Target Corp. (TGT) took two big steps to put the holiday data-breach nightmare behind it today.
The second-largest U.S. retailer said in a statement that Bob DeRodes, who has advised the U.S. Department of Homeland Security, the Department of Justice and the Secretary of Defense, will become chief information officer on May 5. The company also named MasterCard Inc. (MA) as the processor for the more secure house-brand credit and debit cards it plans to introduce early next year.
Chief Executive Officer Gregg Steinhafel has been working to regain customers’ loyalty after hackers stole card data and personal information from tens of millions of shoppers during the holiday season. The Minneapolis-based retailer said earlier this year that it would spend $100 million to accelerate the rollout of cards with better security technology. Beth Jacob, who had served as Target’s top technology officer during the breach, stepped down last month.
“Establishing a clear path forward for Target following the data breach has been my top priority,” Steinhafel said in the statement. “Target has a tremendous opportunity to take the lessons learned from this incident and enhance our overall approach to data security and information technology.”
As part of its plan to convert to cards that store information on embedded chips, rather than less-secure magnetic strips, Target will have its REDcards use MasterCard technology. The transactions will run on the the Purchase, New York-based company’s network instead of larger rival Visa Inc.’s. (V) The new cards also will require customers to enter a personal identification number, or PIN.
“MasterCard has been vocal and steadfast on the importance of moving to EMV,” Chris McWilton, the company’s president, said today in an e-mailed statement. “Our road map provides merchants and issuers with choices on how to implement EMV based on their individual needs. This effort -- as well as advances in our proprietary chip offerings -- is certainly being recognized by merchants such as Target.”
Paul Cohen, a spokesman for Foster City, California-based Visa, declined to comment.
The technology, which makes it more difficult for hackers to clone card data, has become a standard in Europe and much of the rest of the world. Starting October 2015, retailers and banks that don’t use EMV -- named for its founders EuroPay International, MasterCard and Visa -- will be liable for counterfeit transactions.
Target said today that it will introduce new payment devices in all of its almost 1,800 U.S. stores by September, six months earlier than originally planned. It’s also limiting vendor access to its network to make it more secure.
DeRodes, the new technology chief, is on the board of NCR Corp. and has held technology positions at companies including Home Depot, Citigroup Inc. (C) and Delta Air Lines.
Target isn’t the only retailer to have had its systems attacked in the past year. Luxury department-store chain Neiman Marcus Group Ltd. said in January that about 1.1 million credit cards may have been compromised in a data breach. Days later, arts-and-crafts retailer Michaels Stores Inc. said some customer payment-card data may have been used fraudulently.