Root Cause Analysis - Incident Investigation

Millions Impacted by Data Breach At Target

By Kim Smiley

Are you one of the millions of customers affected by the recent data breach at Target?  Because I am.  I for one am curious about how data for approximately 40 million credit and debit cards was compromised at one of the United States’ largest retailers.

The investigation is ongoing and many details about the data breach haven’t been released, but an initial Cause Map can be built to begin analyzing this incident.  The latest information released is that the Justice  Department is  performing an investigation into this incident.  An initial Cause Map can capture the information that is available now and can easily be expanded to include more detail in the future.  A box with a question mark can be used to indicate that more information is needed on the Cause Map. (Click on “Download PDF” to view an Outline and high level Cause Map.)

One of the causes that I think is worth discussing is that retailers in the United States are being specifically targeted for this type of attack in recent years.  The vast majority of credit and debit cards in use in the United States are magnetic strip cards, while Europe has been transitioning to newer credit card technology that uses chips.   Magnetic strip credit cards are a more desirable target for criminals because the technology to create fake magnetic strip cards is readily available.  The data on magnetic strip cards also stays the same while chips use unique codes for each transaction.  Cards with chips also require a pin when used, adding an additional layer of protection.

So why does the United States still use magnetic strip cards?  One of the main complicating factors is money.  Transitioning to cards that use chips requires a significant investment of money by both banks and retailers.  It is estimated that the cost to transition to the higher tech cards will be $8 billion so the money required is considerable. Both parties are nervous about being the first to commit to the process.

Rising credit card fraud rates in the United States have been increasing the pressure to move to newer credit card technology.  Credit card fraud rates in the U.S. have doubled in the 10 years since Europe began using chip cards.  As long as the United States remains the softest target, the rates are likely to increase.

On a positive note, the transition to the newer chip cards should be gaining traction in the next few years.  Credit card companies have typically footed the bill for credit card fraud, but many card companies have stated that merchants or banks that have not transitioned to chip cards will be held accountable for fraudulent purchases that the higher tech cards would have prevented by the end of 2015.

The frustrating thing is that there are limited ways individual consumers can protect themselves short of switching to cash.  You can be smart about where you swipe your cards, for example avoiding unmanned ATM kiosks, but a major retailer like Target didn’t seem suspicious.  As somebody who has had multiple instances of credit card fraud in the last few years, I look forward to a safer credit card in the future.