Why Did Target Pass a PCI Inspection Just Before The Breach?


After the notorious data breach in December that compromised 40 million customers’ payment card numbers, Target has announced recently that just 3 months before this occurred; they passed its latest Payment Card Industry (PCI) inspection with flying colors. Clearly, this has come as a shock to many and has sparked many confused questions.

Target, which is based in Minneapolis, has joined the long and ever-growing list of retailers and payment processors that have passed their latest annual PCI inspection, only to report terrible breaches under a year later. The news of their passing of the PCI inspection came on the day when the Senate Judiciary Committee held the second of four Congressional hearings on cyber security and data breaches. John Mulligan, Target’s executive vice president and chief financial officer, said, “As recently as September 2013, our systems were certified as compliant with the Payment Card Industry data-security standards. Although it is often said that PCI inspections are simply snapshots that do not define if a merchant or processor is totally secure, Mulligan added that Target had a sophisticated anti-fraud system. Despite this, hackers still managed to penetrate this system with hard-to-detect malware.

Aside from discussion of the PCI inspection prior to the breach, numerous questions are now being asked about introducing chip cards to replace the vulnerable magnetic-stripe cards that have gone out of date almost everywhere except the US. It is clear that the serious data breaches have sparked a lot more motivation in terms of finally bringing in chip cards to the United States. Mulligan recently spoke to The Hill, a Washington publication that tracks Congress, and said, “Since the breach, we are accelerating our own $100 million investment to put chip-enabled technology in place. Our goal is to implement this technology in our stores and on our proprietary REDcards by early 2015, more than six months ahead of our previous plan.”

It is clear that the controversial data breach in Target’s stores affecting millions of its customers has really kicked everyone in to gear, especially where the situation with chip cards is concerned. Although it seems highly odd that the Minneapolis based company passed a PCI inspection shortly before the breach, at least everything is now being done to ensure as much safety as possible for its customers in the future.