In Wake of Target Breach, Calls for Enhanced Data Security (Jan. 2, 2014)
As the fallout continues from a data breach at Target retail stores that may have exposed millions of shoppers’ financial information, politicians and business groups are lobbying lawmakers to investigate the matter and crack down on security weaknesses that could lead to similar incidents.
Target last month confirmed that its systems had been breached, which may have exposed the names, card account numbers, expiration dates and three-digit CVV security codes of 40 million customers who used payment cards at Target retail locations between Nov. 27 and Dec. 15. Days after the news, Sen. Chuck Schumer (D.-N.Y.) called on the Consumer Financial Protection Bureau to launch an investigation, noting that data stolen during the Target breach has reportedly cropped up for sale by hackers on the black market. “We need to figure out exactly what happened at Target, and then we need to figure out ways to prevent it,” Schumer said.
Separately, the National Association of Federal Credit Unions sent a letter to party leaders in the House of Representatives calling for new legislation that would hold retailers to higher standards of financial data security and force merchants to cover costs incurred by financial institutions as a result of retail data breaches, such as replenishing stolen funds, changing account numbers, issuing new cards and increased customer service demands.
The breach further underscored the need for more advanced data security technology in the U.S. payments industry, notes Rodman K. Reef, a managing principal with Reef Karson Consulting LLC. “This breach is another example of a situation where EMV with dynamic data could have prevented the use of the fraudulently obtained data,” Reef tells Paybefore. Depending upon how the data was captured, the incident also could serve as clarion call for tokenization, he suggests. However, Reef notes, “We will not know what exactly caused Target’s breach until their forensic review is finished and made available to certain public organizations.”