The chief financial officer of Target has said that he is “deeply sorry” for the recent breach and it is determined to win back customers’ trust.
Speaking before the US Senate Judiciary Committee hearing which is investigating the data breaches, John Mulligan, Target chief financial officer and executive vice president, said the cyber attack has strengthened its resolve and it will make “Target, and our industry, more secure for customers in the future”.
According to CNBC Mulligan said: “I want to say how deeply sorry we are for the impact this incident has had on our guests—your constituents. We know this breach has shaken their confidence in Target, and we are determined to work very hard to earn it back.”
Target announced that it was accelerating a $100 million smart card program, with the first REDcards smart cards deployed in early 2015, more than six years earlier than initially expected. The smart cards will include a microprocessor chip that encrypts the personal data shared with the sales terminals used by merchants.
Commenting, Mark Bower, VP of product management at Voltage Security, said: “While it’s encouraging to see Target strategically embrace EMV (chip and pin), it’s necessary to look at mitigating threats to data that EMV unfortunately doesn’t protect.
“However, the UK experiences over the last several years clearly show that the stolen data from EMV systems can be re-purposed for fraud in non EMV and Card-Not-Present scenarios (such as e-commerce), resulting in a major surge in online transaction fraud; something the US needs to prepare for.
“With EMV, the sensitive credit card number is still not encrypted from chip to the POS or beyond. Transactions are authenticated, but not encrypted. So, mass data breaches need to be mitigated by the combination of EMV with end-to-end encryption and tokenisation from the reading device using data-centric security technologies that are already here and proving their worth in the fight to make attacks harder and unattractive to criminals. The combination helps eliminate many of the kinds of exploitable gaps we have witnessed in 2013 and prior in retail payment flows.
“More specifically, with this approach, the ever-vulnerable POS/Checkout and upstream retail systems never see live data, yet can still do their job of taking payments and providing analytic data to the merchant or acquirer.”