business news in context, analysis with attitude

Reuters reports that Target CFO John Mulligan, in an op-ed written for The Hill newspaper before his appearance before the US Senate Judiciary Committee, said that the company is speeding up the development of chip-enabled credit and debit cards that will provide greater security against cyber theft such as the data breaches that affected tens of millions of its customers.

Mulligan said that the goal is to have the technology in about a year. Chip-enabled cards, the story says "contain tiny microprocessor chips that encrypt personal data shared with sales terminals used by merchants. Stolen smart card numbers would be useless without the chip."

Noting that such cards are used elsewhere in the world, Mulligan wrote that the chip-enabled cards would be "one step American businesses could now take that would dramatically improve the security of all credit and debit cards."

He went on: "The data breach that struck our company spotlighted the sophistication of criminal hacker networks operating across the globe. We know the attack created significant concerns for millions of customers. We will learn from this incident and we will work to make Target, and the wider business community, more secure in the future."
KC's View:
Better late than never, I suppose. Though perhaps the people affected by the data breach would disagree with that assessment.

We've all seen the stories about how this technology has been available for awhile, but was not implemented in the US because of concerns about cost. It strikes me that in the future, business needs to work on the premise that the bad guys are always going to be working hard to be a step or two or three ahead of where technology is. Good enough probably isn't good enough, secure enough probably isn't secure enough, and the status quo is almost certainly going to put you in a defensive position. Start with that as your premise, and you take a different approach when it comes to things like smart cards.