Retailers Should Take a Cue from Target’s Nightmare
Posted: January 21, 2014
There doesn’t seem to be any light at the end of the tunnel for Target’s woes. After hackers stole credit and debit card records of 40 million Target customers, the retailer gave assurances to their alarmed customers that accompanying PIN numbers hadn’t been breached. This proved to be premature, as a spokesperson for Target backtracked on that assertion a couple of days after Christmas and said criminals had made off with customers’ encrypted PIN information as well.
Target said the company stored the keys to decrypt its PIN data on separate systems from the ones that were hacked. Even so, determined hackers can find a way to acquire this data and, according to security experts, get the keys and unscramble encrypted data. This PIN data is a goldmine, resulting in a cyber crook being able to make withdrawals from a customer’s account through an automatic teller machine.
Even before this news came to light, JPMorgan Chase and Santander Bank placed caps on customer purchases and withdrawals made with compromised credit and debit cards. In the security industry, that action was unprecedented and of course resulted in complaints from customers who were unable to do last-minute Christmas shopping.
Survey data shows that Target’s public perception and customer satisfaction has plummeted and may have given a boost to its rival Wal-Mart, who now has a much more positive public and customer perception.
With more than 11 class action lawsuits filed against the retailer, continued criticism on Target’s Facebook page, and more consumer complaints about customer service gridlock at Target’s call centers, some industry analysts say it could take at least three months for Target to recover its brand image.
This could have ripple effects across the retail landscape, as legislative action is being discussed, which would ensure that customers are better protected. That could include holding retailers accountable for failures to protect sensitive customer data.
"This breach shows that despite best efforts by major retailers to protect cardholder data generated from magnetic stripe card transactions, criminals will find a way to get this data," says Randy Vanderhoof, director of the EMV Migration Forum.
Overseas, EMV technology (i.e., Europay, MasterCard, Visa) is prevalent and it is the global standard for chip-based debit and credit card transactions. Rather than relying on magnetic stripe-based cards, used in the U.S., this new technology relies on an EMV-compliant chip, which makes extraction of card information by fraud syndicates much more difficult compared to the current magnetic stripe cards.
Jacob Ansari, director of technical services at 403 Labs and a PCI forensic investigator, says the Target breach will provide valuable insight for future security regardless of what happened…and “hackers are becoming increasingly professional as an organized crime base.” Furthermore, Ansari does not expect the U.S. to be particularly quick to transition to EMV cards.
In a Forbe’s article, Davia Temin noted the flaws in Target’s response and actions to this catastrophe: while Target admitted the breach, they weren’t the first ones to publicize it, so they were forced to respond from a defensive position, while not having all the facts at their disposal. Being more worried about spin, than accuracy, was Target’s first mistake and led to customer distrust across the board.
Temin also said that Target’s CEO could have been more forthcoming in offering constructive pointers on what measures Target might take to stop these kinds of abuses from happening in the future and also be a little more accepting of responsibility than giving an apology that sounded more like sales/PR pitch. She also suggested that Target extend customer call-center hours to address customer concerns and start mending bad will. Finally, she urged that the company’s concerns directly reflect the concerns of their customers, clients, employees, and stakeholders, enabling a faster and more supportive recovery.TAGS: retail, retail trends, retailers,