February 4, 2014
by John Mulligan, executive vice president and chief financial officer, Target
The data breach that struck our company spotlighted the sophistication of criminal hacker networks operating across the globe. We know the attack created significant concerns for millions of customers. We will learn from this incident and we will work to make Target, and the wider business community, more secure in the future.
One step American businesses could now take that would dramatically improve the security of all credit and debit cards: adoption of chip-enabled smartcards.
The technology is already widely used throughout the world. For many reasons, the United States has been slow to embrace the technology at home. We need to change.
At Target, we've been working for years towards adoption of this technology. Since the breach, we are accelerating our own $100 million investment to put chip-enabled technology in place. Our goal: implement this technology in our stores and on our proprietary REDcards by early 2015, more than six months ahead of our previous plan.
Nothing is more important to Target than our customers. We are who we are because of their trust and loyalty. That is why it is so important to move forward with a more secure technology.
For consumers, this technology differs in important ways from what is widely used in the United States today. The standard credit and debit cards we use now have a magnetic stripe containing the customer's information. When first introduced, that stripe was an innovation. But in today's world, more is needed. The latest "smart cards" have tiny microprocessor chips that encrypt the personal data shared with the sales terminals used by merchants. Why is such a change important? Even if a thief manages to steal a smart card number, it's useless without the chip.
In addition, requiring the use of a four-digit personal identification number (PIN) to complete a sales transaction would provide even greater safety. To be frank, there is no consensus across the business community on the use of PINs in conjunction with chip-enabled cards. But Target supports the goal and will work toward adoption of the practice in our own stores and more widely.
Target is also investing in solutions that will make mobile transactions more secure, we hope in the near future. And we know work is needed to strengthen protections for e-commerce, an important long-term goal. In the meantime, adopting chip-enabled cards would be a clear step in the right direction.
In the United Kingdom, where smart card technology is widely used, financial losses associated with lost or stolen cards are at their lowest levels since 1999 and have fallen by 67 percent since 2004, according to industry estimates. In Canada, where Target and others have adopted smart cards, losses from card skimming were reduced by 72 percent from 2008 to 2012, according to industry estimates.
A reason the United States has been slow to embrace change is that all players in the payments system - merchants, issuers, banks and the networks - have not been able to find common ground on how to share the costs of implementation.
About 10 years ago, Target piloted an early generation of the chip-enabled technology on the Target VISA REDcard, with mixed results. Notably, the cards were much more expensive to produce and required the replacement of store card-readers. Also, the technology at that time would have only been usable in our stores, making for a confusing experience for customers, overall. After three years of going it alone, we discontinued the program.
The reported attacks on Target and Neiman Marcus underline the need to do more. If we truly want to prevent this from happening again, the business community must move together. No one company or industry can solve this challenge on its own. Strengthening consumer protection requires a coordinated response. This is a shared responsibility.
At Target, we know we have work to do. For years, we made significant investments in security. We had multiple layers of protection in place. But we still came under attack by sophisticated, global criminals. We will do everything we can to further strengthen Target's systems. We will meet our accelerated goal for getting chip-enabled technology in place in our own stores. We will invest in protections for mobile transactions and investigate e-commerce solutions. And we hope the rest of the business community will join us in that effort.
Don’t miss out on the latest Target news and behind-the-scenes happenings! Subscribe to our bi weekly newsletter and get the top stories from A Bullseye View delivered straight to your inbox!