Reuters: Target Payment Card Data Theft Highlights Lagging U.S. Security

Reuters | December 22, 2013

By Ross Kerber

The massive data breach disclosed by retailer Target Corp last week is likely to teach its U.S. customers a painful lesson in payment card security and build support for an anti-fraud technology now sitting on the shelf.

For years, U.S. merchants and banks have balked at adopting a well-established system that uses credit and debit cards that store information on computer chips. The technology, ubiquitous in Europe, Canada and elsewhere, makes it harder for thieves to misuse data compared with cards that store data only on magnetic stripes.

The problem is the costs of the new chips and some 10 million payment terminals to process them.

The delay may prove costly to Target’s U.S. customers. The third-largest U.S. retailer said unknown hackers stole data from up to 40 million credit and debit cards used at its stores in the first three weeks of the holiday season.

Now, after years in which U.S. companies tolerated fraud as a cost of doing business, high-profile breaches such as the one at Target are raising demand for increased card security.

“There’s no doubt in my mind it will happen over the next two years. The fraud risk is too high,” said Rush Taggart, chief security officer of CardConnect of King of Prussia, Pennsylvania, which helps merchants process payments. “I think we all wish it had happened over the last four years.”

An early switch to the global card system may not have prevented the Target data theft but the chip technology would have reduced the value of the stolen data by making it harder for hackers to reuse the customer information. For one thing, the new systems are better at detecting counterfeit cards.

Visa Inc has warned that merchants’ banks may start bearing the costs of fraud starting in October 2015 if the merchants don’t upgrade.

Click here to read the full article on Reuters.