January 15, 2014

As news about the massive data breach affecting Target continues to get worse, some, including Target's CEO, have called for a speedy adoption of EMV in the United States to deter future attacks.

The most recent revelation regarding the Target breach is that fraudsters also installed malware in the retailer's point-of-sale system, as well as other systems housing consumer data. Target CEO and Chairman Gregg Steinhafel made the revelation in a CNBC interview, adding that the company has not yet determined how this was done. He also used the opportunity to push for quicker EMV adoption in the United States.

"We think it's important that we get there as a nation, and we want not only to participate in that conversation, but we want to lead in that conversation too," he said in the interview.

Target was not the only retailer affected. Neiman Marcus, at at least three other as-yet-unnamed retailers, also were victims of the coordinated cyber attack.

But regardless of Steinhafel's plea, Aite Group Senior Analyst Shirley Inscoe doesn't believe this incident will speed EMV cards to the market, a massive undertaking already underway by MasterCard, American Express and Visa. In addition to the issuers having to send out millions of new cards, retailers will need to upgrade their POS technology to accept EMV cards.

EMV, the global technology standard for credit and debit card payments named after its original developers (Europay, MasterCard and Visa), features cards with embedded microprocessor chips that store and protect encrypted account user data, in contrast to the magnetic strip cards now used mostly in the U.S.

[MasterCard, Visa Team Up on EMV Chip Technology]

Inscoe believes introducing EMV cards will help combat fraud such as what happened with Target, but only if consumers are required to enter a PIN at the point-of-sale. Inscoe says she has heard from some issuers that they will require only a signature. "If the PIN is not used as part of the transaction, fraud can still be conducted," she says.

But EMV alone won't prevent all fraud, she notes. Inscoe advises major retailers to "proactively hire people to review their systems and make sure they are protected against this kind of malware threat."

She says malware targeting data housed by retailers is "extremely lucrative" so they should expect these kind of attacks in the future and be prepared.

"Hopefully we will learn enough about the way these attacks are done so other large retailers can make sure they are protected and don’t experience this kind of insidious malware," Inscoe says.

ABOUT THE AUTHOR
Bryan Yurcan is associate editor for Bank Systems and Technology. He has worked in various editorial capacities for newspapers and magazines for the past 8 years. After beginning his career as ...