About a decade ago, the retail chain Target experienced one of the worst data breaches in history, an incident so large that tens of millions of people had their data stolen. That highlighted the ways the company had failed to take security seriously.
That clearly was not working, so Target decided to reset its approach to tech. Based on a recent announcement, its changes are working.
In recent years, Target has upped its game, with a corporate blog dedicated to the company’s technology efforts. (The site, at the domain tech.target.com, must make the team at the IT site TechTarget nervous.)
Recently, they announced something that I would love to see more companies do: They invented something, patented it, then decided to give it away.
Companies that patent new ideas generally hoard them for value, even when they can potentially improve the lives of millions of people. That’s why Novo Nordisk will be making bank from Wegovy and Ozempic for years to come. It is much rarer for a company to develop something, then decide to share it for the good of the industry.
This is what Target did, as it attempted to respond proactively to a sharp rise in credit card skimmers at retail outlets. Terry Woodman, a cybersecurity analyst for Target and one of the developers of the new patent, used a 3D printer to develop a standardized approach to detecting skimmers on credit card readers. As he put it:
I decided to 3D-print a clone of a skimmer just to be able to hold it in my hands and think about how to detect it. That’s when it hit me: we know how big skimmers are, so could we simply measure for them?
I set to work making a 3D design that could measure our payment terminals. My first attempts were made after measuring photos of payment terminals and skimmers. After several attempts and a visit to a local Target store to make final measurements, I had a draft design that worked well enough to bring forward to Target’s leadership as a potential solution. After a few tweaks to adapt the design from focusing on 3D printing to injection molding thanks to Target’s 3D Labs team, I had a design that was ready to mass produce and met all the project goals.
He built a device to the specific specifications of Target’s payment terminal and made it so that the device could not fully insert unless the terminal matched the exact specifications of the device, making it possible to quickly detect if something was up.
Same ol’ compliance. Just 80% faster. 3,000+ companies use Drata to automate compliance and evidence collection for 16+ frameworks, including SOC 2, ISO 27001, and GDPR. And now, Tedium readers get 10% off and waived implementation fees.
Skimmers are highly innovative tools of criminal mischief, hard to detect by sight alone, and can take time to weed out the traditional way. While Woodman used a 3D printer to develop the device, called EasySweep, the approach he took was decidedly low-tech. Basically, he built a piece of plastic that met an exacting specification.
You can see the patent filing here. For a piece of plastic, EasySweep is pretty neat. But what makes it truly valuable is its connection to an organization that takes cybersecurity seriously. Target can build internal systems where employees can test payment terminals with these tools at the end of the night. If there are any problems, they can report them to a cybersecurity apparatus, which can respond accordingly. It’s a safety measure.
But the thing is, safety measures are not the kinds of things you want to build a competitive advantage on. That’s why it’s not surprising to learn that the company will give the design to other retailers for free. While the company is not open-sourcing the design—potentially putting it in the hands of potential scammers—this move could minimize skimmers’ long-term effectiveness.
If I had to make a historic comparison to anything else, I would compare it to the work of Nils Bohlin, the Volvo employee who developed a three-point seat belt. Every major car manufacturer sells a car with this seat belt design, and has for more than 60 years. The reason for that is that the company decided that what it had built was too important to keep to itself, and that safety was not a competitive advantage.
Target, in its own way, has kept that spirit alive. Safety and security should not be locked up behind a patent.
Links That Don’t Stink
Panic’s Cabel Sasser offers an alternate take on Turn-On, the cancelled-while-airing show I talked about the other day. (↬ Waxy.org)
Our good pal Chris Dalla Riva is doing a survey about entertainment habits as he tries to uncover an interesting point about the world. Fill it out here.
In some horn-tooting news, I’m still contributing to NEWART, where I have a new series on digital photography running. Here’s the first part.
I won’t lie, I took the passing of Paul Reubens pretty hard. But I found some solace in this clip from a few years ago, where Reubens explains, in an extremely meandering way, how he got Tim Burton to direct Pee-Wee’s Big Adventure. We don’t realize how good we had it.
Find this one worthy of your time? Share it with a pal!
And thanks to Drata for sponsoring. Need some compliance help? Be sure to check out their 10% discount for Tedium readers.