The cyber-attacks on Target, Neiman Marcus and other large retailers are speeding up the program to adopt the use of chip-enabled smart cards according to Reuters.
Target Corp's decision to speed up a $100 million program to adopt the use of chip-enabled smart cards is just a drop in the bucket when it comes to what retailers need to do to defend themselves against future cyber-attacks, according to security experts and IT service providers.
The pressure to boost security spending comes at a time when merchants are already spending millions to fend off online retailer Amazon.com and facing an October 2015 deadline set by payment networks Visa Inc. and MasterCard Inc. to accept new payment cards that store information on computer chips rather than on traditional magnetic stripes.
Target, the No. 3 U.S. retailer, said this week it hoped to finish upgrading its payment card network to the more secure ‘chip and PIN’ standard by early 2015, some six months ahead of schedule.
EMV , Euro-Mastercard-Visa, is an embedded microprocessor chip smart credit/debit card which is read by an EMV compatible card terminal and can then send the encrypted data onto the computer processing center for payment to merchants and customer information to the credit card institution for billing to its customers.
Europay, MasterCard and Visa initiated development of the EMV Specifications in 1994. Europay International SA became part of MasterCard in 2002. JCB joined EMVCo in 2004, American Express in 2009 and, most recently, Discover and UnionPay in 2013.
EMV cards thwart some of the most common ways thieves clone cards and steal data due to the microprocessor chip that encodes the information transferred to the merchant, such as account numbers, differently with each transaction. So, even if thieves manage to get data from a merchant (as they did in the Target breach), it’s like stealing an expired password. EMV chips are also tougher to clone than magnetic stripes are.
U.S. retailers have been so focused on cutting costs and expanding their online presence in the past decade that they have not spent enough of their technology budgets on protecting customer data, security experts and IT service providers said.
IDC Retail Insights expects spending by retailers in 2014 specifically for security in the United States to be $720.3 million, an increase of 5.7 percent from last year in part because of the recent breaches. Total tech spending by retailers this year is expected to hit $36.34 billion.
While retail spending on overall technology was expected to rise 4 percent annually between 2012 and 2017, U.S. stores allocate only roughly 2 percent of their tech budgets on security, with the bulk going to improving their e-commerce technology according to advisory firm IDC Retail Insights.
Compared to other industries, retailers spends less on security at 4 percent of their technology budgets on security, compared 5.5 percent for banks and 5.6 percent for healthcare companies, according to technology research firm Gartner.
Although everyone has until 2015 to upgrade, quite a few financial institutions are already rolling out EMV cards. Given the prevalence of EMV throughout the world, banks have realized that smart cards are a travel benefit that can be touted, just like travel insurance and no foreign transaction fees. Many of the major issuers have them, as well as some credit unions (including Pentagon Federal, State Department Federal and Andrews Federal).
All merchants who accept credit/debit cards will be required to the process with the EMV terminals by Oct. 15, 2015 or be responsible for fraudulent transactions if they have not installed contact chip terminals. Liability will shift from the card issuer to the acquirer and the merchant.
To find out more about the chip enabled credit cards and cyber security view the list of articles in Author’s suggestions and the video atop this article on how an embedded chip and terminal work to thwart hackers and theft.