NACS Lashes Out at Security Standards

Statement comes as Target exec apologizes before Senate committee

Published in CSP Daily News

NACS Lashes Out at Credit-Card Security Standards

WASHINGTON -- A senior official at Target Corp. told U.S. lawmakers on Tuesday the retailer was "deeply sorry" for the massive data breach it suffered over the holiday shopping period, and said it was determined to win back customers' trust, according to a Reuters report.

In prepared testimony for his appearance before a U.S. Senate Judiciary Committee hearing probing the data breaches, John Mulligan, Target chief financial officer and executive vice president, said the cyber-attack "has only strengthened our resolve.”

"We will learn from this incident and, as a result, we hope to make Target, and our industry, more secure for customers in the future," he said, according to the report.

The committee hearing is one of a series of congressional panels this week in response to the Target breach and other incidents.

Target, the No. 3 U.S. retailer, disclosed on Dec. 19 that it was a victim of one of the biggest credit-card-data breaches on record. Mulligan said it affected customers who shopped at the company's U.S. stores from November 27 through December 18.

Some 40 million credit and debit card records were stolen from the retailer, along with 70 million other records with customer information such as addresses and telephone numbers.

In an opinion piece on the Hill newspaper on Monday, Mulligan wrote that Target now hoped to implement its $100-million chip-enabled smart-card program by early 2015, more than six months ahead of its previous schedule.

The enhanced smart cards contain tiny microprocessor chips that encrypt personal data shared with sales terminals used by merchants. Stolen smart-card numbers would be useless without the chip.

The National Association of Convenience Stores (NACS), however, took the Senate Banking Subcommittee hearing on protecting consumers' data as an opportunity to lash out at the current card security systems that are available and the credit-card companies that embrace them.

“Credit card companies make the cards and set the security standards. Merchants spend roughly $6.5 billion each year to help prevent fraud and protect customers but can't make up for all the vulnerabilities that fraud-prone credit and debit cards have,” Lyle Beckwith, senior vice president of government relations for NACS, said in a statement. “To best protect consumers, real security standards need to be established that aren’t based on proprietary models only the credit-card companies oversee.”

Also scheduled to appear at the hearing on Tuesday is Neiman Marcus Group senior vice president Michael Kingston. The Dallas-based luxury retailer has disclosed a data breach that compromised data from about 1.1 million cards.