Target accelerating $100 million chip and PIN adoption, finds just 25 registers at fault in breach

Target (NYSE: TGT) will adopt chip and PIN technology six months ahead of Visa and MasterCard's October 2015 deadline as executives push for wider adoption of the more secure technology.

Retail executives told a Senate committee on Tuesday the company would be implementing chip and PIN technology faster than expected and in an open letter to Congress published by The Hill, Target CFO John Mulligan urged others to do the same.

"In the U.K., where smart card technology is widely used, financial losses associated with lost or stolen cards are at their lowest levels since 1999 and have fallen by 67 percent since 2004, according to industry estimates. In Canada, where Target and others have adopted smart cards, losses from card skimming were reduced by 72 percent from 2008 to 2012, according to industry estimates," he said. "A reason the U.S. has been slow to embrace change is that all players in the payments system - merchants, issuers, banks and the networks - have not been able to find common ground on how to share the costs of implementation."

Target estimates the cost of implementation at approximately $100 million. Retail security breaches in the past several months have effected upwards of 70 million Target shoppers and 1.1 million Neiman Marcus shoppers. Additional security breaches at Michaels stores and now White Lodging Services -- a company that manages Holiday Inn, Marriott, Radisson, Renaissance, Sheraton and Westin hotels at 14 locations -- adds urgency.

Target's history with chip and PIN cards dates back to 2004 when Target piloted an early generation of the chip-enabled technology on the Target Visa REDcard, with mixed results, according to Mulligan. "Notably, the cards were much more expensive to produce and required the replacement of store card-readers. Also, the technology at that time would have only been usable in our stores, making for a confusing experience for customers, overall. After three years of going it alone, we discontinued the program."

During the Senate Judiciary Committee hearing, several senators, security experts and witnesses who were directly affected by the breach urged companies to adopt chip and PIN technology to make shopping safer. Credit card companies, too, called on retailers to make the switch and install swipe machines to accept the cards by 2015, or be liable for the costs of any fraud resulting from stolen data.

Seperately, Target said that it found the malware on just 25 cash registers. Mulligan confirmed that hackers used outside vendors' credentials to access Target's POS system. The malware was discovered three days after Target thought it had deleted the malicious software from its system.

For more:
-See John Mulligan's letter to Congress

Related stories:
The story of how Target had chip and PIN cards, but failed to keep them
Arrested pair thought to be Target hackers, NRF urges adoption of chip and PIN cards
Target invests $5 million in security education, offers rree credit monitoring to customers for 1 year
Target data breach gets worse, 110 million shoppers at risk
Target now says 70 million people affected by breach