Can Target Go From Data Security Chumps to Data Security Champs?
Target Goes ‘All-In’ on EMV User Adoption: New
Magstripe-less Chip Cards Require Both Chip AND PIN
Target, by all accounts, the corporate face of retail data breach, is driving full force to use its complete embrace of EMV to bolster it’s tarnished image and put it in the vanguard of card fraud protection and data security. And it is targeting one of the biggest sticking points to EMV: User Adoption.
User Adoption and Education
While it has long been recognized that true EMV compliance means chip and PIN, most US companies are struggling to get onboard with just the chip card piece, let alone a chip card that requires a PIN. Americans are fickle and slow to change. The success of true EMV migration depends upon our ability to change both the way we scan our card and the way we authenticate with a PIN instead of a signature.
Companies fight an uphill battle to get consumers to “dip the chip” instead of “swipe the stripe” when at the register. Most cards are still enabled with both options. Some businesses have POS hardware that will prompt a chip instead of a stripe if available, when paying at the register. Most of us, myself included, find themselves swiping the stripe mindlessly. We shop on autopilot.
Some businesses have their cashiers educate consumers. Still others have the chip reader installed but have not enabled it yet. It seems we are all holding our breath, waiting for the other shoe to drop. Once fully enabled, will this create bottlenecks and panic at the register? How long will it take for consumers to digest this new way of paying? And, how long until companies can introduce the PIN piece to EMV? They must get consumers to first Dip…and then remember their PIN. As more and more EMV enabled cards drip into my mailbox, I find that most businesses I frequent don’t have the readers enabled yet.
Target’s Efforts
Kudos to Target: In an effort to lift its much maligned image, the corporate office first fired their CEO; now Target has held up its EMV flag and is holding it high. A few days ago, I received my new EMV enabled Target REDCard (after getting an email warning me it was coming).
Looking at my new REDcard, I see Target has tackled three birds with one stone:
*First, the new REDcard has two little arrows next to the chip telling users how and where to insert it (I had to chuckle at that). Bird = Teach users how to insert chip card into reader
*Next, it has made our “should I swipe or dip?” decision for us by completely removing the magstripe. Bird 2 = Get users to dip their card, not swipe it
*Finally, it has included the PIN piece and all card use requires inputting your PIN, which you set up. Bird 3 = Get users to remember and input PIN on each purchase
So Target is way ahead of the curve here. They have completely leapfrogged over the rest by going straight to Chip AND PIN: Complete compliance. They also included an insert (pictured left) to further educate REDcard holders on how to use their new card and to absolutely memorize their PIN.
They have followed up this effort with a nice section on their website covering all the changes. “Chip Cards at Target: 5 Things to Know Before you Check Out” – https://corporate.target.com/article/2015/08/emv-migration
So what’s in it for Target? Is there anything but a headache at the end of this EMV rainbow for merchants and businesses? If this cloud has a silver lining, it may be that once we get card users entering their PINs, there will be less fraud and less liability to the merchant if trouble does arise.
And as a consumer, who doesn’t like to receive both a new card and new technology in a single package?
Author: Julie Lambert – Admin & Social Media Marketing Manager for MoneyTech Search Group®. julie@moneytechsearch.com