Target looks to support Apple Pay once POS system upgrades complete
Target CEO Brian Cornell on Wednesday said his company wants to integrate Apple Pay across its retail chain, but must first install point-of-sale technology with chip and PIN or chip and signature technology to conform to the latest security standards.
Target POS terminal with contactless reader functionality.
Cornell revealed Target's plans during < a href="http://recode.net/2015/05/27/target-ceo-loves-apple-pay-but-wants-chip-and-pin-cards-first/">an interview at Re/code's Code Conference, saying the company's primary goal is to roll out secure POS terminals.
"I'd love to have Apple Pay today," he said, adding that Target will be "open-minded" about other payment platforms once the POS systems are operational. Cornell told attendees that he already informed Apple CEO Tim Cook of Target's intentions.
Target was hit with a massive security breach in December 2013 that saw the theft of credit card data belonging to tens of millions of customers. The new chip and PIN, or in some cases chip and signature, terminals are part of a broader initiative to clamp down on digital security. Cornell said changing over Target's existing POS system is a big undertaking, so he is keeping teams focused on the task at hand rather than attempt a simultaneous Apple Pay rollout.
"Our focus is on getting chip-and-PIN in place in time for the holidays," Cornell said. "Down the line we want to accept all the types of payments that our guests want."
Apple Pay first launched in October 2014 with an in-store payments function reliant on iPhone 6 near-field communications functionality. Unlike other mobile solutions, Apple's service features tokenized transactions in which credit card information is replaced by unique digital identifiers generated on a per-transaction basis.
Tokenized transactions are thought to be more secure than barcode readers and other traditional data transfer methods, but the system requires compatible POS machines to work. So far, Apple Pay has made slow but steady progress toward wide adoption, most recently gaining support from grocer Trader Joe's and clothing retailer Express.
Target POS terminal with contactless reader functionality.
Cornell revealed Target's plans during < a href="http://recode.net/2015/05/27/target-ceo-loves-apple-pay-but-wants-chip-and-pin-cards-first/">an interview at Re/code's Code Conference, saying the company's primary goal is to roll out secure POS terminals.
"I'd love to have Apple Pay today," he said, adding that Target will be "open-minded" about other payment platforms once the POS systems are operational. Cornell told attendees that he already informed Apple CEO Tim Cook of Target's intentions.
Target was hit with a massive security breach in December 2013 that saw the theft of credit card data belonging to tens of millions of customers. The new chip and PIN, or in some cases chip and signature, terminals are part of a broader initiative to clamp down on digital security. Cornell said changing over Target's existing POS system is a big undertaking, so he is keeping teams focused on the task at hand rather than attempt a simultaneous Apple Pay rollout.
"Our focus is on getting chip-and-PIN in place in time for the holidays," Cornell said. "Down the line we want to accept all the types of payments that our guests want."
Apple Pay first launched in October 2014 with an in-store payments function reliant on iPhone 6 near-field communications functionality. Unlike other mobile solutions, Apple's service features tokenized transactions in which credit card information is replaced by unique digital identifiers generated on a per-transaction basis.
Tokenized transactions are thought to be more secure than barcode readers and other traditional data transfer methods, but the system requires compatible POS machines to work. So far, Apple Pay has made slow but steady progress toward wide adoption, most recently gaining support from grocer Trader Joe's and clothing retailer Express.
Comments
Cornell revealed Target's plans during < a href="http://recode.net/2015/05/27/target-ceo-loves-apple-pay-but-wants-chip-and-pin-cards-first/">an interview at Re/code's Code Conference, saying the company's primary goal is to roll out secure POS terminals.
Whoa! Hold the phone, Joe!
Did Cornell just say that Target's current POS terminals are STILL NOT secure?
ARE YOU KIDDING ME?!!!
Depends, has Windows 2000 been hacked?
As if Cornell hadn't heard, if they support Apple Pay, the tokenization scheme used would guard their customer's payment data from abuse even IF it was leaked or stolen from the POS terminal.
You'd think supporting Apple Pay FIRST would improve their overall security, but nooooooo. Cornell is making up some straw man diversion. Pathetic.
The issue is their card terminals don't have NFC either.
Whoa! Hold the phone, Joe!
Did Cornell just say that Target's current POS terminals are STILL NOT secure?
ARE YOU KIDDING ME?!!!
See? They truly are POS terminals.
Whoa! Hold the phone, Joe!
Did Cornell just say that Target's current POS terminals are STILL NOT secure?
ARE YOU KIDDING ME?!!!
EMV (Chip and *) will NOT protect against Target or Home Depot-style breaches because it does nothing to secure the credit card number or expiration date. Those are accessible in the clear. What it does is force the stolen cards to be used online, rather than in stores. It's a fundamental weakness of the standard.
Apple Pay and AMEX's implementation of contactless will help by letting banks issue EMV-only credit card numbers.
In related news I noticed our local Home Depot started taking contact EMV. They broke Contactless/Apple Pay in the process.
Walmart was, and is, the instigator of this. I don't think they will give up that easily. Their goal was to cripple the credit card companies. In fact, the previous Walmart CEO stated that he didn't care if Current C succeeded or failed, as long as it seriously damaged Visa.
Walmart makes just a 3.3% net margin. That's in line with other grocery store chains and other low pricing chains in other areas. If they could eliminate all credit card transactions, that net could rise to 5%, possibly more. We're talking about an increase in profit for them of up to $10 billion a year.
That's why they won't give up so easily. It's also the hook they used with other big retailers. But, Apple Pay and Google Wallet will prove to be a big draw going forward. Current C offers the public little to be overjoyed about.
I made my first purchase last week using Apple Pay, at Walgreens, the Pharmacy that accepts it. The person behind the counter was pretty enthusiastic about it herself. Real easy.
Did you read where they have to replace all of their terminals first? Then the software to use wireless payments needs to be installed and set up, then tested.
How do you expect them to use Apple Pay without that being done first?
They're pretty big. They have millions of customers.
What's really interesting, and pathetic, to use the word Newton used, is that the public just doesn't care. If Apple Pay wasn't really easy, and even, at first, fun, people wouldn't use it either. The security aspect isn't enough. How many people still use stupid passwords, despite being warned about that for twenty years now? Most of them, if the web site will allow it.
agreed. tokenized NFC is more secure than c-a-p.
further, i know far more people w/ an iPhone 6 or apple watch than i do people w/ c-a-p cards.
ya, which is why i use it at some of my routine merchants -- walgreens and jamba juice being my most common, tho I've even used it at indy art galleries who had a cheap NFC reader POS.
Now, exactly did you mean by 'POS terminals' there?
Whoa! Hold the phone, Joe!
Did Cornell just say that Target's current POS terminals are STILL NOT secure?
ARE YOU KIDDING ME?!!!
The reality is no retail establishment like Target and Home depot can be trusted at all to keep customer financial data secure. No matter how many times they thump their chests and claim that "security is important", they just do not have the technical capabilities to pull it off. Third-party providers aren't worth jack either.
ApplePay on the other hand, has the potential to really eliminate credit card fraud for good. Apple has the chops to handle the technical challenges. I trust them. I also trust that ApplePay will not reveal any of my data to the jackasses at Target for marketing. Any other company attempting it will fail.
GooglePay - formerly the failed "GoogleWallet" - is just lipstick on a pig.
The quote
"Our focus is on getting chip-and-PIN in place in time for the holidays," Cornell said. "Down the line we want to accept all the types of payments that our guests want."
Strongly seems to mean even after they install the new systems, Apple Pay/NFC will not be accepted for some period of time.
I just want to point out, the Verifone terminals which Target has had for almost a year now are the very same ones in use at Trader Joe's, supporting Apple Pay.
Target has had the EMV slot blocked with a plastic plug on theirs, awaiting a firmware update to turn on ApplePay and EMV.
Another key fact is that retailers NOT using EMV will, as of this fall, have to assume liability for fraudulent transactions (currently borne by the banks). This is a very strong motivator for retailers to implement EMV tout suite.
Finally, as konqerror notes above, EMV Chip * is NOT encryption, it's SIGNING. For "card present" transactions it means that the chip's private key is authenticated by the terminal (and vice-versa IIRC), which guarantees that the card presented is genuine.
Apple/AMEX single-use tokens are more secure but require huge investments from the banks and the payment processors.
EMV (Chip and *) will NOT protect against Target or Home Depot-style breaches because it does nothing to secure the credit card number or expiration date. Those are accessible in the clear. What it does is force the stolen cards to be used online, rather than in stores. It's a fundamental weakness of the standard.
Why not just amend the standards to require a PIN as opposed to a static CVV number for online transactions as well? That would render stolen cards useless even for online purchases.
Nothing will ever eliminate credit card fraud for good. Reduce? Yes. For the moment. It's a cat and mouse game. New technology arrives, people find a way to exploit it eventually. Also, saying that any other company will fail and Apple is the only company on earth ever to protect you data is extremely short minded.