WASHINGTON—Target CFO John Mulligan told the Senate Judiciary Committee that his company, which was the target of a massive data breach in late 2013, has begun the process of implementing secure EMV cards at all of its stores.
Mulligan said that about 300 Target stores in the United States (all in California) have already been equipped with EMV or "Chip and PIN" technology, and that the entire chain would be equipped with the appropriate card readers by the end of 2014, and would have them in operation by January 2015.
Mulligan also said that the company's own credit and debit cards would be equipped with EMV (Europay, MasterCard, Visa) chips by the end of 2014. "Target is accelerating our investment in chip technology for our Target REDcards and stores’ point-of-sale terminals," Mulligan said in his testimony. "We believe that chip-enabled technologies are critical to providing enhanced protection for consumers, which is why we are a founding, and steering committee, member of the EMV Migration Forum at the SmartCard Alliance."
Ironically, Target was the first major retailer in the U.S. to attempt to implement EMV card technology in 2003, but was forced to abandon the attempt because of lack of support from the payment card and banking industries. Mulligan noted in an article he published on Target's Website that his company already uses EMV technology at its Canadian stores where it has seen a 72 percent drop in credit card fraud.
Mulligan was hardly alone in his call for EMV-equipped cards. Virtually every witness at the Judiciary Committee hearing and in the Senate Banking Committee's subcommittee on National Security and International Trade and Finance hearings held on Feb. 3, called for implementation of chip and PIN cards as soon as possible. Likewise, Sen. Mark Warner (D-Va) who chaired that hearing, repeatedly pressed witnesses on reasons for delays in adopting the chip and PIN system.
There were exceptions. Michael Kingston, CIO for Neiman Marcus declined to say that his company would actively move to EMV technology, noting that the company currently has no PIN pads at point of sale terminals. However he did say that if new legislation were to require such security, the company would comply.
Kingston said in his testimony that the Neiman Marcus data breach was limited to relatively short periods of time at some stores. Other witnesses strongly supported the implementation of EMV technology as soon as possible.
Consumers Union counsel Delara Derakhshani told the Committee that the organization has been working hard to help consumers avoid getting caught up in data breaches, but that basic protections such as EMV equipped cards are necessary.