Print 74 comment(s) - last by Rukkian.. on Feb 6 at 1:31 PM

Smartcards have tiny microprocessor chips instead of magnetic strips

Target was the victim of a major security breach over the holiday season last year, and as a result, the retail chain is calling for the implementation of smartcards. 

John J. Mulligan, chief financial officer and executive vice president for Target, wrote his company's case for smartcards in The Hill this week, saying that the business community in the U.S. needs to embrace the new technology together.

Smartcards, unlike current credit and debit cards used in the U.S., have a tiny microprocessor chip that encrypts the user's personal data shared with the merchant's sales terminals. Traditional credit and debit cards have a magnetic strip instead, which hold's the user's information, but can clearly be compromised. If a smartcard number is stolen, it's useless without the microchip. 

To show Target's dedication to the smartcard cause, it's speeding up its goal of bringing its REDcard smartcards to all Target stores by early 2015 -- six months earlier than its previous goal. The chain is making a $100 million investment in the technology to accomplish this goal.  

Mulligan also noted that the requirement of a four-digit PIN number with all smartcard transactions could further protect customer information. 


Target said other countries like Canada and the United Kingdom have already deployed smartcards, and that cases of lost or stolen cards have decreased since they've done so. However, the U.S. is slow to adopt the technology because the cards are expensive to produce, and merchants, issuers, banks and the networks haven't found a way to share the costs. 
"The reported attacks on Target and Neiman Marcus underline the need to do more," said Mulligan. "At Target, we know we have work to do. For years, we made significant investments in security. We had multiple layers of protection in place. But we still came under attack by sophisticated, global criminals. We will do everything we can to further strengthen Target's systems."
Target attempted to deploy chip-enabled cards around 10 years ago, but since it was the only retailer to do so on that scale, it failed. The cards were too expensive to produce, and since Target was the only one with such a card, customers couldn't use it elsewhere, making it inconvenient and a bit confusing. 
Target's breach ran from November 27 through December 15, where customer information like their names, card numbers, expiration dates and CVV verification codes were compromised. Around 40 million customers had their credit cards compromised and 70 million had their customer records stolen.

Source: The Hill

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Ummm...
By Motoman on 2/5/2014 2:55:57 PM , Rating: 2
Your phone doesn't have a microSD port? Then you bought the wrong kind of phone.


But aside from that blindingly-obvious fact, giving people microSD CCs still isn't going to help. The vast majority of cellphones have the microSD slot under the battery you basically have to disassemble your phone, take out your existing SD card with all your stuff on it, put in your SD CC, put the phone back together, go online, shop, make your purchase, then take the phone apart again, take the SD CC out, put your regular SD card back in, and reassemble the phone again.

Not happening. And while it would be infinitely easier for the rare phones that have an externally-accessible SD slot, I think you'd firstly be amazed how many normal cell phone users haven't got the slightest clue what a microSD card is...or whether or not their phone supports one. And also how easy it would be to lose a microSD card that you're constantly swapping in and out of your phone. I would reckon it would be really easy to get that tiny little bit of plastic stolen too...and at this point you've made the problem worse, not better.

RE: Ummm...
By lagomorpha on 2/5/2014 3:27:53 PM , Rating: 2
You only have to remove the smart card from your phone if you're really paranoid. Otherwise you leave it in the phone and need to activate it with a pin and fraud only happens when your card is in your phone and your phone is completely owned which is still a lot better security than a card with a number printed on it.

RE: Ummm...
By Motoman on 2/5/2014 3:32:59 PM , Rating: 2
You only have to remove the smart card from your phone if you're really paranoid.

...or if you actually wanted access to your *stuff*. You know...on your microSD card.

Doesn't help.

RE: Ummm...
By lagomorpha on 2/5/2014 4:31:57 PM , Rating: 2
I suppose there is nothing preventing a smart card that also functioned as a conventional microSD card. Eye-fi has been making SD cards that also have 802.11 build in for years.

RE: Ummm...
By Motoman on 2/5/2014 8:56:45 PM , Rating: 2
All that does is potentially increase the value of that SD card to thieves...on the off chance you're dumb enough to save something else on that card that's useful to them, like personal information.

I'm sorry...but it's just not a great idea to make microSD sized CC cards.

Cleaning up the problems on the back end of the system, like vendor databases, is a vastly easier and better option.

Although it would be really funny seeing all iThing owners incapable of making online purchases.

RE: Ummm...
By lagomorpha on 2/6/2014 7:54:44 AM , Rating: 2
The thing is, if the card stays in your phone thieves can't tell which phones have SD cards in them and which don't. And it would be trivial to setup the system to automatically revoke your card's certificate if your phone is stolen. Personal information is as likely to be stored on a phone as on the card so that's not a new issue.

Although it would be really funny seeing all iThing owners incapable of making online purchases.

That alone would be worth implementing the system.

The trouble with cleaning up the back end of the system is that it would have to happen at all vendors, and there would always be vendors with idiotic security practices and customers have no way of auditing them. Maybe you could do that if there was some sort of organisation that went around auditing vendor database security but that would end up costing more than moving to a smart card system.

"Game reviewers fought each other to write the most glowing coverage possible for the powerhouse Sony, MS systems. Reviewers flipped coins to see who would review the Nintendo Wii. The losers got stuck with the job." -- Andy Marken
Related Articles

Most Popular ArticlesSmartphone Screen Protectors – What To Look For
September 21, 2016, 9:33 AM
UN Meeting to Tackle Antimicrobial Resistance
September 21, 2016, 9:52 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
Update: Problem-Free Galaxy Note7s CPSC Approved
September 22, 2016, 5:30 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki