How Target's Credit Card Security Breach Could Have Been Avoided
NEWS ANALYSIS: A simple security measure used widely, except in the U.S., would have prevented the theft of 40 million customer mag stripes from Target.When thieves broke into the point-of-sale (POS) system at Target, they stole the data from the magnetic stripe on the back of credit and debit cards. Target, like virtually all other stores in the United States, depends on that information on the magnetic stripe to read all the relevant credit card information to make a sale. But it doesn't need to be that way. In fact, Target could have used an alternate version of its card readers that would have protected credit card customers that had an embedded chip in the card. I first found out about how those chips, called EMV chips, actually work when I needed one, but didn't have one. I was in line on my first day at CeBIT in Hannover, Germany, to buy my lunch in the press building cafeteria. I handed my credit card to the cashier, and everything stopped. The people in front of me had been passing through with hardly a pause, but the cashier looked at my card and then asked if I had another one. It turned out that the POS terminals in the cafeteria used EMV chips, rather than the mag stripe on the back of the card. Eventually, they found a cash register with a mag stripe reader, and I was able to pay for my Weiner Schnitzel. But as soon as I got back to the United States, I called my card issuer and was sent a new card with the EMV chip.
The EMV chip that's embedded in my credit card is actually a microprocessor that holds an encrypted version of the information that's on the mag stripe. It establishes communication with the POS terminal and passes the credit card information to it, keeping the data encrypted. If thieves managed to steal the data, which is unlikely, it would still be encrypted and difficult, if not impossible, to use.