How Target's Credit Card Security Breach Could Have Been Avoided

By Wayne Rash  |  Posted 2013-12-24 Print this article Print

"Beginning in September this year [2013], all U.S. Consumer and OPEN cards—with  the exception of Costco and Delta Skymiles—are now available, and enabled with chip and signature," American Express spokesperson Sanette Chao wrote in an email to eWEEK. "The cards can be received by a Card Member upon request."

Chao said that appropriate equipment is also available to merchants. "Merchants in the U.S. can get a card reader that will work with embedded chip products—merchants can get these from POS and terminal manufacturers." Chao noted that American Express doesn't sell those readers and terminals and can't speak to the cost involved, but said that integrating them with American Express can be handled by the merchant directly or through a credit card processor.

"For American Express' embedded chip products, merchant terminals typically require both hardware (to read the contact EMV chip and contactless chip as applicable) and American Express EMV software to read and interact with the chip and process incremental chip data," Chao wrote. "Once loaded with American Express software, merchants are required to certify their devices with American Express (or through their processor) to align with our requirements when accepting our products."

Other credit card companies are also working on the problem. According to MasterCard spokesperson Jim Issokson, the company has issued a road map to move to cards with embedded chips, but actually doing it is up to the card issuer and merchant.

"We introduced our road map for the future of payments—including  EMV—in 2012," Issokson said in an email. "The road map and larger migration have provided issuers and merchants with the flexibility to manage their business and technology decisions. The dates established in the road map are when liability shifts will take effect and not deadlines."

This means that card issuers can decide when, or even if, they will take steps to improve credit card security for customers. A call to Bank of America, for example, revealed that while their credit cards can be embedded with EMV chips, debit cards cannot.

Fortunately, the tide is turning, meaning that major breaches such as that at Target may eventually become a thing of the past. "In the past year, the payments industry has seen a higher demand from merchants for EMV-enabled terminals in the U.S. as EMV technology offers enhanced security and the potential for reduced card fraud, and American Express is actively working with terminal manufacturers, processors and merchants to align with our requirements for our embedded chip payment products," American Express' Chao said. Meanwhile, you can request a secure card, and then ask the store if they can use it.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel