John J. Mulligan, the Chief Financial Officer of Target, has published Time for smart cards in The Hill. He says that the risks from credit- and debit-card theft can be significantly reduced if the U.S. imbeds "smart card" technology in credit and debit cards. Here's an excerpt (omitting stuff about how swell Target is):
The data breach that struck our company spotlighted the sophistication of criminal hacker networks operating across the globe. We know the attack created significant concerns for millions of customers. We will learn from this incident and we will work to make Target, and the wider business community, more secure in the future. One step American businesses could now take that would dramatically improve the security of all credit and debit cards: adoption of chip-enabled smartcards. The technology is already widely used throughout the world. For many reasons, the United States has been slow to embrace the technology at home. We need to change. … For consumers, this technology differs in important ways from what is widely used in the United States today. The standard credit and debit cards we use now have a magnetic stripe containing the customer's information. When first introduced, that stripe was an innovation. But in today's world, more is needed. The latest "smart cards" have tiny microprocessor chips that encrypt the personal data shared with the sales terminals used by merchants. Why is such a change important? Even if a thief manages to steal a smart card number, it's useless without the chip. In addition, requiring the use of a four-digit personal identification number (PIN) to complete a sales transaction would provide even greater safety.To be frank, there is no consensus across the business community on the use of PINs in conjunction with chip-enabled cards. … In the United Kingdom, where smart card technology is widely used, financial losses associated with lost or stolen cards are at their lowest levels since 1999 and have fallen by 67 percent since 2004, according to industry estimates. In Canada, where Target and others have adopted smart cards, losses from card skimming were reduced by 72 percent from 2008 to 2012, according to industry estimates. A reason the United States has been slow to embrace change is that all players in the payments system – merchants, issuers, banks and the networks – have not been able to find common ground on how to share the costs of implementation.
Mulligan's piece coincided with his testimony at a Senate Judiciary Committee hearing yesterday on data breaches. Go here for all the hearing testimony and other hearing materials. Go here to watch the full hearing.