learning Center

CRN Showcase

APC by Schneider Electric
Digital Services for Edge Learning Center

Dell Technologies
Dell Technologies Server Learning Center

Dell Technologies
Dell Technologies Cloud Learning Center

Cyber Protection 360

VMware

EPOS
EPOS

Sophos
Sophos Cybersecurity Learning Center

iboss
Cloud SASE Platform 360

Vonage
Vonage

Sherweb
Sherweb

Vertiv
Edge Computing Learning Center

Dell Technologies
Microsoft HCI Solutions from Dell Technologies Learning Center

Dell Technologies
Dell Technologies Storage Learning Center

Fujifilm
Fujifilm

BlackBerry
BlackBerry Learning Center

Wasabi
Wasabi

Acer
Remote Workforce 360

Webroot
Webroot Learning Center

Comm100
Collaboration & Communications 360

Hitachi Vantara
Hitachi Vantara
