Target's Security Breach Could Have Been Avoided

By now, you've probably heard that Target (NYSE: TGT  ) was the victim of a massive security breach over the holidays that left tens of millions of Target customers vulnerable to credit card fraud. New details have now emerged that suggest the incident could have been avoided. Let's take a closer look at what this means for Target and the broader retail industry going forward.

Hack attack
We now know that personal information was stolen from as many as 70 million Target shoppers, and that 40 million customers had their credit card data hacked at Target stores between Thanksgiving and Christmas. The hack was pulled off using malware that affected point-of-sale systems at U.S. Target stores. However, Target might have prevented the breach had the retailer followed through on a 2001 decision to adopt chip-based credit card technology.

The discount retailer was working with Visa (NYSE: V  ) more than a decade ago to introduce smart cards, which help limit fraud by encrypting sensitive data contained on the card. Target invested as much as $40 million in the chip-based tech between 2001 and 2004, while Visa reportedly contributed $25 million to the project. The retail chain also updated 37,000 cash registers during that time and designed a computer system to handle the new smart cards.

Even so, Target ultimately ditched the effort, in part because it was about three times cheaper to issue and accept traditional magnetic-strip cards versus credit cards with silicon chips. Today, smart cards are more common outside of the U.S., in places such as Europe and Canada. This could explain why the U.S. has become, as The Wall Street Journal recently put it, "the preferred target for criminal hackers."

After all, the Target attack wasn't the only one to hit one of the country's major retailers over the holiday shopping season. Neiman Marcus also reported a security breach. And new research from IntelCrawler suggests that POS systems at six other retail chains have also been compromised by the same malware responsible for the attack on Target.

More than 40% of the Fortune 200 retailers today are said to be more vulnerable than Target, according to a report in the Financial Times. In fact, credit card fraud at U.S. retail stores has more than doubled since 2007. That's why it's more important than ever that these companies get ahead of the problem by investing in security infrastructure such as smart cards. Moreover, Target's highly publicized attack could be the catalyst for an industry overhaul.

Beyond damage control
Target is offering its customers a year of free credit monitoring in hopes of limiting the damaging effects of the incident. However, more can be done in the future to safeguard against such attacks. Target CEO Gregg Steinhafel says mass adoption of so-called smart cards could finally become a reality in the United States.

Looking ahead, we should see a meaningful shift toward this technology by 2015. That's because, beginning in October of next year, "credit card companies plan to hold merchants financially responsible for any fraud that stems from a transaction in which a chip-enabled card was presented but couldn't be used," according to The Wall Street Journal.

While this will help better protect consumers, it will also require a significant investment of both time and resources from retailers such as Target. Nevertheless, this is Target's chance to do what it should have done a decade ago, and invest in the safety of its customers' personal data.  

How to protect yourself as an investor
Target may be the victim of a massive IT breach, but investors don't need to get swiped by bad stocks. Finding truly wealth-building stocks is now easier than ever thanks to The Motley Fool's free report, "The 3 Dow Stocks Dividend Investors Need." It's free, simply click here now and get your copy while it is still available.


Read/Post Comments (3) | Recommend This Article (3)

Comments from our Foolish Readers

Help us keep this a respectfully Foolish area! This is a place for our readers to discuss, debate, and learn more about the Foolish investing topic you read about above. Help us keep it clean and safe. If you believe a comment is abusive or otherwise violates our Fool's Rules, please report it via the Report this Comment Report this Comment icon found on every comment.

  • Report this Comment On January 21, 2014, at 8:36 PM, osiris188 wrote:

    Good info in the article but I Think there is another angle; you can have smart card readers at all the retailers, but without mandatory smart card implementation by the issuing banks of the debit and credit cards, the smart card reader technology at the point of sale location still wont help we need both sides to do their part.

  • Report this Comment On January 22, 2014, at 11:15 AM, skat5 wrote:

    Possibly another example of U.S. financial system's lack of accountability (or ability to pass the liability buck on to someone else) getting in the way of progress until things actually break down completely, which is probably what the Target customer who suddenly has their Target cc cancelled a few days before Christmas probably feels has happened: a complete breakdown. What needs to happen: NSA stop getting in the way of better encryption, banks and businesses incentivized to improve cybersecurity by retaining a percentage of the risk. Where else are breakdowns happening: pension funds, infrastructure, permitting processes, tax law, and the dead whale about to stink up the beach: healthcare.

  • Report this Comment On January 22, 2014, at 11:21 AM, lgreen wrote:

    I think you missed the point in blaming Target for this breach. How could Target have mandated that all banks and credit card issuers adopt this technology.

    I think you missed the point and owe Target an apology.

Add your comment.

DocumentId: 2803529, ~/Articles/ArticleHandler.aspx, 4/17/2014 2:36:31 PM

Report This Comment

Use this area to report a comment that you believe is in violation of the community guidelines. Our team will review the entry and take any appropriate action.

Sending report...


Advertisement