I feel the news media has unfairly reported the Target Store security breech that occurred during the Christmas holidays. Not with malicious intent; but due to conflicting press releases from Target Corp. and a general misunderstanding of credit/debit card networks, and the verbiage of our industry.
It appears Target Corp. was in complete compliance with all industry standards. Their processor is well known and respected in the industry. Target released a press report immediately after discovering the breech that occurred between November 27 and December 15, 2013. In their haste to do the right thing by warning cardholders affected by the breech, Target created a marketing nightmare during their busiest selling season. Most breeches take months before they are reported.
This security breech involved 40 million credit/debit card holders who used their cards in a Target store between November 27 and December 15, 2013. This detailed information released by Target early on allowed card users to know if they were compromised. It served as an early warning, for users to be on the lookout for unauthorized activity on their accounts. Headlines of papers and newscast stated the pin numbers of cardholders were taken. Most media failed to mention Target released a statement that said in part “some encrypted pins were stolen, but Target uses Triple DES masking protocol at the register. Data remains cloaked until they reach Target’s third party processor which holds the decryption key. Target says it does not have access to nor does it store the encryption key within their system.”
It may be months or years before the public knows who is to blame for this data breech. In the meantime, business establishments should make sure they are PCI Compliant and be recertified annually.