By now, you've probably heard that Target (NYSE:TGT) was the victim of a massive security breach over the holidays that left tens of millions of Target customers vulnerable to credit card fraud. New details have now emerged that suggest the incident could have been avoided. Let's take a closer look at what this means for Target and the broader retail industry going forward.
We now know that personal information was stolen from as many as 70 million Target shoppers, and that 40 million customers had their credit card data hacked at Target stores between Thanksgiving and Christmas. The hack was pulled off using malware that affected point-of-sale systems at U.S. Target stores. However, Target might have prevented the breach had the retailer followed through on a 2001 decision to adopt chip-based credit card technology.
The discount retailer was working with Visa (NYSE:V) more than a decade ago to introduce smart cards, which help limit fraud by encrypting sensitive data contained on the card. Target invested as much as $40 million in the chip-based tech between 2001 and 2004, while Visa reportedly contributed $25 million to the project. The retail chain also updated 37,000 cash registers during that time and designed a computer system to handle the new smart cards.
Even so, Target ultimately ditched the effort, in part because it was about three times cheaper to issue and accept traditional magnetic-strip cards versus credit cards with silicon chips. Today, smart cards are more common outside of the U.S., in places such as Europe and Canada. This could explain why the U.S. has become, as The Wall Street Journal recently put it, "the preferred target for criminal hackers."
After all, the Target attack wasn't the only one to hit one of the country's major retailers over the holiday shopping season. Neiman Marcus also reported a security breach. And new research from IntelCrawler suggests that POS systems at six other retail chains have also been compromised by the same malware responsible for the attack on Target.
More than 40% of the Fortune 200 retailers today are said to be more vulnerable than Target, according to a report in the Financial Times. In fact, credit card fraud at U.S. retail stores has more than doubled since 2007. That's why it's more important than ever that these companies get ahead of the problem by investing in security infrastructure such as smart cards. Moreover, Target's highly publicized attack could be the catalyst for an industry overhaul.
Beyond damage control
Target is offering its customers a year of free credit monitoring in hopes of limiting the damaging effects of the incident. However, more can be done in the future to safeguard against such attacks. Target CEO Gregg Steinhafel says mass adoption of so-called smart cards could finally become a reality in the United States.
Looking ahead, we should see a meaningful shift toward this technology by 2015. That's because, beginning in October of next year, "credit card companies plan to hold merchants financially responsible for any fraud that stems from a transaction in which a chip-enabled card was presented but couldn't be used," according to The Wall Street Journal.
While this will help better protect consumers, it will also require a significant investment of both time and resources from retailers such as Target. Nevertheless, this is Target's chance to do what it should have done a decade ago, and invest in the safety of its customers' personal data.