Hugh Pickens DOT Com (2995471)
writes "Reuters reports that Chief Financial Officer John Mulligan told the Senate Judiciary Committee that Target is "deeply sorry" for a cyber breach over the holiday shopping period in which about 40 million credit and debit card records were stolen, along with 70 million other records with personal customer data. "This attack has only strengthened our resolve," said Mulligan. Senator Al Franken asked Mulligan about published reports that Target’s cyber security system was “astonishingly” weak. Mulligan disagreed, telling Franken that the company has spent “hundreds of millions of dollars” on a multi-layered consumer protection protocol. Target now plans to spend up to $100 million to implement chip-and-PIN technology in its own credit cards by early 2015, about six months earlier than its previous goal. The chip-and-PIN technology adds a smart microchip embedded in the credit card. Customers use a PIN number — rather than a signature — to complete the transaction. If card numbers are stolen, it's more difficult for thieves to create new cards because the chips are tough to copy. The chip-and-PIN system is widely used in Europe and Canada already but US retailers and credit-card issuers have been loath to spend the billions of dollars required to create an entirely new payment system in part because losses to fraud — 5 cents for every $100 spent via plastic — have been manageable for merchants and their banks. Mulligan also disclosed that the intruder stole a vendor’s credentials to access their system and place malware at point-of-sale registers. “The malware was designed to capture payment card data from the magnetic strip of credit and debit cards prior to encryption within our system.”"