We’ve recently done a series of posts on the Target Data Breach. You can find them all here. Now it’s time to talk solutions so that this never happens again. Target CFO John J. Mulligan recently wrote a guest column for The Hill about his company’s plans for smart cards and why we need them in the U.S.
At the heart of the Target breach was an age-old technology, the magnetic strip. It was a convenient follow-on to the old copy-paper method, but it has issues in the connected age. The data is stored in a way that can be easily and cheaply copied and cloned. Unfortunately, this is the most used form of payment card in the U.S. by a wide margin. Target claims it was this unsecured data, combined with a malware at the point of sale, which enabled criminals to get access to 40 million records.
Another type of payment card has been adopted outside the United States which are commonly referred to as ‘Chip and Pin’ smart cards. They’ve been piloted in the U.S., Target included, but have failed to catch on. Instead of a magnetic strip, these smarter cards use a tiny microprocessor to keep data secured. They’re routinely paired with a pin, and used much in the same way debit cards are used. The chip and the pin are both required to complete a sale.
Target claims they will implement this technology by early 2015 for in store REDcard debit and credit cards. They originally planned the switch for a later date, but in light of recent events, have moved up the timetable 6 months. Unfortunately, the move comes a year after one of the biggest security breaches in history. Until then, the status quo of the magnetic strip will continue at Target. Hopefully banks and other stores will follow suit, although there needs to be careful planning on both the infrastructure and equipment sides to ensure they arrive together.
The best thing you can do as a consumer is stay vigilant. With Target and other systems breached, assume your in-store card purchases are not entirely secure. In fact, unless you use cash, they aren’t. Any system can be breached if it’s connected, so always monitor your accounts and immediately report anything abnormal.
And like we’ve said before, change your passwords to your financial logins and use something secure. Snuggles123 isn’t going to cut it.