At a recently held Senate Judiciary Committee hearing, a top executive of Target announced that the company would be accelerating its plans to adopt a technology that has been found to reduce potential for credit card fraud. The technology has been widely used in Europe for years but has been rarely used in the United States.
The Senate committee hearing was the first time that any of the executives from Target or Neiman Marcus had been subject to detailed public questioning about the recent data security breaches at their stores. The session focused on privacy in the digital age and questioned the detection and handling of the security breaches that exposed the data of millions of customers.
During the hearing, lawmakers from both parties called on other businesses to also adopt the credit card fraud technology for the safety of the consumers. Consumers have been calling for federal legislation to set database security standards and consumer notification requirements since the announcement of the breaches.
The committee chairman, Senator Patrick J. Leahy, Democrat of Vermont, said, “These stores are a major part of our economy.” He continued on to say that if consumers cannot trust businesses to keep their data secure, “our economic recovery is going to falter.”
An investigation found that the data thieves gained entry to the Target’s computer system by stealing the credentials of an outside vendor. John J. Mulligan, Target’s chief financial officer, disclosed during the hearing that the malware was found on 25 Target registers three days after the company thought it had successfully expunged it from its payment systems.
Neiman Marcus first learned of a possible breach of its payment system when MasterCard contacted the company on Dec. 17 to report that 122 MasterCard cards that had been used fraudulently had also been used at one Neiman Marcus store. A subsequent investigation led to the public disclosure of the breach at Neiman Marcus on Jan. 10.
Michael R. Kingston, chief information officer of the Neiman Marcus Group, said during his testimony that the malware that infiltrated the company’s payment system was “exceedingly sophisticated.” He also said that it had a “zero percent detection rate” by available antivirus software programs.
