Target (NYSE: TGT) execs told a Senate committee on Tuesday that the company would be implementing chip and PIN technology six months sooner than originally planned in the wake of its massive data breach. The company also said that it found the malware on just 25 cash registers, an alarming fact considering that as many as 110 million cards were compromised during the hack.
During the Senate Judiciary Committee hearing, several Senators, security experts and witnesses who were directly affected by the breach urged companies to adopt chip and PIN technology to make shopping safer. Credit card companies, too, called on retailers to make the switch and install swipe machines to accept the cards by 2015, or be liable for the costs of any fraud resulting from stolen data.
Target's history with chip and PIN cards dates back to 2004, when the company halted a three-year pilot program that would have made it the first retailer to implement the technology in its stores. Target said then that customers didn't see the benefits of the cards and the program's $40 million price tag was too much (by contrast, the breach has cost banks $153 million). PIN-based cards are equipped with both an embedded chip and a traditional magnetic stripe. Cardholders must enter their PIN or sign for each transaction to be approved. If the card is stolen, the embedded microchip makes the card extremely difficult to counterfeit or copy.
John Mulligan, Target's CFO, attended the hearing and confirmed that the fraudulent access to Target's POS system was caused by hackers who used an outside vendor's credentials. The malware was discovered three days after Target thought it had deleted the malicious software from its system.
-See this New York Times article
The story of how Target had chip and PIN cards, but failed to keep them
Arrested pair thought to be Target hackers, NRF urges adoption of chip and PIN cards
Target invests $5 million in security education, offers rree credit monitoring to customers for 1 year
Target data breach gets worse, 110 million shoppers at risk
Target now says 70 million people affected by breach