Looks like Target is getting a big lump of coal in its stocking this Christmas.
The big-box retailer disclosed yesterday that some 40 million credit and debit-card accounts had been compromised in a data breach that ran from November 27th until December 15th. Apart from jokes about “don’t be a Target” for cyber-crime and their having their logo—the big, red bull’s-eye—painted on their corporate backs, what can we learn from this?
First, technology is vulnerable to fraud and abuse—especially outdated technology. Charge-cards are the worst: a static, unchanging number that stays with the card and has no natural way to verify that the person making the charge is authorized to do so. Improved security methods have been around for a while: smart-cards with embedded chips that create unique transaction numbers; biometric identification that uses a fingerprint; and pass-phrase confirmation–combining something you have, something you are, and something you know to authorize a purchase.
But advanced technology is also running against the disturbing, surveillance culture that has grown out of our high-speed , always-on, everywhere online society. It creeps people out to think that their music downloads, restaurant purchases, and library borrowings can be accessed by the NSA, KGB, or Google. And Target’s data-breach just reinforces these two conflicting trends.
For now, Target’s new motto should be changed to “Expect more, pay less, and bring cash.”
Douglas R. Tengdin, CFA
Chief Investment Officer