After The Breachin’: Chip-and-Pin Comes to Target

As was pointed out about the recent Heartbleed security hole that was so pervasive, it presented a chance — bad as it was — for a lot of companies to reinvent and update their security protocols, for consumers to opt in for “double login” options on various accounts (a password and a PIN, say), and for the general level of security, web-wide, to be enhanced.

Target, who held the pre-Heartbleed “record,” as it were, for “most infamous digital security breach” has already been busy taking the “reinvention” idea to, well, heart, and has announced sweeping changes for its own Target REDcards.

According to CNN Money “the company announced it will swap out its current Target REDcards, which only work at the chain, to newer models that are enabled with computer chips and require customers to type in one of those aforementioned PINs.

“This makes Target the first big retailer to move into the more advanced credit card system, which is already used worldwide but not in the United States.” Those would be the EMV cards that we’ve reported on previously.

As a kind of atonement, perhaps, Target — partnering with MasterCard — now establishes the beachhead for EMV use here in the U.S. As cyber security website CSO reports it, “Visa and Mastercard have set an October 2015 deadline for retailers to accept the new cards. Those that do not will be liable for fraudulent purchases made with the older cards.”

The liability, in other words, switches over to the merchants at that point — always a good reason to
check in with your AVPS rep to make sure you’re as up-to-date as you can be, already.

And yet, as the article further notes, “many retailers are not hurrying to make the transition to the expensive technology required to accept the more secure cards. Experts estimate the transition would cost the industry $30 billion.”

Meaning we might be in a kind of “Windows XP” phase, where merchants will continue to use outdated technology and/or software, while “hoping for the best.”

Target, meanwhile, “will have the new payment terminals necessary to accept the cards in all 1,797 U.S. stores by this September 2014, and will be able to start accepting Chip-and-PIN Card Payments by early next year,” according to another article on the website.

As for the reluctance of other retailers to stick to a schedule to make the switch, CNN quotes Jeremy Gumbley, a chief technology officer for CreditCall, which which helps merchants with system upgrades. He says retailers could be encouraged if they “notice that Target customers who use chip-and-PIN say they feel more secure with that new technology.”

Meaning that that this fall — a year after the breach — Target will be the site of the biggest experiment yet on how fast EMV will be adopted on America’s lagging shores.

It will one of the many changes coming to credit and payments; we look forward to heading out into that same future with you.

Leave a Reply

Your email address will not be published. Required fields are marked *