Data Security

Target's data breach may speed up the adoption of more secure credit card technology in this country. Chip-based "smart cards," already used in Europe, are difficult to counterfeit because the account information is encrypted and stored in an embedded microchip. Most point-of-sale transactions with these smart cards cannot be authorized without a PIN code. That's why it's called "PIN and chip" technology. Matthew Shay, president and CEO of the National Retail Federation, has sent a letter to congressional leaders calling on the banking industry to switch from the easy-to-hack magnetic strip to the more secure PIN and chip. 

Target CEO Gregg Steinhafel is calling on retailers and banks to adopt chip-based credit card technology to better protect shoppers. But the debate was different a decade ago, when the executive was on the other side of the issue as Target pulled the plug on a $40 million, three-year program that did just that. Chip-based credit cards, in which a smart chip in the card works with special readers installed at stores, are widely used in Europe and Canada, making it more difficult for thieves to profit from the sort of massive data breach that hit Target over the holidays. 

Target's data breach, which has left tens of millions of payment cards compromised, was carried out using off-the-shelf malware authored by a 17-year-old Russian, according to security firm IntelCrawler. Officials believe that the Target breach was just one of several attacks carried out over the holiday period. Neiman Marcus Group says that it has also been hacked, and a report authored by government agencies and security firm iSight Partners suggests that several other firms could have been hit.

The computer network at Neiman Marcus was penetrated by hackers as far back as July, and the breach wasn't fully contained until Sunday, according to people briefed on the investigation. The company disclosed the data theft late last week, saying it first learned in mid-December of suspicious activity that involved credit cards used at its stores. It issued another notice on Thursday, elaborating slightly. The latest notice said that "some of our customers’ payment cards were used fraudulently after making purchases at our stores. We've taken steps to notify those affected customers for whom we have contact information."

Target said Monday it will invest $5 million in a multiyear campaign to educate the public on the dangers of scams, after the company disclosed that up to 110 million people may have been affected by a data breach at the retailer's U.S. stores. The company, under pressure from various quarters including some state attorneys general, has also unveiled the details of a free credit monitoring and identity theft protection for one year for all Target customers who have shopped in its U.S. stores.

The massive security breach that hit Target over the holidays may be only the beginning for the retail industry. Attempts to hack into retailers’ computer networks and steal credit card data and other customer information are likely to surge this year, cyber security experts say in the wake of the attacks on Target and luxury department store chain Neiman Marcus. Target reported Friday that cyber thieves compromised the credit card data and personal information of as many as 110 million customers. That includes phone numbers, email and home addresses, credit and debit card numbers, PINs, expiration dates.

Target and Neiman Marcus are not the only U.S. retailers whose networks were breached over the holiday shopping season, according to sources familiar with attacks on other merchants that have yet to be publicly disclosed. There were smaller breaches on at least three other well-known U.S. retailers using similar techniques as the one on Target, according to the people familiar with the attacks. These breaches have yet to come to light. Also, similar breaches may have occurred earlier last year.

Target, the second-largest U.S. discount retailer, increased its estimate of people affected by the recent data security breach to as many as 110 million and said additional information was stolen. Names, home and email addresses for as many as 70 million people were taken, the Minneapolis-based company said in a statement. That information is in addition to the credit card and debit card data of 40 million accounts that Target previously said was taken. Target spokeswoman Molly Snyder said while it's likely the two groups of victims overlap, Target doesn't yet know the extent, and it's possible they are distinct.

Misconfigured mobile redirects can result in errors, irrelevant pages and now, as a result of Google's recent algorithm changes, search ranking downgrades. Many brands may find it difficult to correct mobile redirect issues, but identifying and fixing these issues is important to helping pages stay visible in mobile search results and removing critical obstacles blocking the path to more mobile commerce. The following is a list of suggested tips to help retailers correct faulty mobile redirects:

At least 2 million shoppers who used bank debit cards at Target stores during its recent data breach are facing lower limits on how much cash they can take out of teller machines and spend at stores. JPMorgan Chase said on Saturday it's notifying customers who used Chase brand debit cards at Target from Nov. 27 through Dec. 15 that they're now limited to $100 a day of cash withdrawals and $300 a day of purchases with their cards. The new limit affects roughly 2 million accounts, or 10 percent of Chase debit cards, according to a spokeswoman for Chase.