It took only a month. Target (TGT) first divulged a breach involving 40 million credit and debit card accounts on Dec. 19. It later revealed that information on 70 million customers—including names, addresses, and phone numbers—had also been hacked.
Customers are fuming. State regulators are investigating. Congress is demanding an inquiry. Lawsuits are piling up. Gregg Steinhafel, Target’s chief executive officer, attempted to make amends in an open letter to customers. Target plans to form “a coalition to help educate the public on the dangers of consumer scams,” the letter says, and it hopes to “accelerate the conversation—among customers, retailers, the financial community, regulators, and others—on adopting newer, more secure technologies that protect consumers.”
Steinhafel is onto something important with his call for better technology. The most important step U.S. retailers can take in response to this breach (Neiman Marcus Group and several other merchants were also hacked at about the same time) would be to speed adoption of encrypted smart-chip credit cards, which are more secure than the antiquated magnetic-stripe cards most Americans use. The U.S. has been a laggard in adopting the technology, which can significantly reduce counterfeiting scams, the largest kind of credit card fraud. Card companies and retailers plan to reform fraud liability in ways that will encourage the smart-chip cards, but not until the end of 2015.
Retailers should encrypt the data that moves between their cash registers and financial institutions. They should make use of multilayered security procedures, which can help ensure employees don’t accidentally compromise company data. And they should share information about software vulnerabilities and supply-chain risks with their competitors. Companies can no longer afford to think of cybersecurity as an issue only for the guys in IT. Because if there’s one thing all retailers know, it’s that there will be a next time.