From an editorial published Thursday on Bloomberg View:
Three days of hearings on Capitol Hill about the jaw-dropping data breaches at Target and Neiman Marcus brought to light one new apology and at least two familiar lessons. The lessons are worth reiterating.
First, theres fresh evidence that retailers have a hard time admitting when theyve been hacked. Once they do, they find it hard to tell the whole story.
Target said nothing about the breach until an independent security researcher disclosed it on his blog. In its initial statement, the company said the attack involved 40 million card accounts. Three weeks later, Target revealed that other records affecting 70 million customers had also been stolen. Finally, after repeating how sorry we are that this happened, a Target executive divulged that the breach had lasted three days longer than initially admitted. Neiman Marcus has been similarly evasive.
This is the kind of slow-motion, piecemeal response that infuriates consumers. A uniform federal standard mandating how retailers report data breaches, which some in Congress are advocating, would be an improvement over the varying state-by-state disclosure laws now in effect. On this, most retailers and banks agree.
The second lesson is to speed adoption of smart-chip cards, which have encrypted chips embedded in them and often require a password to use. Consumers in about 80 countries now use the technology, which has been shown to significantly reduce fraud and identity theft, but it hasnt caught on in the United States, where most cards still use antiquated magnetic-stripe technology.
Switching to the new cards is a complicated process that requires cooperation between several parties card issuers, banks and merchants with conflicting priorities. Merchants dont want to shell out for new smart-chip terminals, for instance, unless theyre sure that issuers will pay up to produce the cards.
Yet its worth it: Although these cards wouldnt have prevented the data theft at Target, in which malware was installed in registers using a dimly understood process, they would have made using that data to create counterfeit credit cards much harder and thus substantially reduced the incentive to try. In Britain, where smart cards were introduced in 2004, losses from card counterfeiting had declined by 68 percent by 2012.
Merchants and issuers are expected to finally adopt the technology in the United States by October 2015. Target, commendably, now plans to accelerate its transition and have the gear in place by early next year. As other retailers watch Target contend with investigations, lawsuits, and the ire of consumers and investors alike, doing the same might start looking cheaper and cheaper.
The Charlotte Observer welcomes your comments on news of the day. The more voices engaged in conversation, the better for us all, but do keep it civil. Please refrain from profanity, obscenity, spam, name-calling or attacking others for their views.
Have a news tip? You can send it to a local news editor; email firstname.lastname@example.org to send us your tip - or - consider joining the Public Insight Network and become a source for The Charlotte Observer.Read moreRead less