Nonetheless, Target will remain tightlipped about its investigation with a third-party forensics firm until the retailer is sure it has identified the issue. As for Krebs, he gave American Banker an interview Thursday and explained, “My best guess is [Target] got hit by hackers who got into their network, and were able to push malicious software out to the point of sale systems. We probably won’t know for certain for weeks or months.”
So now, card issuers will need to decide how they will respond in the short term. Because there is a strong likelihood that card fraud will take place with the stolen data, issuers are already considering canceling all of the affected cards, or even frequenting the underground forums to learn more about the theft. American Banker explains that the data breach could have far-reaching implications. With the compromised data, thieves can not only duplicate the cards, they can also used them at ATMs and POS terminals if the affected cards are debit cards. Even Target’s Red card can be used for debit or credit if customers tie their bank account information to the card, further complicating the problem.
Thus, it is clear that Target got more than it bargained for this holiday season, and its fellow retailers will need to take note of what has happened to their competitor and ensure they don’t suffer the same fate. It’ll be interesting to see how all parties respond, including Target, card issuers, and other retailers, but Krebs maintains, “A lot of issuers will take a wait-and-see approach. They’re probably getting inundated with calls from people who shop at Target who are freaking out about what to do. The last thing they want to do is cancel these people’s cards around Christmas. I’m positive Target would much rather have seen this come out on December 26.”