As Target continues to deal with the consequences of its massive data breach last year, the company is accelerating plans to move to a full chip-and-pin system for its branded credit and debit cards, and also plans to have terminals capable of accepting chip-and-pin cards in all of its nearly 2,000 stores by September.
The Target data breach, which involved the compromise of information belonging to 110 million people, is considered one of the larger such incidents ever. Attackers initially compromised the company’s network through the use of credentials belonging to an HVAC vendor and then moved through Target’s systems and eventually got access to the massive cache of data. As part of the response to the breach, Target officials said earlier this year that they were planning to make some significant changes to the company’s security infrastructure and also planned to roll out the chip-and-pin initiative.
Those plans now are ahead of the initial schedule, officials said. The company estimates that all of its REDcard branded credit and debit cards will be converted to chip-and-pin by early 2015, and that there will be compatible terminals in all of its stores within the next five months.
“Target has long been an advocate for the widespread adoption of chip-and-PIN card technology,” said John Mulligan, executive vice president and chief financial officer at Target. “As we aggressively move forward to bring enhanced technology to Target, we believe it is critical that we provide our REDcard guests with the most secure payment product available. This new initiative satisfies that goal.”
Along with the card initiative, Target also has been implementing a number of changes and upgrades to the security of its network and point-of-sale systems. The retailer has deployed application whitelisting technology to all of its PoS systems, better segmented its network, expanded the use of two-factor authentication and restricted vendor access to its network by disabling some connection methods such as FTP and telnet.
Target also announced that it has hired a new CIO, Bob DeRodes, a veteran of companies such as NCR, First Data, CitiBank, USAA and Home Depot. DeRodes will be responsible for the company’s continued security changes and overall technology initiatives.
