Print 74 comment(s) - last by Rukkian.. on Feb 6 at 1:31 PM

Smartcards have tiny microprocessor chips instead of magnetic strips

Target was the victim of a major security breach over the holiday season last year, and as a result, the retail chain is calling for the implementation of smartcards. 

John J. Mulligan, chief financial officer and executive vice president for Target, wrote his company's case for smartcards in The Hill this week, saying that the business community in the U.S. needs to embrace the new technology together.

Smartcards, unlike current credit and debit cards used in the U.S., have a tiny microprocessor chip that encrypts the user's personal data shared with the merchant's sales terminals. Traditional credit and debit cards have a magnetic strip instead, which hold's the user's information, but can clearly be compromised. If a smartcard number is stolen, it's useless without the microchip. 

To show Target's dedication to the smartcard cause, it's speeding up its goal of bringing its REDcard smartcards to all Target stores by early 2015 -- six months earlier than its previous goal. The chain is making a $100 million investment in the technology to accomplish this goal.  

Mulligan also noted that the requirement of a four-digit PIN number with all smartcard transactions could further protect customer information. 


Target said other countries like Canada and the United Kingdom have already deployed smartcards, and that cases of lost or stolen cards have decreased since they've done so. However, the U.S. is slow to adopt the technology because the cards are expensive to produce, and merchants, issuers, banks and the networks haven't found a way to share the costs. 
"The reported attacks on Target and Neiman Marcus underline the need to do more," said Mulligan. "At Target, we know we have work to do. For years, we made significant investments in security. We had multiple layers of protection in place. But we still came under attack by sophisticated, global criminals. We will do everything we can to further strengthen Target's systems."
Target attempted to deploy chip-enabled cards around 10 years ago, but since it was the only retailer to do so on that scale, it failed. The cards were too expensive to produce, and since Target was the only one with such a card, customers couldn't use it elsewhere, making it inconvenient and a bit confusing. 
Target's breach ran from November 27 through December 15, where customer information like their names, card numbers, expiration dates and CVV verification codes were compromised. Around 40 million customers had their credit cards compromised and 70 million had their customer records stolen.

Source: The Hill

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By ummduh on 2/4/2014 5:09:58 PM , Rating: 2
That's pretty short-sighted.

Your info is likely no more safe anywhere else. May as well use Target more now, they're on high-alert and the likelihood of it happening to them again in the near future is probably much lower than the next place.

Besides, it was just a minor inconvenience. Yea, the wife and I had to get our card changed(we may not have HAD to have them changed, but it was just easier to do it now), but you've had to have them changed nearly every other year due to various fraudulent uses anyways.

By ummduh on 2/4/2014 5:12:02 PM , Rating: 2
"you've" = "we've"

By SAN-Man on 2/4/2014 7:00:00 PM , Rating: 2
It's not short sided at all - it's based on observable data. Target has had a breach, other retailers have not.

I live in the real world, you can keep your hypothetical scenarios. Maybe God tells you to shop at Target?

By ritualm on 2/4/2014 7:07:37 PM , Rating: 2
It's not short sided at all - it's based on observable data. Target has had a breach, other retailers have not.

Considering the ridiculously antiquated CC processing systems you guys use, the answer is not "other retailers have not", but "it's only a matter of time for other retailers".

By SAN-Man on 2/4/2014 8:00:28 PM , Rating: 2
I happen to have worked in that industry (back end CC processing) and the back end system is not the problem, you are misinformed. As was the case with Target, the problem squarely was with their front end system. Also having worked for many years as a network security engineer, no, it's not a matter of time for other retailers - again, you are misinformed (I can hardly blame you if you rely on DT for information). Companies which care about security spend money on it and surprisingly, do not have breaches.

By Solandri on 2/5/2014 4:05:22 AM , Rating: 2
The front-end system is not the problem. The back-end system is not the problem. The problem is using credit card numbers. That's like using people's license plate numbers as the code to open their garage door. You can have the world's most secure garage door opener transmitter, and you can have the world's most secure garage door opener receiver. None of it matters if the code you're transmitting between the two is written in plain sight for anyone to see and duplicate.

Simply copying a number and some trivial pieces of personal information should not allow someone to make purchases in your name. The garage door opener companies ran into this same problem, and figured out a solution (rolling codes) in the 1990s. It's stupid, and criminal that it's been allowed to continue in the credit card industry for this long.

"We basically took a look at this situation and said, this is bullshit." -- Newegg Chief Legal Officer Lee Cheng's take on patent troll Soverain
Related Articles

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki