Target learned from its massive hack and will start issuing more advanced chip-and-PIN credit cards early next year.
The company announced it will swap out its current Target REDcards, which only work at the chain, to newer models that are enabled with computer chips and require customers to type in a PIN. It might sound annoying for consumers, but it's a major step forward to preventing the kind of mass credit card theft Target experienced in 2013.
Target (TGT) is also replacing payment terminals at all 1,797 U.S. stores by this September. It's part of a $100 million investment to better secure its stores.
"Target and MasterCard are taking an important step forward in providing consumers with a secure shopping experience," MasterCard (MA) executive Chris McWilton said in a statement.
Related story: Why retailers aren't protecting you from hackers
This makes Target the first big retailer to move into the more advanced credit card system, which is already used worldwide but not in the United States.
Most U.S. consumers are unaware of how unsafe and outdated their credit cards are right now. A card's magnetic stripe delivers all your data without hiding anything: your name, credit card provider, card number, expiration date and more. That worked in the 1960s, but it's dangerous at a time when hackers can collect that in bulk.
That's how hackers stole credit card information from 40 million Target shoppers. It's how the Neiman Marcus hack hit 1.1 million customers and the Michael's hack hit 3 million.
Chip-and-PIN credit cards are significantly more secure, because thieves can't easily replicate the card -- and even if they do, they still need to know the victim's secret, four-digit PIN code.
But don't expect Target's move to be a catalyst for other retailers to follow suit. Target is a special case, because it issues its own branded credit cards through TD Bank (TD), and the card doesn't work at any other retailer. That means this upgrade is like a domino that falls all by itself, explained Jason Oxman, CEO of the Electronic Transactions Association trade group. He compared it to how Starbucks (SBUX) introduced mobile payments. They work at Starbucks, but paying with your cell phone hasn't caught on elsewhere.
There are also several barriers delaying a full-blown migration to new credit card technology. Merchants don't want to slow down lines, and forcing customers to type in a PIN could add a few seconds to every order. That adds up and could cost big chains millions of dollars.
"At any quick-service restaurant, the last thing they want you to do is spend another five seconds using a PIN. They don't even require a signature anymore for anything under $25. They want you out of there as fast as possible," Oxman said.
Then there's the massive cost associated with updating payment systems. The National Retail Federation estimates that an upgrade to chip-and-PIN machines and cards will cost anywhere between $25 billion and $30 billion nationwide. Every card needs to be reissued, and 9 million retail terminals would have to be replaced at more than $2,000 each. Shop owners know they'll be better off, but it's not easy.
"It's a very expensive wall to scale," explained Mallory Duncan, the group's lobbyist.
Related story: Target hack is a wake-up call on privacy
The upgrade is bound to happen, though. Every U.S. merchant faces a game-changing deadline in October 2015, when liability for credit card fraud shifts to merchants if they haven't upgraded equipment or banks if they haven't issued new cards.
What might speed the process up is if retailers notice that Target customers who use chip-and-PIN say they feel more secure with that new technology, according to Jeremy Gumbley, chief technology officer of CreditCall, which helps merchants upgrade their credit card systems.
"We're living in a post-Target-hack world. Consumer confidence is dented," he said. "They'll ultimately vote for the technology they feel is safest."
