SIOUX CITY | A year ago last month, cyber criminals hacked Target's computer system, stealing information from every transaction at the retailer's 1,800 U.S. stores over a three-week period.
The headline-grabbing theft, which came at the peak of the holiday shopping season, was followed by large-scale breaches at several other major retailers, including Home Depot, Kmart, Neiman Marcus and Staples.
The infiltrations triggered a national debate over how to make debit and credit cards safer, accelerating plans by retailers, banks and other card issuers to invest in costly new technology to help foil future online attacks.
With another holiday buying frenzy in full swing, many consumers remain wary of using plastic for purchases.
According to a recent survey by Creditcard.com, an online consumer site, 48 percent of respondents said they planned to buy gifts with cash more frequently this season due to security breaches. Sixteen percent said they "definitely would not return to a store where data had been stolen, and another 29 percent "probably" would not shop there again.
Mary Ann Rush, of Sergeant Bluff, was one of the more than 70 million Target customers whose debit or credit cards were compromised in last year's cyber attack. Rush said her local bank caught the problem right away, and quickly issued her a new debit card as a precaution.
While she still shops at the Sioux City Target, Rush said she paid cash for purchases for some time afterwards.
"It took a while for them to gain my trust back," Rush said as she browsed in the store's electronics department on Black Friday last week.
1960S TECHNOLOGY USED
In response to the breach, Twin Cities-based Target Corp. offered affected customers free credit monitoring and ID theft insurance, and implemented a flurry of enhanced security measures.
The high-profile case called attention to a growing problem with cyber crime. So far this year, there have been 700 data breaches reported, up about 25 percent over the same time in 2013, according to information compiled by the nonprofit consumer advocacy Identity Theft Resource Center.
The largest theft involved Home Depot, which recently announced that 56 million cards were compromised in a breach that lasted from April to September.
In multiple cases, cyber criminals have gained access to the point in a retailer's system where customers make purchases. The thieves install malicious software to collect and retrieve data from the magnetic stripes on the backs of debit and credit cards.
The breaches have pushed retailers, financial institutions and card companies to speed up a previously scheduled plan to replace the 1960s-era cards with so-called "PIN and chip" cards. A computer chip is implanted into the latter, which is equipped with EMV technology, which stands for Europay, MasterCard and Visa.
Unlike traditional cards, EMV cards randomly scramble and verify data at a retailer's point of sale or ATM. The information transferred is virtually useless to anyone except the parties involved.
For added protection, card issuers can add a PIN number to an EMV card, a common practice in Europe and Asia, where the cards are widely used.
"We issue the most cards, but we have the most antiquated technology," said Eva Velasquez, CEO of the San Diego-based Identity Theft Resource Center. "It's probably time for us to make a shift and upgrade that technology."
Like other financial institutions, Security National Bank in Sioux City is preparing to someday transition to debit cards with the computer chips, said Dave Holub, a spokesman for the Sioux City-based bank.
Security National has a base of more than 10,000 debit cards, he said. After the Target breach last year, the bank reissued cards to several hundred customers whose data was compromised, he said.
RETAILERS TOLD TO MAKE A CHANGE
Switching to PIN and chip technology won't be a cheap undertaking, however. Retailers from big box stores to mom-and-pop shops will need to buy new card readers, which start at about $500 apiece.
In 2015, Bomgaars is scheduled to upgrade all the card readers at its 69 farm and ranch stores in six states, said Torrey Wingert, vice president and chief financial officer for the Sioux City-based chain.
That's in addition to the thousands of dollars the family-owned business spends each year with third-party vendors to upgrade and enhance computer software and hardware to protect the stores and customers from cyber attacks, Wingert said.
Even before the most recent data breach, the U.S. payment network industry, which includes the major credit card companies, had been encouraging retailers and banks to switch to EMV technology by October 2015. The card companies plan to enact new policies that would switch liability for fraud from themselves to the retailer or bank, depending on whose technology is the weakest.
Merchants that have not made the switch to EMV would run the risk of not being paid for merchandise on card transaction it processes.