Target Data Breach Latest Sign It’s High Time for EMV (Dec. 19, 2013)
A breach of data that may have exposed the financial information of 40 million shoppers at Target stores highlights the urgency of bolstering payment card security measures and adopting EMV chip technology, according to industry observers. The retail giant confirmed today that it was the target of a security breach that exposed the payment card data of consumers who shopped at store locations between Nov. 27 and Dec. 15. Among the data exposed were customer names, card account numbers, expiration dates and three-digit CVV security codes. “Target alerted authorities and financial institutions immediately after we discovered and confirmed the unauthorized access, and we are putting our full resources behind the efforts,” the company said. While prepaid cards were not specifically mentioned, open-loop prepaid card data is likely to also have been exposed, according to payments industry experts.
The Target incident is the latest in a series of large-scale payment card-related security breaches over the past year, including a $45 million global ATM heist and the possible exposure of data from nearly half a million Chase prepaid card holders when the bank’s systems were hacked last summer. The latest news from Target highlights the importance of increased security measures for payment products, says Randy Vanderhoof, director of the EMV Migration Forum, an industry group focused on supporting the migration to EMV chip-and-PIN payment cards. “This breach shows that despite best efforts by major retailers to protect cardholder data generated from magnetic stripe card transactions, criminals will find a way to get this data,” he noted. “The U.S. market needs to adopt secure EMV chip cards as most of the world has already done.” Vanderhoof said criminals often install “skimming” devices and/or software that enable them to capture payment information on a card, along with PINs, and subsequently create and use a cloned card. EMV chip cards are more secure, said Vanderhoof, and replace static CVV codes with dynamic CVVs, which help stop card counterfeiting.
Widespread EMV adoption is expected to occur over the next several years, spurred by liability shifts to be imposed by all major U.S. payment networks, which will leave on the hook for fraud whichever party—merchant or card issuer—that has lesser security measures in place.