Target has announced that 40 million credit cards have been breached this holiday season. For Target, it couldn’t have happened at a worse time and will have far reaching consequences of heavy penalties, a loss of consumer confidence and perhaps more importantly a loss of competitive advantage.
It will be next year until we hear the details and extent of the breach, and maybe longer to learn the real costs. However, this breach will rank up there with Sony’s PlayStation Network breach and TJ Maxx’s breach in 2006. Sony estimated the cost at $171 million. TJX Companies paid over $40 million to Visa as well as a $9 million consumer protection settlement in 41 states. We won’t know what it will cost Target for some time, but I’m glad I’m not sitting on their stock.
Of course, the direct costs never include the cost of lost consumer confidence and loss of competitive advantage. In Target’s case, they were heavily promoting their private label credit card (not a house account, an actual bankcard) to lure shoppers with promotional discounts for applying for their REDcard. It is reported that 20 percent of their customers carry this card. There will never be a measure of how many customers will cancel these cards and return to Wal-Mart.
If you have shopped at Target:
The Washington Post claims the affected transactions occurred between Nov. 27th and Dec. 15th for in-store purchases. Reports suggest that this affected in store purchases in nearly all stores but not on-line sales. If you used their private label REDcard, fraudulent transactions should be easy to identify and hopefully easier to resolve. Regardless, we would suggest monitoring your credit report and watch your statements carefully. You can get up to three free credit reports at www.annualcreditreport.com.
Rumors suggest that Debit Pins might also have been compromised. This is even more dangerous as there is no recourse if cash is withdrawn. It amazes me how many retailers (big box retailers as well as a few of our clients) are still using obsolete credit card machines that don’t protect debit transactions such as the Ingenico enTouch 1000.
Are you safe?
I’ll guarantee that Target already invests millions on security, and yet they still weren’t safe. To an extent I feel sorry for them considering how quickly the standards change and how painful it is to roll out new machines in all their stores. The costs are as ugly for independent stores, but their advantage is that changes can be quickly rolled out.
Security requires constant vigilance. Please let us know how we can help assure that you are protected from such a breach. The best thing you can do to protect your company is to take security seriously and implement the latest standards as soon as possible. Tokenization using Point to Point encryption is now available and provides significantly improved security.