As Target tries to regain its footing after the massive security breach it suffered back in December, its chief information officer, Beth Jacob, announced today that she is resigning, effective immediately. Meanwhile, the gigantic retailer is speeding up its adoption of smart credit card technology.
The search to replace Jacob, who has held that position and vice president of Target Technology Services since 2008, will focus on external candidates and will utilize an outside search firm, CEO Gregg Steinhafel said in a statement.
The company reportedly has said Jacob initiated the resignation, but retail consultant Walter Loeb told the Associated Press that “she was the fall guy.” According to her bio on the Target site, Jacob holds a bachelor’s degree in retail merchandising and a masters in business administration. It doesn’t mention a computer science degree.
In addition to a new CIO, the company is also searching for a chief compliance officer and a chief information security officer. Responsibilities for security had previously been divided between various executives. Target will name an interim CIO until it selects a permanent replacement.
“Target has to take some public steps to say ‘we take this seriously,” Steven Kirn of the University of Florida’s Miller Retailing Center told Venturebeat. The company has to show that “this is a big deal and we are taking big steps,” he said.
Target has a big barn door to close. At the end of last year, the giant retailer acknowledged that confidential information in 40 million customer credit card accounts had been stolen, and later added that personal data in as many as 70 million other accounts may also have been breached. Target reported last week a 46 percent drop in profit for the fourth quarter year-over-year, in part because of a fall-off in sales after the data theft was announced.
In addition to the CIO’s departure and the company’s centralization of security authority, Target is moving on several fronts to get back on track.
The company’s U.S. stores had been using credit cards with a magnetic stripe, which are considered vulnerable technology. Last month, the company said it is putting on a fast track its $100 million adoption of more secure chip-based cards and terminals. In recent testimony before Congress, chief financial officer John Mulligan said that all of the company’s proprietary REDcards and store readers will use that technology by the first quarter of next year, six months faster than previously scheduled.
Smart cards, widely used outside the U.S., employ microprocessor chips to encrypt transaction data. Because of this, even a stolen card number will not permit a thief to easily counterfeit a chip card. Target said that losses in the U.K. from lost or stolen smart cards have dropped 67 percent since 2004, in large part because of chip card technology. In Canada, where even Target stores are using them, losses were reduced by an estimated 72 percent from 2008 to 2012.
Target also plans to require the use of a four-digit personal identification number (PIN) for added security. But Mulligan acknowledged in an op-ed on the retailer’s website that PINs may not be necessary. “To be frank,” he said, “there is no consensus across the business community on the use of PINs in conjunction with chip-enabled cards.”
If smart cards are so great, why is it taking massive data breaches to get U.S. retailers aboard? “A reason the United States has been slow to embrace change,” Mulligan wrote, “is that all players in the payments system – merchants, issuers, banks, and the networks — have not been able to find common ground on how to share the costs of implementation.”
He noted that Target had piloted an early version of smart cards a decade ago, but the cards were expensive, it would’ve had to replace all of its store readers, and the technology was Target-specific.
“The whole industry is now migrating to the chip-based card,” the Miller Center’s Kirn told us, a conversion that could take another three years to complete. He noted that his American Express card already uses a chip, as does his American Airlines AAdvantage card. As of last spring, Visa said it had issued more than 3.5 million chip cards to U.S. customers.
“The transition is happening,” Kirn said.