Target (NYSE: TGT) almost avoided being the victim -- along with more than 70 million of its customers -- of the largest data breach in U.S. retail history. It had a chip-based smart card program but failed to successfully roll it out.
The security breach left between 70 million and 110 million shoppers' card numbers exposed to hackers, along with PIN numbers and personal information including email addresses. And it could have been averted had the U.S. retailer, and card services in general, been using chip and PIN technology instead of the magnetic stripe cards in use today.
Target had chip and PIN a decade ago, but abandoned the program after just three years.
I remember when Target announced its smart card program. Gerald Storch was in charge of Target's financial services credit card business, online retailing was just getting going, eTrade was testing an in-store bank and Target's smart card program was going to be a beacon of modernity in the payments sector and make Target a leader in the sector.
But adoption was slow, shoppers couldn't quite grasp the benefits. And pressure from the current CEO Gregg Steinhafel, then Target's president, spurred the company to abandon the $40 million dollar, three-year effort to roll out the cards, according to The Wall Street Journal.
Today both Steinhafel and the National Retail Federation, among others, are calling for the adoption of chip-based cards. And while it's certainly not a story of too little too late (smart cards are the smarter security choice) it is a cautionary tale of how a retailer's corporate structure can undermine its own best interests.
It all serves to illustrate the divide between IT and merchandising, the flashier front of the house and the more practical back of the house. In 2004, the merchandising team drove policy and direction. While Storch championed the smart card program, he ultimately left the retailer in 2006 to head up Toys R Us.
Storch is now a consultant back in Minneapolis, one Target might like to tap to relaunch that chip and PIN initiative, and joined the board of directors at Supervalu as its chairman.
For more see:
-this Wall Street Journal story
NRF Issues Industry-Wide Directive Regarding Data Security, Calls For Chip and PIN
Neiman Marcus Confirms Credit Card Data Breach
Target Data Breach Gets Worse, 110 Million Shoppers At Risk
Target Now Says 70 Million People Affected by Breach
Target Admits Encrypted PIN Data Was Stolen In Data Breach