The Target trademark bull’s-eye took on a whole new meaning when up to 40 million of its customers’ credit and debit cards were compromised over the holiday shopping season.
The breach was jaw-dropping, a major alarm bell for card security in the United States. It’s still unclear exactly how it occurred, but it is clear that some very simple measures could have been taken much earlier to head it off.
One is to use chips embedded in debit and credit cards instead of the outmoded magnetic strip Americans rely on, which can easily be duplicated and sold as bulk credit card numbers on the black market.
We like to think this country is the leader in areas like this, but encrypted chip technology has been in use around the world for more than a decade. More than 80 countries use it – but not ours, even though it’s the world’s largest economy.
The nonprofit group EMV Migration Forum, which advocates for the widespread use of chip cards, estimates that less than 1 percent of the U.S. market employs safer cards.
Visa, MasterCard, American Express and Discover have a plan to require merchants to adapt card readers for the so-called smart cards by October 2015. If they don’t, they will be on the hook for the use of cards for fraudulent purposes, according to the forum. But that’s almost two years from now. How many Target debacles will we experience by then?
It’s embarrassing that we are so far behind.
Fraud is rampant – a more than $11 billion industry worldwide last year, according to Nilson Report. In the U.S., it has been a growth industry. But not in places using smart cards.
Canada started widespread use of the chip cards in 2008 and has seen a massive drop in fraud, according to the Forum – from $142 million in 2009 to $35 million in 2012.
Target is paying the price for exposing this vulnerability. Lawsuits over negligence are being filed. The Wall Street Journal reported a slip in sales on the weekend before Christmas, despite the company’s 10 percent discount mea culpa. And JPMorgan Chase & Co. announced that it would limit the daily cash withdrawal and spending for about 2 million of its customers who shopped at Target from Nov. 27 through Dec. 15.
Target’s breach has become a case study on how the holidays were hacked. Perhaps a more effective mea culpa would be for the company to pressure banks and credit card companies to switch to chips. Like the rest of the modern world.