retail news in context, analysis with attitude

The New York Times this morning reports that Target has pledged that it will "switch its debit and credit cards over to a more secure technology by early next year, most likely making it the first major retailer in the country to do so … The new debit and credit card technology, called chip and PIN, is widely used in Europe and considered to be far more secure than most cards used in the United States, which rely on magnetic strips. While it does not address all fraud, the chip makes a card hard to duplicate, and the pin, or personal identification number, more difficult for a thief to use."

The cost of the shift - which includes issuing new cards to customers as well as buying new card terminals for every one of its checkouts - is expected to be north of $100 million.

As part of its announcement, Target said yesterday that it has hired Bob DeRodes, described as a former senior information technology adviser for the U.S. Department of Homeland Security, Secretary of Defense, and the Justice Department, to be its new Chief Information Officer (CIO). he succeeds Beth Jacobs, who resigned after the breach was revealed.

DeRodes has also held top technology positions at a number of companies including Citibank, USAA Federal Savings Bank, First Data, Home Depot and Delta Air Lines.

The Times writes that Target also has "outlined some of the security measures it had been adapting. In some instances, it has deployed advanced technology like white-listing, which allows only web traffic that the company knows is innocuous to enter its systems. In other cases, the company is adding more sophisticated security around its network, including for its payment systems and customer data, which security experts say the company should have done long ago."

All these moves come in the wake of a security breach during the 2013 holiday shopping season that exposed the credit and debit card information of more than 50 million Target shoppers to what some experts said were organized criminals in Eastern Europe. This breach also create a crisis of confidence for Target in general, which had a negative impact on its sales and profits.
KC's View:
In other words, Target had to do something. But these moves cannot happen in a vacuum if they are going to be effective. Banks have to jump on board, other retailers (especially Neiman Marcus and Michaels, which had their own breach issues) have to jump on board, and consumers have to accept the fact that they need to upgrade their cards. Doing this piecemeal, over a long period of time, likely will leave too many windows open through which the bad guys can exploit weaknesses.