Target Corporation executives met with Senate lawmakers regarding cyber-security in conjunction with the data breaches that took place with the mega-retailer. Much attention has been placed on the topic of cyber-security ever since reports first broke regarding a possible data breach affecting Target and its customers. Since that time Neiman Marcus was also found to be compromised in its consumer data. Executives from both of these compromised retailers sat down with lawmakers Tuesday to discuss what led to the breach, but more importantly what was going to be done about it.
Identity theft has been a concern in the public mind for some years, however it has not gained the type of notoriety that the recent Target Corporation data breach has garnered. Since the time that security blogger Brian Krebs first broke the story that the Secret Service may have been investigating a possible data breach within the mega-retailer, the number of affected consumers has continued to rise. The initial reports stated that there were 70 million consumers affected by the breach but that despite credit and debit card information being stolen, PIN numbers had not been accessed. That story quickly vanished as Target later stated that in fact an additional 40 million accounts had been compromised, and that PIN information had in fact been part of the haul.
As lawmakers began to question executives for both Neiman Marcus and Target Corporation, at the center of attention was the feeling that hackers and cyber thieves were believed to have the upper hand for now in the cyber-security battle. The executives lamented the loss of consumer data, while highlighting their belief that keeping up with cyber-criminals was becoming more and more an impossible task. As the panel of lawmakers grilled the executives over the scale and magnitude of the respective breaches, the company representatives issued apology after apology while agreeing that something needed to be done regarding cyber-security.
One of the issues discussed, and agreed upon by Target was the adoption and use of better, more sophisticated anti-fraud technology, they likes of which is currently being used in Europe. EMV technology currently being used in Europe, though not foolproof, appears to provide a somewhat higher level of security than the magnetic strip cards and POS systems currently being used throughout the US. Though a move to EMV would appear to be a step in the right direction for some, others pointed out that it would simply be a matter of time before hackers and cyber-criminals managed to compromise that technology as well. Despite the position of the skeptics, and whether or not EMV technology would be a fool proof solution, what everyone could agree on during Tuesday’s sit-down was that consumer confidence is the immediate casualty of the recent breaches.
Target Corporation executives did discuss the use of new technologies as possible ways to mitigate future attacks. One of the new technologies which received some attention during the talks was chip-and-PIN cards. These cards would store consumer data on computer chips and the require users to type in personal identification numbers in order to use them. Some believe that the technology could provide additional security, however it cannot be determined whether or not chip-and-PIN technology would have prevented the recent Target Corporation data breach. Although there seemed to be agreement that new technologies should be integrated to increase the security of consumer data, businesses as a whole are not likely to be keen on the idea. The reason being that upgrading all POS systems to interface with some new, presumably more secure payment method, appears to be a cost that businesses don’t feel they need to incur at the moment. Dealing with the breaches as the happen is at least for the moment a preferable approach for businesses.
The general consensus of the meetings seemed to be that “anything that strengthens the security of data is a good thing.” The one opinion lacking somewhat from the talks was how much privacy and freedom would have to be sacrificed in the name of such added “security.” While time will answer that question, Target Corporation executive along with lawmakers seem to be on the same side when it comes to the future of cyber-security.
By Daniel Worku