CLEVELAND, Feb. 6, 2014 /PRNewswire/ -- Earlier this week, the Senate Judiciary Committee held a hearing on retail security with Target's Chief Financial Officer John Mulligan, where he apologized for the massive data breach that occurred over the holiday shopping season.
Mulligan also offered up a "solution" to the problem saying, "We believe that chip-enabled technologies are critical to providing enhanced protection for consumers."
For many unfamiliar with the intricacies of information security, it sounds like EMV is the silver bullet we have been looking for. It's not.
SecureState, a management consulting firm specializing in information security, contends that EMV may have potentially prevented 40 million credit cards from being compromised, but the 70 million records would have still be leaked. The personally identifiable information (PII) of consumers would still be out there, because Payment Card Industry Data Security Standards (PCI-DSS) and EMV are only there to protect cardholder data and nothing else.
Many are calling for federal involvement, but SecureState CEO Ken Stasiak says that would only compound the problem.
"Take the Health Information Portability and Accountability Act enacted in 1996. Until 2010, no health provider was audited for their compliance to HIPAA," Stasiak said. "In fact, as of today most healthcare providers are self-certified as HIPAA compliant. So does a federal mandate help security in the private sector? The answer is no."
For more insight on the intricacies of PCI, EMV and the systemic problem that's really plaguing the retail industry read Stasiak's article: Setting the Record Straight about Chip & Pin Technology
SecureState provides premier management consulting information security services for companies internationally. The SecureState team is comprised of several specialties to solve complex business problems including: Advisory Services, Audit & Compliance, Profiling & Penetration, Privacy, Risk Management, and Incident Response.
SecureState Public Relations