San Jose Mercury News: Target breach may have been preventable
The following editorial appeared in Thursday's San Jose Mercury News:
The Target trademark bull's-eye took on a whole new meaning when up to 40 million of its customers' credit and debit cards were compromised over the holiday shopping season.
The breach was jaw-dropping, a major alarm bell for card security in the United States. It's still unclear exactly how it occurred, but it is clear that some very simple measures could have been taken much earlier to head it off.
One is to use chips embedded in debit and credit cards instead of the outmoded magnetic strip Americans rely on, which can easily be duplicated and sold in the form of bulk credit card numbers on the black market.
We like to think this country is the leader in areas like this, but encrypted chip technology has been in use around the world for more than a decade. More than 80 countries use it but not ours, even though it's the world's largest economy and the home of Silicon Valley.
The nonprofit group EMV Migration Forum, which advocates for the widespread use of chip cards, estimates that less than 1 percent of the U.S. market employs the safer cards.
Visa, MasterCard, American Express and Discover have a plan to require merchants to adapt card readers for the so-called smart cards by October 2015. If they don't, they will be on the hook for the use of cards for fraudulent purposes, according to the forum. But that's almost two years from now. How many Target debacles will we experience by then?
It's embarrassing that we are so far behind.
Fraud is rampant a more than $11 billion industry worldwide last year, according to Nilson Report. In the U.S., it has been a growth industry. But not in places using smart cards.
Target's breach has become a case study on how the holidays were hacked. Perhaps a more effective mea culpa would be for the company to pressure banks and credit card companies to switch to chips. Like the rest of the modern world.