Target announced earlier this year that its sales system had been breached, putting millions of customers’ information at risk. It came just months after a similar attack at Neiman Marcus, and has recently been mirrored in a similar incident at Home Depot.
“The reported attacks on Target and Neiman Marcus underline the need to do more,” wrote John Mulligan, the company’s chief financial officer, in a February statement.
“We will learn from this incident,” Mulligan wrote, outlining the ways Target planned to make their system more secure.
Since then, the company has pushed for various measures such as “smart” cards, which use microchips to encrypt transaction data to make it useless even if hackers could break in. This “Chip and PIN” system, though popular in other markets in Europe and Canada, is only just catching on in the United States.
On the retail side, experts say the companies who learned the hard way are the ones leading the movement.
“It does tend to be the retailers that have received the most recent breaches,” said Doug Johnson, senior vice president of risk management policy at the American Bankers Association. “We’ve seen somewhat of an escalation in individual company timetables as a result.”
As the investigation continued, Target writes, it has “taken significant actions to further strengthen security across the network.” These include the installation of new point-of-sale (POS) systems at cash registers, and changing more than 400,000 computer passwords.
Last year, hackers gained access to credit and debit records at Neiman Marcus by installing malware on its sales system. Their investigation showed that approximately 350,000 payment cards were affected, less than the 1.1 million previously estimated, according to a letter from the CEO posted on the company website in June.
A company representative said they had made changes, but wouldn’t reveal the details.
“One of the things we learned during the breach was not to talk publicly about improvements we have made to security,” Ginger Reeder, a Neiman Marcus spokesperson, told International Business Times in an email.
Beyond chip cards, there are a handful of methods retailers tend to use to boost their security with methods like encryption, which makes the data unreadable for hackers, or tokenization, which uses a kind of one-time code that hides information. Many also hire their own teams of hackers to continually check for weaknesses in their systems.