Target’s chief financial officer and executive vice president John Mulligan authored an opinion piece in The Hill on Monday, in which he revealed the company is accelerating its $100 million smart card program following the massive hack it suffered in late 2013. According to Mulligan, the first REDcards smart cards will be deployed in early 2015, more than six years earlier than initially expected, and the technology will also be implemented in the retailers store.
The smart cards, which are widely used in other countries but not the U.S., will include a microprocessor chip that “encrypts the personal data shared with the sales terminals used by merchants,” Mulligan wrote. “Even if a thief manages to steal a smart card number, it’s useless without the chip,” he added. Furthermore, the smart cards will require a four-digit personal identification number (PIN) for “greater safety.”
Target had a similar project in place ten years ago, which it discontinued after only three years, after seeing mixed results. “Notably, the cards were much more expensive to produce and required the replacement of store card-readers,” Mulligan wrote. “Also, the technology at that time would have only been usable in our stores, making for a confusing experience for customers, overall. After three years of going it alone, we discontinued the program.”
However, in light of the recent sophisticated attacks that hit Target, Neiman Marcus and others last year, Target feels it has to do more, urging the business community to “move together,” in order to improve consumer protection.
Mulligan said that according to industry data, financial losses related to lost or stolen cards in the U.K. are at their lowest levels since 1999, dropping by 67% since 2004, as the country uses smart cards. In Canada, where Target and others are already using smart cards, losses from card skimming – the technology used to steal credit and debit card data for 40 million Target customers in the recent hack – were reduced by 72% from 2008 to 2012.
In a recent note to retailers, the FBI has warned that Target-like attacks may still hit other companies due to their sophisticated nature – the malware program used to attack Target is available for sale in underground forums and can be further upgraded to avoid discovery.