Losing the cat-and-mouse game with hackers, retailers are facing increased regulations and potentially significant costs in the name of protecting customers' personal data.
On Tuesday, in a hearing before the Senate Judiciary Committee, Target and Neiman Marcus executives said even their strongest measures were not enough to prevent the data breaches that took place during the holiday season. Target CFO Jon Mulligan told the committee that the breach at his company continued for three days after the retailer thought the malware had been handled, The Wall Street Journal reported.
It seems that this is a watershed moment for security in the retail industry. Four U.S. senators proposed new legislation last week that would require the Federal Trade Commission to develop new security standards for businesses, as well as requiring businesses to notify customers of a data breach as soon as possible, according to a Senate press release.
Companies, lawmakers, and consumer advocates have suggested that U.S. companies fast-track the introduction of "chip-and-PIN" payment cards, which require users to enter a PIN code when making purchases--similar to debit cards--in order to make breaches less common. These types of payment cards are already prevalent in Europe, reported Reuters.
This week, Target said that it had plans to introduce the "chip-and-PIN" technology by early 2015, at a cost of about $100 million. Companies have been slow to adopt the technology in the U.S. because the payment system is such an investment. So far, other companies' losses as a result of data breaches have been manageable--about 5 cents for every $100 spent with credit and debit cards, reported Reuters.