Target says it will be fast-tracking plans to update its store credit cards with smart-chip technology for greater security. Target CFO John Mulligan announced the efforts during testimony about the retailer’s data breach in front of the Senate Committee on the Judiciary this week.
In a statement released to the press, Target said, “The accelerated timing is part of a $100 million effort to put in place chip-enabled technology in all of Target’s nearly 1,800 U.S. stores.”
The smart cards, which use a microprocessor chip to encrypt transaction data, will be rolled out in the first quarter of 2015 instead of later in the year as previously planned.
The deadline imposed on retailers by the banks and the credit card industry to move to chip-enabled point-of-sale systems is October 2015, as MR‘s POS system expert Michael Dattoma explained last fall. After October 2015, liability for fraudulent transactions will shift to the retailer if that retailer does not update its POS technology.
EMV (Europay/MasterCard/Visa), also known as chip and pin cards, are already used in the U.K., Australia and Canada. “The chip refers to the integrated circuit built into the card, and the pin is the familiar ability to input a pin number to secure the transaction,” Dattoma wrote. “Magnetic swipe cards, which the majority of Americans carry in their wallets, are easily forged and are the cause of a great deal of fraud. Much of that fraud is absorbed by the banks that issue the credit cards, and they want to reduce that exposure by implementing chip and pin.”
Target’s data breach revealed in December, was initially thought to have affected 40 million customers who shopped in Target stores. Later estimates put the number of affected customers higher—as many as 70 million. The breach went on longer than first reported, too: in December Target said that the breach took place between November 27 and December 15, but during his testimony, CFO Mulligan said that some in-store checkout terminals were still infected with information-stealing malware after December 15.
Neiman Marcus was hit by a similar data security leak from July to October, but didn’t discover it until December; it was made public in January when an investigation confirmed it.